Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Proxy server virus: (127.0.0.1 port 8118)
Message
<blockquote data-quote="thedarkhippy" data-source="post: 404138" data-attributes="member: 36149"><p>Hello</p><p></p><p>Basically my computer is infected with a proxy server virus (127.0.0.1 port 8118) and has been for a few months now. I have tried so many different things that I have lost tract of the methods that I have used. I have listed above some of the thigs that I have tried and failed. I am unable to connect to the internet so I can not run and add the files you require. I am really sorry about this but I have manged to run the Farbar recovery scan tool but it is an outdated version as I downloaded this last month as was going to ask for help then. I cannot get an up to date program as not internet. I am also unable to upload the results so I have copied and pasted then below. I hope this is ok. Please please help me I am completely lost and desperate. Thanking you in advance. Lisa </p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015 (<span style="color: red">ATTENTION: ====> FRST version is 57 days old and could be outdated</span>)</p><p></p><p>Ran by User (administrator) on USER-TOSH on 28-06-2015 23:01:38</p><p></p><p>Running from C:\Users\User\Desktop</p><p></p><p>Loaded Profiles: User (Available profiles: User)</p><p></p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p></p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p></p><p>Boot Mode: Normal</p><p></p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p></p><p>() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe</p><p></p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p></p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p></p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe</p><p></p><p>( ) C:\Windows\System32\dlbacoms.exe</p><p></p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe</p><p></p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe</p><p></p><p>(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe</p><p></p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe</p><p></p><p>(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe</p><p></p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p></p><p>(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe</p><p></p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe</p><p></p><p>(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe</p><p></p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe</p><p></p><p>(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe</p><p></p><p>(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe</p><p></p><p>() C:\Program Files (x86)\spotimote\spotimote.exe</p><p></p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>Failed to access process -> Spotify.exe</p><p></p><p>(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe</p><p></p><p>(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe</p><p></p><p>(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe</p><p></p><p>() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe</p><p></p><p>(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe</p><p></p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe</p><p></p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe</p><p></p><p>(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe</p><p></p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe</p><p></p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe</p><p></p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe</p><p></p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe</p><p></p><p>(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe</p><p></p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe</p><p></p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</p><p></p><p>(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe</p><p></p><p>(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe</p><p></p><p>(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe</p><p></p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p></p><p>HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)</p><p></p><p>HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)</p><p></p><p>HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)</p><p></p><p>HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)</p><p></p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)</p><p></p><p>Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]</p><p></p><p>HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)</p><p></p><p>HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [spotimote] => C:\Program Files (x86)\spotimote\spotimote.exe [2364840 2014-05-23] ()</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-29] (Spotify Ltd)</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-29] (Spotify Ltd)</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-09] (Google Inc.)</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\MountPoints2: {dde7cca0-7c72-11e2-910c-047d7b4a33ef} - F:\Startme.exe</p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\Control Panel\Desktop\\SCRNSAVE.EXE -></p><p></p><p>HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)</p><p></p><p>AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found</p><p></p><p>AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found</p><p></p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013-02-17]</p><p></p><p>ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)</p><p></p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013-02-17]</p><p></p><p>ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)</p><p></p><p>ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p></p><p>ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p></p><p>ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p></p><p>ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p></p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p></p><p>ProxyEnable: [S-1-5-21-2153010267-44935286-722844377-1000] => Internet Explorer proxy is enabled.</p><p></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19" target="_blank">http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19</a></p><p></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19" target="_blank">http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19</a></p><p></p><p>HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19" target="_blank">http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19</a></p><p></p><p>HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19" target="_blank">http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19</a></p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.co.uk/" target="_blank">http://google.co.uk/</a></p><p></p><p>SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =</p><p></p><p>SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = <a href="http://www.google.com/search" target="_blank">http://www.google.com/search</a></p><p></p><p>SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = <a href="https://mysearch.avg.com/search?cid={82D6FA40-0F1E-4B81-86A0-C3C1DA2A3420}&mid=95af1eaf2fdc48d1b0d40876b44fd7a6-26e80913c2737e07a653ddcb9f983deba96fae33&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-16" target="_blank">https://mysearch.avg.com/search?cid={82D6FA40-0F1E-4B81-86A0-C3C1DA2A3420}&mid=95af1eaf2fdc48d1b0d40876b44fd7a6-26e80913c2737e07a653ddcb9f983deba96fae33&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-16</a> 11:40:30&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}</p><p></p><p>SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p></p><p>SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {6E5D40DA-3836-9F50-88D8-772672F80DA1} URL =</p><p></p><p>SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = <a href="https://mysearch.avg.com/search?cid={82D6FA40-0F1E-4B81-86A0-C3C1DA2A3420}&mid=95af1eaf2fdc48d1b0d40876b44fd7a6-26e80913c2737e07a653ddcb9f983deba96fae33&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-16" target="_blank">https://mysearch.avg.com/search?cid={82D6FA40-0F1E-4B81-86A0-C3C1DA2A3420}&mid=95af1eaf2fdc48d1b0d40876b44fd7a6-26e80913c2737e07a653ddcb9f983deba96fae33&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-16</a> 11:40:30&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}</p><p></p><p>SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = <a href="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=20&locale=en_GB&gct=kwd&qsrc=2869" target="_blank">http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=20&locale=en_GB&gct=kwd&qsrc=2869</a></p><p></p><p>BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)</p><p></p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)</p><p></p><p>BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)</p><p></p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)</p><p></p><p>BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)</p><p></p><p>BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)</p><p></p><p>BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)</p><p></p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)</p><p></p><p>BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-04-16] (AVG)</p><p></p><p>BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)</p><p></p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)</p><p></p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File</p><p></p><p>Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)</p><p></p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)</p><p></p><p>Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)</p><p></p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)</p><p></p><p>Toolbar: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)</p><p></p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</p><p></p><p></p><p>FireFox:</p><p></p><p>========</p><p></p><p>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)</p><p></p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p></p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)</p><p></p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)</p><p></p><p>FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File</p><p></p><p>FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)</p><p></p><p>FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)</p><p></p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-10-08] (Oracle Corporation)</p><p></p><p>FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File</p><p></p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p></p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)</p><p></p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)</p><p></p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)</p><p></p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)</p><p></p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)</p><p></p><p>FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File</p><p></p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)</p><p></p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)</p><p></p><p>FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-11-06] ()</p><p></p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)</p><p></p><p>FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)</p><p></p><p>FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)</p><p></p><p>FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)</p><p></p><p>FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)</p><p></p><p>FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)</p><p></p><p>FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)</p><p></p><p>FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)</p><p></p><p>FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\54f69738d97a1bbc5dfe9f40e1e05da9 [2015-03-25]</p><p></p><p>FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn</p><p></p><p>FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-03-17]</p><p></p><p>FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5</p><p></p><p>FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-20]</p><p></p><p>FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF</p><p></p><p>FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-05-21]</p><p></p><p>FF HKLM-x32\...\Thunderbird\Extensions: [<a href="mailto:msktbird@mcafee.com">msktbird@mcafee.com</a>] - C:\Program Files\McAfee\MSK</p><p></p><p></p><p>Chrome:</p><p></p><p>=======</p><p></p><p>CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default</p><p></p><p>CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-30]</p><p></p><p>CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]</p><p></p><p>CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]</p><p></p><p>CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]</p><p></p><p>CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-03-17]</p><p></p><p>CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]</p><p></p><p>CHR Extension: (Facebook news) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2013-11-19]</p><p></p><p>CHR Extension: (Gmail Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-11-19]</p><p></p><p>CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-19]</p><p></p><p>CHR Extension: (Hola Better Internet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-21]</p><p></p><p>CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-10]</p><p></p><p>CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]</p><p></p><p>CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-22]</p><p></p><p>CHR Extension: (Norton Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-08-10]</p><p></p><p>CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]</p><p></p><p>CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-19]</p><p></p><p>CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - <a href="https://clients2.google.com/service/update2/crx" target="_blank">https://clients2.google.com/service/update2/crx</a></p><p></p><p>CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [Not Found]</p><p></p><p>CHR HKU\S-1-5-21-2153010267-44935286-722844377-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\User\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [Not Found]</p><p></p><p>CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - <a href="https://clients2.google.com/service/update2/crx" target="_blank">https://clients2.google.com/service/update2/crx</a></p><p></p><p>CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [Not Found]</p><p></p><p>CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]</p><p></p><p>CHR HKLM-x32\...\Chrome\Extension: [oihiaojfckjaconbjjpanjechlighodn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [Not Found]</p><p></p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)</p><p></p><p>R2 dlba_device; C:\Windows\system32\dlbacoms.exe [567280 2007-03-05] ( )</p><p></p><p>R2 dlba_device; C:\Windows\SysWOW64\dlbacoms.exe [538096 2007-03-05] ( )</p><p></p><p>S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-16] (WildTangent)</p><p></p><p>S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]</p><p></p><p>S2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-03-25] (AV Security Software) [File not signed] <==== ATTENTION</p><p></p><p>R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)</p><p></p><p>S2 PrivoxyService; C:\Program Files (x86)\AFC Secure Net\privoxy.exe [371200 2015-03-25] (The Privoxy team - <a href="http://www.privoxy.org" target="_blank">www.privoxy.org</a>) [File not signed] <==== ATTENTION</p><p></p><p>R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)</p><p></p><p>S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)</p><p></p><p>R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)</p><p></p><p>S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)</p><p></p><p>S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)</p><p></p><p>R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-04-16] (AVG Secure Search)</p><p></p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p></p><p>R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-16] ()</p><p></p><p>R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)</p><p></p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)</p><p></p><p>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)</p><p></p><p>S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)</p><p></p><p>S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)</p><p></p><p>R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-07] (Symantec Corporation)</p><p></p><p>R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150313.001\IDSvia64.sys [669400 2015-03-03] (Symantec Corporation)</p><p></p><p>S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-13] (Malwarebytes Corporation)</p><p></p><p>S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150315.022\ENG64.SYS [129752 2015-03-15] (Symantec Corporation)</p><p></p><p>S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150315.022\EX64.SYS [2137304 2015-03-15] (Symantec Corporation)</p><p></p><p>S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)</p><p></p><p>R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)</p><p></p><p>R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)</p><p></p><p>R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)</p><p></p><p>R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-20] (Symantec Corporation)</p><p></p><p>S1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)</p><p></p><p>S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)</p><p></p><p>S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)</p><p></p><p>R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)</p><p></p><p>S3 cpuz134; \??\C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]</p><p></p><p>S3 L1C; system32\DRIVERS\L1C62x64.sys [X]</p><p></p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p></p><p>2015-06-28 21:52 - 2015-06-28 23:12 - 00029252 _____ () C:\Users\User\Desktop\FRST.txt</p><p></p><p>2015-06-27 22:41 - 2015-06-28 22:41 - 00003266 _____ () C:\Windows\System32\Tasks\AFC Secure Net Service</p><p></p><p>2015-06-24 10:06 - 2015-06-25 10:06 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0</p><p></p><p>2015-06-22 10:42 - 2015-06-22 20:06 - 00000000 ___RD () C:\Users\TEMP.User-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p></p><p>2015-06-22 10:42 - 2015-06-22 20:06 - 00000000 ___RD () C:\Users\TEMP.User-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p></p><p>2015-06-22 10:42 - 2015-06-22 10:43 - 00000000 ____D () C:\Users\TEMP.User-TOSH</p><p></p><p>2015-06-22 10:42 - 2015-04-18 11:07 - 00000000 ____D () C:\Users\TEMP.User-TOSH\AppData\Roaming\TuneUp Software</p><p></p><p>2015-06-22 10:42 - 2015-03-23 02:51 - 00000000 ____D () C:\Users\TEMP.User-TOSH\AppData\Roaming\Macromedia</p><p></p><p>2015-06-22 10:42 - 2013-03-17 14:23 - 00000000 ____D () C:\Users\TEMP.User-TOSH\AppData\Local\Microsoft Help</p><p></p><p>2015-06-21 19:47 - 2015-06-22 18:20 - 00000000 ___SD () C:\ComboFix</p><p></p><p>2015-06-21 19:33 - 2015-06-21 19:33 - 00083298 _____ () C:\ComboFix.txt</p><p></p><p>2015-06-21 18:59 - 2015-06-21 18:59 - 00000000 ____D () C:\Users\User\AppData\Local\CrashRpt</p><p></p><p>2015-06-21 18:53 - 2015-06-21 18:53 - 00000000 ____D () C:\Users\User\Documents\ProcAlyzer Dumps</p><p></p><p>2015-06-21 18:50 - 2015-06-22 18:20 - 00000000 ____D () C:\Windows\erdnt</p><p></p><p>2015-06-21 18:48 - 2015-06-21 18:48 - 00004367 _____ () C:\Users\User\Desktop\JRT.txt</p><p></p><p>2015-06-21 18:30 - 2015-06-21 18:30 - 00000000 ____D () C:\RegBackup</p><p></p><p>2015-06-21 18:22 - 2015-06-21 18:48 - 00000000 ____D () C:\Users\User\Documents\virsu scan reports</p><p></p><p>2015-06-17 18:49 - 2015-06-28 22:38 - 00000000 ____D () C:\Users\User\Documents\Food</p><p></p><p>2015-06-16 16:21 - 2015-06-24 00:58 - 00000000 ____D () C:\ProgramData\Avg_Update_0615tb</p><p></p><p>2015-06-15 08:30 - 2015-06-15 08:30 - 00000000 ____D () C:\Program Files\Common Files\AV</p><p></p><p>2015-06-09 19:09 - 2015-06-09 19:09 - 00013673 ____H () C:\Users\User\Desktop\~WRL1115.tmp</p><p></p><p>2015-06-09 16:34 - 2015-06-09 16:34 - 00325632 ____H () C:\Users\User\Desktop\~WRL3544.tmp</p><p></p><p>2015-06-06 17:40 - 2015-06-06 17:40 - 00000000 ____D () C:\Users\User\AppData\Local\Avg</p><p></p><p>2015-06-05 09:10 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll</p><p></p><p>2015-06-05 09:10 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll</p><p></p><p>2015-06-05 09:10 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll</p><p></p><p>2015-06-05 09:10 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll</p><p></p><p>2015-06-05 09:10 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p></p><p>2015-06-05 09:10 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll</p><p></p><p>2015-06-05 09:10 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p></p><p>2015-06-05 09:10 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll</p><p></p><p>2015-06-02 08:32 - 2015-06-02 08:32 - 00000000 ____D () C:\Users\User\AppData\Local\GWX</p><p></p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p></p><p>2015-06-28 23:12 - 2013-04-14 20:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p></p><p>2015-06-28 23:02 - 2015-05-03 17:53 - 00000000 ____D () C:\FRST</p><p></p><p>2015-06-28 22:46 - 2011-08-03 04:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p></p><p>2015-06-28 22:38 - 2013-02-17 10:17 - 01176618 _____ () C:\Windows\WindowsUpdate.log</p><p></p><p>2015-06-28 22:35 - 2013-02-24 13:49 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify</p><p></p><p>2015-06-28 22:31 - 2013-05-25 18:35 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA.job</p><p></p><p>2015-06-28 21:27 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p></p><p>2015-06-28 21:27 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p></p><p>2015-06-28 21:04 - 2013-02-24 13:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify</p><p></p><p>2015-06-28 21:02 - 2015-03-17 14:43 - 00000000 ____D () C:\ProgramData\MFAData</p><p></p><p>2015-06-28 20:59 - 2011-08-03 04:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p></p><p>2015-06-28 20:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p></p><p>2015-06-28 20:58 - 2009-07-14 05:51 - 00197413 _____ () C:\Windows\setupact.log</p><p></p><p>2015-06-25 09:11 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories</p><p></p><p>2015-06-24 00:58 - 2015-04-16 15:20 - 00000000 ____D () C:\Users\User\Desktop\security</p><p></p><p>2015-06-24 00:58 - 2015-04-16 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p></p><p>2015-06-24 00:58 - 2015-04-04 10:59 - 00000000 ___SD () C:\Windows\system32\GWX</p><p></p><p>2015-06-24 00:58 - 2015-03-25 14:27 - 00000000 ____D () C:\Program Files (x86)\AFC Secure Net</p><p></p><p>2015-06-24 00:58 - 2015-03-25 14:26 - 00000000 ____D () C:\Program Files (x86)\PrivateVPN</p><p></p><p>2015-06-24 00:58 - 2015-03-17 17:05 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp</p><p></p><p>2015-06-24 00:58 - 2015-03-17 14:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Check Point Software Technologies LTD</p><p></p><p>2015-06-24 00:58 - 2014-03-17 18:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking</p><p></p><p>2015-06-24 00:58 - 2014-03-17 18:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy</p><p></p><p>2015-06-24 00:58 - 2014-03-17 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2</p><p></p><p>2015-06-24 00:58 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2</p><p></p><p>2015-06-24 00:58 - 2013-02-17 10:34 - 00000000 ____D () C:\Windows\system32\nn-NO</p><p></p><p>2015-06-24 00:58 - 2013-02-17 10:34 - 00000000 ____D () C:\Program Files (x86)\Atheros</p><p></p><p>2015-06-24 00:58 - 2011-08-03 04:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p></p><p>2015-06-24 00:58 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD</p><p></p><p>2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR</p><p></p><p>2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF</p><p></p><p>2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions</p><p></p><p>2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared</p><p></p><p>2015-06-24 00:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration</p><p></p><p>2015-06-24 00:55 - 2015-03-17 17:07 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Web TuneUp</p><p></p><p>2015-06-24 00:55 - 2015-03-17 17:06 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp</p><p></p><p>2015-06-24 00:55 - 2015-03-17 17:06 - 00000000 ____D () C:\ProgramData\AVG Secure Search</p><p></p><p>2015-06-24 00:55 - 2015-03-17 14:48 - 00000000 ____D () C:\ProgramData\AVG2015</p><p></p><p>2015-06-24 00:55 - 2014-02-17 23:11 - 00000000 ____D () C:\Users\User\Documents\Add-in Express</p><p></p><p>2015-06-24 00:55 - 2013-02-22 10:08 - 00000000 ____D () C:\Users\User\AppData\Local\Google</p><p></p><p>2015-06-24 00:55 - 2011-08-03 04:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information</p><p></p><p>2015-06-24 00:54 - 2015-03-17 14:39 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD</p><p></p><p>2015-06-24 00:54 - 2013-03-15 14:02 - 00000000 __RHD () C:\MSOCache</p><p></p><p>2015-06-23 16:44 - 2014-12-07 09:32 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList</p><p></p><p>2015-06-23 16:44 - 2014-06-02 21:59 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList</p><p></p><p>2015-06-23 16:44 - 2014-06-02 21:59 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList</p><p></p><p>2015-06-22 11:16 - 2014-03-30 16:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\spotimote</p><p></p><p>2015-06-21 18:53 - 2015-05-20 23:34 - 00000000 ____D () C:\Users\TEMP</p><p></p><p>2015-06-20 23:00 - 2015-05-11 06:18 - 00000000 ____D () C:\Users\User\Documents\new project</p><p></p><p>2015-06-19 19:50 - 2013-06-26 09:32 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps</p><p></p><p>2015-06-10 12:29 - 2013-09-19 21:03 - 00000000 ____D () C:\Windows\system32\MRT</p><p></p><p>2015-06-10 11:28 - 2013-05-25 18:35 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core.job</p><p></p><p>2015-06-06 00:43 - 2014-12-11 00:23 - 00000000 ____D () C:\Windows\system32\appraiser</p><p></p><p>2015-06-06 00:43 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p></p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p></p><p>2015-03-28 18:52 - 2015-03-28 18:52 - 0009662 _____ () C:\Users\User\AppData\Roaming\em_64x64.ico</p><p></p><p>2013-02-17 12:27 - 2013-02-17 12:28 - 0000000 _____ () C:\Users\User\AppData\Local\{ADAB624D-CC58-45AA-913F-2E96B85B0844}</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p></p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p></p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p></p><p>C:\Windows\explorer.exe => File is digitally signed</p><p></p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p></p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p></p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p></p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p></p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p></p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p></p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p></p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p></p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p></p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p></p><p>LastRegBack: 2015-06-04 07:44</p><p></p><p></p><p>==================== End Of Log ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015</p><p></p><p>Ran by User at 2015-06-28 23:14:06</p><p></p><p>Running from C:\Users\User\Desktop</p><p></p><p>Boot Mode: Normal</p><p></p><p>==========================================================</p><p></p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p></p><p>Administrator (S-1-5-21-2153010267-44935286-722844377-500 - Administrator - Disabled)</p><p></p><p>Guest (S-1-5-21-2153010267-44935286-722844377-501 - Limited - Disabled)</p><p></p><p>User (S-1-5-21-2153010267-44935286-722844377-1000 - Administrator - Enabled) => C:\Users\User</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p></p><p>AV: Spybot - Search and Destroy (Enabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}</p><p></p><p>AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p></p><p>AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}</p><p></p><p>AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p></p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}</p><p></p><p>AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}</p><p></p><p>FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}</p><p></p><p>FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p></p><p></p><p>==================== Installed Programs ======================</p><p></p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p></p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)</p><p></p><p>Adobe Flash Player 11 ActiveX (HKLM-x32\...\{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}) (Version: 11.5.502.146 - Adobe Systems Incorporated)</p><p></p><p>Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)</p><p></p><p>Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)</p><p></p><p>ATI Catalyst Install Manager (HKLM\...\{6167672A-758D-9960-C32C-47A15E180A70}) (Version: 3.0.829.0 - ATI Technologies, Inc.)</p><p></p><p>AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)</p><p></p><p>AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden</p><p></p><p>AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden</p><p></p><p>AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)</p><p></p><p>BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.)</p><p></p><p>BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden</p><p></p><p>Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p></p><p>Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.09(T) - TOSHIBA CORPORATION)</p><p></p><p>Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)</p><p></p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p></p><p>Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version: - Dell, Inc.)</p><p></p><p>Dell System Detect (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)</p><p></p><p>Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)</p><p></p><p>FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p></p><p>Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)</p><p></p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)</p><p></p><p>Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)</p><p></p><p>Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)</p><p></p><p>Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden</p><p></p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p></p><p>Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden</p><p></p><p>GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)</p><p></p><p>High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden</p><p></p><p>Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p></p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p></p><p>Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)</p><p></p><p>Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)</p><p></p><p>Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)</p><p></p><p>Media Go Video Playback Engine 2.4.104.12040 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.104.12040 - Sony)</p><p></p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p></p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p></p><p>Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p></p><p>Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)</p><p></p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)</p><p></p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p></p><p>Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)</p><p></p><p>Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)</p><p></p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p></p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p></p><p>Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)</p><p></p><p>Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)</p><p></p><p>Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)</p><p></p><p>Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)</p><p></p><p>Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)</p><p></p><p>Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)</p><p></p><p>Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)</p><p></p><p>Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)</p><p></p><p>Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)</p><p></p><p>Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)</p><p></p><p>Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)</p><p></p><p>PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)</p><p></p><p>Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p></p><p>Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)</p><p></p><p>Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)</p><p></p><p>Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden</p><p></p><p>SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)</p><p></p><p>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)</p><p></p><p>Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)</p><p></p><p>Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)</p><p></p><p>Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)</p><p></p><p>Spotify (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)</p><p></p><p>spotimote (HKLM-x32\...\spotimote) (Version: - )</p><p></p><p>Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)</p><p></p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)</p><p></p><p>TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)</p><p></p><p>TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA ConfigFree (HKLM-x32\...\{28F05B12-E618-48A8-839A-0755FC8C9081}) (Version: 8.0.39 - TOSHIBA CORPORATION)</p><p></p><p>TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.23.64 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.01.00 - )</p><p></p><p>TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)</p><p></p><p>Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)</p><p></p><p>TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)</p><p></p><p>TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)</p><p></p><p>TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)</p><p></p><p>TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)</p><p></p><p>TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)</p><p></p><p>TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)</p><p></p><p>TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.01.00 - )</p><p></p><p>TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)</p><p></p><p>TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.25 - TOSHIBA Corporation)</p><p></p><p>TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)</p><p></p><p>Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden</p><p></p><p>Vampire Ventures (x32 Version: 3.0.2.51 - WildTangent) Hidden</p><p></p><p>VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden</p><p></p><p>Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)</p><p></p><p>Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)</p><p></p><p>Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p>WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)</p><p></p><p>WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)</p><p></p><p>WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden</p><p></p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)</p><p></p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p></p><p>Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p></p><p>Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p></p><p>Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p></p><p>ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden</p><p></p><p>ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)</p><p></p><p>ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden</p><p></p><p>ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)</p><p></p><p>ZoneAlarm Security Toolbar (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)</p><p></p><p>Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p></p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1132\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p></p><p>05-06-2015 13:05:00 Windows Update</p><p></p><p>06-06-2015 17:32:56 Checkpoint by HitmanPro</p><p></p><p>10-06-2015 12:09:57 Windows Update</p><p></p><p>20-06-2015 08:57:03 Restore Operation</p><p></p><p></p><p>==================== Hosts content: ==========================</p><p></p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p></p><p>2009-07-14 03:34 - 2015-06-23 17:02 - 00000798 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>Task: {008001D6-BCFE-49E6-94AF-6AD36A83A397} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)</p><p></p><p>Task: {0E73D895-5E75-49F4-8449-0B53E61BA4EE} - \EPUpdater No Task File <==== ATTENTION</p><p></p><p>Task: {116B0671-6510-4E05-AE45-98446AB1DB52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p></p><p>Task: {1187E7D8-23A4-4A11-8011-4A7A096019D3} - System32\Tasks\{533CB7F0-663B-4BCF-9E11-A97A7098D3CF} => pcalua.exe -a C:\Users\User\Downloads\20130509-004-i64.exe -d C:\Users\User\Downloads</p><p></p><p>Task: {23C23932-4AA9-40D6-91C6-894FBFE18432} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION</p><p></p><p>Task: {24993DAA-7AE9-427A-A5FC-403531DA553A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)</p><p></p><p>Task: {26BAF950-B212-44B3-8CAD-1C3657EFE19A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)</p><p></p><p>Task: {4255F3D8-FCF9-44FD-A0FD-91D066382719} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)</p><p></p><p>Task: {48BE70D6-DEEB-49E6-83D5-C772184B3DFA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)</p><p></p><p>Task: {4A4ACFFC-CD12-4369-B510-DB27CCACAB90} - System32\Tasks\{3F7D6D0B-DDCC-41AE-B1D2-EDC07EA3A6C5} => pcalua.exe -a E:\Setup.EXE -d E:\</p><p></p><p>Task: {4C2BFB5C-3DF5-4282-BB11-53743D62DBBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14] (Adobe Systems Incorporated)</p><p></p><p>Task: {4CD6058F-B430-41F0-9EDB-A5B0CD6B5F8B} - \BrowserDefendert No Task File <==== ATTENTION</p><p></p><p>Task: {4F7D7BDF-912F-4D8D-ACE1-60DC9ADF65B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc</p><p></p><p>Task: {511D9ECE-E382-44B7-8954-B543E20DBDE4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)</p><p></p><p>Task: {54B5463C-F013-49A7-8E8A-B205FAD4DD87} - System32\Tasks\AFC Secure Net Service => C:\Program Files (x86)\AFC Secure Net\amjob.exe [2015-03-25] (Jelbrus)</p><p></p><p>Task: {58E73E0A-4B17-476B-AD01-E8DD2F2BCE6E} - System32\Tasks\{003EE6F5-6B36-4FD0-8D1F-A14BA34E0F24} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=FileParade bundle uninstaller" "/linkurl=<a href="http://lp.sweetim.com/SweetPacksBundleUninstaller/" target="_blank">http://lp.sweetim.com/SweetPacksBundleUninstaller/</a>" "/searchProviderApp=FileParade" "/searchProvider=a different"</p><p></p><p>Task: {60E2AC3B-FC7D-4C7D-A3AB-C693298411AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks</p><p></p><p>Task: {629BE904-486D-4AC9-8C2A-62EF190E21AA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-04-21] (TOSHIBA CORPORATION)</p><p></p><p>Task: {8A9A0BC2-D490-44CA-ABCD-1DA11DFFE691} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)</p><p></p><p>Task: {A237441B-51C6-4527-B39D-0FD5971CC006} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)</p><p></p><p>Task: {AC42BE44-6FAF-4F0E-ADE0-F4CD6DFAAFAB} - \Giga Perfect Uninstaller No Task File <==== ATTENTION</p><p></p><p>Task: {B2887708-4FB2-4727-B69C-1119F6168A4A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)</p><p></p><p>Task: {BFE6829E-30A3-47A9-B7B2-2B3820568BBD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)</p><p></p><p>Task: {C5647737-1488-44A9-BCA4-E760273F4459} - \Browser Updater\Browser Updater No Task File <==== ATTENTION</p><p></p><p>Task: {C7CE7C6F-B9E3-46D1-A4A7-331249429EA6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)</p><p></p><p>Task: {CB6DD6E8-8FE2-46D8-9F63-A955F44F4C1D} - System32\Tasks\Malware Cleaner => C:\Users\User\AppData\Roaming\D90F.tmp.exe <==== ATTENTION</p><p></p><p>Task: {DB82B61D-D433-48A1-B892-2AD26B978BD2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)</p><p></p><p>Task: {E0868145-E36A-44C6-B6C2-C352ECA8E9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)</p><p></p><p>Task: {E16D4ED5-EF83-4734-8705-990713255BD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)</p><p></p><p>Task: {FA8E493D-DD7C-4145-B02C-2717F4133FBE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)</p><p></p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p></p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p></p><p>==================== Loaded Modules (whitelisted) ==============</p><p></p><p></p><p>2015-04-16 11:39 - 2015-04-16 11:38 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe</p><p></p><p>2014-07-07 18:06 - 2007-02-20 08:30 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbapp6c.dll</p><p></p><p>2013-06-03 19:17 - 2007-02-20 08:29 - 00106496 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlbaui6c.dll</p><p></p><p>2014-05-23 10:01 - 2014-05-23 10:01 - 02364840 _____ () C:\Program Files (x86)\spotimote\spotimote.exe</p><p></p><p>2013-02-21 23:14 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe</p><p></p><p>2014-03-17 18:42 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll</p><p></p><p>2013-02-21 23:14 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll</p><p></p><p>2013-02-21 23:14 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll</p><p></p><p>2011-07-07 15:54 - 2011-07-07 15:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll</p><p></p><p>2012-10-05 03:51 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll</p><p></p><p>2013-02-21 23:14 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll</p><p></p><p>2014-03-10 22:05 - 2014-03-10 22:05 - 00113064 _____ () C:\Program Files (x86)\spotimote\msgdll.dll</p><p></p><p>2013-09-26 16:47 - 2013-09-26 16:47 - 00610816 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll</p><p></p><p>2013-06-11 10:31 - 2013-06-11 10:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll</p><p></p><p>2012-04-04 15:33 - 2012-04-04 15:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll</p><p></p><p>2013-01-08 18:02 - 2013-01-08 18:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll</p><p></p><p>2012-07-26 12:51 - 2012-07-26 12:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll</p><p></p><p>2014-05-23 10:01 - 2014-05-23 10:01 - 01515432 _____ () C:\Program Files (x86)\spotimote\libspotify.dll</p><p></p><p>2014-05-23 10:01 - 2014-05-23 10:01 - 00261032 _____ () C:\Program Files (x86)\spotimote\CrashRpt1403.dll</p><p></p><p>2015-03-11 09:47 - 2015-05-29 07:24 - 41287224 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll</p><p></p><p>2015-04-16 11:39 - 2015-04-16 11:38 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll</p><p></p><p>2015-06-10 08:52 - 2015-06-05 19:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll</p><p></p><p>2015-06-10 08:52 - 2015-06-05 19:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll</p><p></p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"</p><p></p><p></p><p>==================== EXE Association (whitelisted) ===============</p><p></p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p></p><p>(If an entry is included in the fixlist, the associated entry will be removed from the registry.)</p><p></p><p></p><p>IE trusted site: HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\dell.com -> dell.com</p><p></p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>HKU\S-1-5-21-2153010267-44935286-722844377-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p></p><p>DNS Servers: 192.168.0.1</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup</p><p></p><p>MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk => C:\Windows\pss\Toshiba Places Icon Utility.lnk.CommonStartup</p><p></p><p>MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk => C:\Windows\pss\TRDCReminder.lnk.Startup</p><p></p><p>MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</p><p></p><p>MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"</p><p></p><p>MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe</p><p></p><p>MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW</p><p></p><p>MSCONFIG\startupreg: dlbamon.exe => "C:\Program Files (x86)\Dell AIO Printer A940\dlbamon.exe"</p><p></p><p>MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c</p><p></p><p>MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe</p><p></p><p>MSCONFIG\startupreg: Internet Helper Anti-phishing => "C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe"</p><p></p><p>MSCONFIG\startupreg: ITSecMng => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START</p><p></p><p>MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe</p><p></p><p>MSCONFIG\startupreg: NBAgent => "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart</p><p></p><p>MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"</p><p></p><p>MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t</p><p></p><p>MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe"</p><p></p><p>MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean</p><p></p><p>MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun</p><p></p><p>MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</p><p></p><p>MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"</p><p></p><p>MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p></p><p>MSCONFIG\startupreg: TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe</p><p></p><p>MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r</p><p></p><p>MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe</p><p></p><p>MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe</p><p></p><p>MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60</p><p></p><p>MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</p><p></p><p>MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe</p><p></p><p>MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe</p><p></p><p>MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE</p><p></p><p>MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe</p><p></p><p>MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"</p><p></p><p></p><p>==================== FirewallRules (whitelisted) ===============</p><p></p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p></p><p>FirewallRules: [{2AF5DC60-8C7D-40B9-98EB-90E395EA876F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe</p><p></p><p>FirewallRules: [{C46BDB51-F16A-474A-AF72-0CD8240D78F9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe</p><p></p><p>FirewallRules: [{311D6676-98FA-4518-AFE3-8196E28DD08F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p></p><p>FirewallRules: [{723F3A64-B9AB-4D16-BAC7-BCEF44C496DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe</p><p></p><p>FirewallRules: [{776A4E0E-7894-4336-BC2E-62786F80C9B9}] => (Allow) LPort=2869</p><p></p><p>FirewallRules: [{BEE83D48-CEA5-49AC-B299-66A98F11D757}] => (Allow) LPort=1900</p><p></p><p>FirewallRules: [{84106120-686A-4A3C-A173-D3CE891BACA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe</p><p></p><p>FirewallRules: [{4289A481-AA12-40C3-A907-3BFA8912529B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe</p><p></p><p>FirewallRules: [{7A19B326-3084-4678-90B6-79320E219B64}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE</p><p></p><p>FirewallRules: [{2552C470-C6D5-4903-A17B-76D3463857AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE</p><p></p><p>FirewallRules: [{A63238AA-14D6-4F4F-8737-15A93B207311}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe</p><p></p><p>FirewallRules: [{3CB841C8-CF79-4AD4-849A-1722186545C5}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe</p><p></p><p>FirewallRules: [{50B982E9-9977-474C-BB3F-A74EE123D2B3}] => (Allow) C:\Windows\System32\dlbacoms.exe</p><p></p><p>FirewallRules: [{43F7B80E-6C23-4DC0-B489-F3D9D4C039B5}] => (Allow) C:\Windows\System32\dlbacoms.exe</p><p></p><p>FirewallRules: [{39ABB1D4-3DEA-4DE3-9CC9-E83610145870}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe</p><p></p><p>FirewallRules: [{260B04A1-7209-4271-B685-705DCEF4063A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe</p><p></p><p>FirewallRules: [{026EFAFA-526A-4DA4-877D-A054770EE02A}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe</p><p></p><p>FirewallRules: [{E1A73B02-A88F-4CFD-8271-EC27739E5837}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe</p><p></p><p>FirewallRules: [{204CFF69-6AFA-4F1D-ACC4-081856D575CA}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe</p><p></p><p>FirewallRules: [{9BAE10E7-1B1F-410D-B956-C59F1D60A4A9}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe</p><p></p><p>FirewallRules: [{FD88E7EB-8BBC-4B0F-9525-4DF84CBF87E3}] => (Allow) C:\Users\User\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe</p><p></p><p>FirewallRules: [{ECF142E7-F268-4C7F-B78D-F29E5E10DB39}] => (Allow) C:\Users\User\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe</p><p></p><p>FirewallRules: [{DAC5F99F-FAC5-45C0-B486-A7CCAF274092}] => (Allow) C:\Users\User\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe</p><p></p><p>FirewallRules: [{AEF4B307-FD03-4446-99B2-FBB629915194}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe</p><p></p><p>FirewallRules: [{93933057-BC3E-4725-A29D-8DC46B9EB0F7}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe</p><p></p><p>FirewallRules: [TCP Query User{1BD86667-5BEC-45A9-9880-A5F6D7BF4CC6}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe</p><p></p><p>FirewallRules: [UDP Query User{ACC92334-90A2-4353-9D73-346D1BFDC65B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe</p><p></p><p>FirewallRules: [{572F3D8B-C77A-4D62-AA4C-30BE742BEA4A}] => (Allow) C:\Program Files (x86)\HomeTab\ProtectedSearch.exe</p><p></p><p>FirewallRules: [{103EF298-45DC-48BA-9B90-9CB613DC24AF}] => (Allow) C:\Users\User\AppData\Local\iLivid\iLivid.exe</p><p></p><p>FirewallRules: [{EA2A57A7-C3CB-4E85-8B81-44A92BFD98BD}] => (Allow) C:\Users\User\AppData\Local\iLivid\iLivid.exe</p><p></p><p>FirewallRules: [{D0DE7B60-2FC2-4BC9-BFC0-34FE4A52E99B}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</p><p></p><p>FirewallRules: [TCP Query User{549A72DC-8083-44B8-9B58-DF0A4E128A0F}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe</p><p></p><p>FirewallRules: [UDP Query User{C3D239B5-7547-4470-B01E-A8E8D606E8ED}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe</p><p></p><p>FirewallRules: [{96355260-836E-430D-AD6D-BE0416D19F93}] => (Block) C:\program files (x86)\spotimote\spotimote.exe</p><p></p><p>FirewallRules: [{8851EAFF-54B4-4BD4-833E-6B68969E154C}] => (Block) C:\program files (x86)\spotimote\spotimote.exe</p><p></p><p>FirewallRules: [{0492A1EF-6E98-4962-849E-A481F0B50C9A}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe</p><p></p><p>FirewallRules: [{BF5D7DAA-22E9-4618-9148-0990000237C9}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe</p><p></p><p>FirewallRules: [{21BA8236-DB27-49CE-81DF-25627842772E}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe</p><p></p><p>FirewallRules: [{4447F1E4-F10D-46B5-936D-A9CEA5A8ED5F}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe</p><p></p><p>FirewallRules: [{D095033B-6291-425A-9648-6793384E2998}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe</p><p></p><p>FirewallRules: [{2BFFE3E2-567F-47E9-AAA8-0477CA6842A0}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe</p><p></p><p>FirewallRules: [{CF1AF076-4093-4679-BD5C-668E665B7DAF}] => (Allow) C:\Windows\System32\dlbacoms.exe</p><p></p><p>FirewallRules: [{13A59E94-237B-4221-8059-35578456CC76}] => (Allow) C:\Windows\System32\dlbacoms.exe</p><p></p><p>FirewallRules: [{86937A75-5216-4034-97B8-6BD9CFEAFA87}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe</p><p></p><p>FirewallRules: [{97054022-1D30-4E69-8100-3C99BC75D358}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe</p><p></p><p>FirewallRules: [{D7C71F0A-F0DD-4874-BB22-FA1B100494C5}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe</p><p></p><p>FirewallRules: [{E67DACAC-1545-46A2-ABFF-38264CA139CF}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe</p><p></p><p>FirewallRules: [{02D47C93-1A54-4D71-B717-3DF594A82556}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe</p><p></p><p>FirewallRules: [{FA472F96-AB45-42DB-A590-63C64FDDD023}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe</p><p></p><p>FirewallRules: [{751E9F65-E3C4-4FB3-866A-532C40E15C6C}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe</p><p></p><p>FirewallRules: [{EA32E477-B141-47F1-A3E4-645018484B87}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe</p><p></p><p>FirewallRules: [{684568FA-B1F8-4B70-AEB7-70F3ABF36360}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe</p><p></p><p>FirewallRules: [{81561D3A-3936-4FA3-AA0B-71AD52D292A2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe</p><p></p><p>FirewallRules: [{761B4684-F99C-4679-BC0F-F68C2D8E19A8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe</p><p></p><p>FirewallRules: [{A2590727-FE84-4922-ADF6-C3CEF9DCEFB2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe</p><p></p><p>FirewallRules: [{9A924A7E-A40E-4A90-993D-B62C6EAFE739}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe</p><p></p><p>FirewallRules: [{C65F5AFD-9CA7-4D68-835E-C540159563C5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe</p><p></p><p>FirewallRules: [{9EBDBBB0-7753-4525-83FF-B63CDFC1CDA6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe</p><p></p><p>FirewallRules: [{23939C0D-5E3B-49F4-B028-82C664819C22}] => (Allow) C:\Windows\SysWOW64\muzapp.exe</p><p></p><p>FirewallRules: [{6C463659-488B-41DA-BDCC-1942E3B57C54}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe</p><p></p><p>FirewallRules: [{64233DF2-06DD-4188-9B1A-61F4D501A107}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe</p><p></p><p>FirewallRules: [{4AE76827-6993-4E63-BB19-687B2022D3B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe</p><p></p><p>FirewallRules: [{8BCDBE65-2015-459E-B7E5-CC6652B63997}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe</p><p></p><p>FirewallRules: [{A3C6EA68-A35C-4A87-9EBA-A6E10764094F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe</p><p></p><p>FirewallRules: [{493E4580-F71D-42A4-8E9E-7D8E442E0FB9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe</p><p></p><p>FirewallRules: [{7C5BC96A-6D02-43E1-BDE8-16133699ABE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon</p><p></p><p>StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service</p><p></p><p>StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater</p><p></p><p>StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service</p><p></p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>Name: Bluetooth RFBUS</p><p></p><p>Description: Bluetooth RFBUS</p><p></p><p>Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}</p><p></p><p>Manufacturer: TOSHIBA</p><p></p><p>Service: tosrfbd</p><p></p><p>Problem: : This device cannot start. (Code10)</p><p></p><p>Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.</p><p></p><p>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</p><p></p><p></p><p>Name: BHDrvx64</p><p></p><p>Description: BHDrvx64</p><p></p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p></p><p>Manufacturer:</p><p></p><p>Service: BHDrvx64</p><p></p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p></p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p></p><p>Devices stay in this state if they have been prepared for removal.</p><p></p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>Name: Norton Internet Security Settings Manager</p><p></p><p>Description: Norton Internet Security Settings Manager</p><p></p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p></p><p>Manufacturer:</p><p></p><p>Service: ccSet_NIS</p><p></p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p></p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p></p><p>Devices stay in this state if they have been prepared for removal.</p><p></p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>Name: Symantec Iron Driver</p><p></p><p>Description: Symantec Iron Driver</p><p></p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p></p><p>Manufacturer:</p><p></p><p>Service: SymIRON</p><p></p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p></p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p></p><p>Devices stay in this state if they have been prepared for removal.</p><p></p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>Name: Symantec Network Security WFP Driver</p><p></p><p>Description: Symantec Network Security WFP Driver</p><p></p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p></p><p>Manufacturer:</p><p></p><p>Service: SymNetS</p><p></p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p></p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p></p><p>Devices stay in this state if they have been prepared for removal.</p><p></p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>Name: Ethernet Controller</p><p></p><p>Description: Ethernet Controller</p><p></p><p>Class Guid:</p><p></p><p>Manufacturer:</p><p></p><p>Service:</p><p></p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p></p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p></p><p>Application errors:</p><p></p><p>==================</p><p></p><p>Error: (06/28/2015 10:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p></p><p>Description: The program FRST64.exe version 2.5.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p></p><p>Process ID: 16a8</p><p></p><p></p><p>Start Time: 01d0b1e44c46178c</p><p></p><p></p><p>Termination Time: 16</p><p></p><p></p><p>Application Path: C:\Users\User\Desktop\FRST64.exe</p><p></p><p></p><p>Report Id: 06088a7f-1dde-11e5-88f1-a817b1405e22</p><p></p><p></p><p>Error: (06/28/2015 10:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p></p><p>Description: The program WINWORD.EXE version 14.0.7149.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p></p><p>Process ID: 938</p><p></p><p></p><p>Start Time: 01d0b1e845affbe0</p><p></p><p></p><p>Termination Time: 0</p><p></p><p></p><p>Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE</p><p></p><p></p><p>Report Id: 561a0767-1ddd-11e5-88f1-a817b1405e22</p><p></p><p></p><p>Error: (06/28/2015 08:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/28/2015 00:10:13 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/27/2015 10:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/26/2015 09:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/25/2015 07:21:33 PM) (Source: RasClient) (EventID: 20227) (User: )</p><p></p><p>Description: CoId={CE8A1633-EA5E-47CA-9F85-D0D9CCF05E9E}: The user User-TOSH\User dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.</p><p></p><p></p><p>Error: (06/25/2015 07:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/25/2015 09:09:10 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/24/2015 08:55:35 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p></p><p>System errors:</p><p></p><p>=============</p><p></p><p>Error: (06/28/2015 11:18:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 272 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:18:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 271 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 270 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:17:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 269 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:16:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 268 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:16:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 267 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:15:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 266 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:15:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 265 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:14:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 264 time(s).</p><p></p><p></p><p>Error: (06/28/2015 11:13:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p></p><p>Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 263 time(s).</p><p></p><p></p><p></p><p>Microsoft Office Sessions:</p><p></p><p>=========================</p><p></p><p>Error: (06/28/2015 10:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p></p><p>Description: FRST64.exe2.5.2015.016a801d0b1e44c46178c16C:\Users\User\Desktop\FRST64.exe06088a7f-1dde-11e5-88f1-a817b1405e22</p><p></p><p></p><p>Error: (06/28/2015 10:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p></p><p>Description: WINWORD.EXE14.0.7149.500093801d0b1e845affbe00C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE561a0767-1ddd-11e5-88f1-a817b1405e22</p><p></p><p></p><p>Error: (06/28/2015 08:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/28/2015 00:10:13 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/27/2015 10:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/26/2015 09:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/25/2015 07:21:33 PM) (Source: RasClient) (EventID: 20227) (User: )</p><p></p><p>Description: {CE8A1633-EA5E-47CA-9F85-D0D9CCF05E9E}User-TOSH\UserBroadband Connection651</p><p></p><p></p><p>Error: (06/25/2015 07:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/25/2015 09:09:10 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p>Error: (06/24/2015 08:55:35 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p></p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p></p><p></p><p>CodeIntegrity Errors:</p><p></p><p>===================================</p><p></p><p> Date: 2015-06-21 19:24:46.998</p><p></p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p> Date: 2015-06-21 19:24:46.826</p><p></p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p></p><p>Processor: AMD E-450 APU with Radeon(tm) HD Graphics</p><p></p><p>Percentage of memory in use: 33%</p><p></p><p>Total physical RAM: 5734.87 MB</p><p></p><p>Available physical RAM: 3841.65 MB</p><p></p><p>Total Pagefile: 11467.94 MB</p><p></p><p>Available Pagefile: 9521.77 MB</p><p></p><p>Total Virtual: 8192 MB</p><p></p><p>Available Virtual: 8191.82 MB</p><p></p><p></p><p>==================== Drives ================================</p><p></p><p></p><p>Drive c: (WINDOWS) (Fixed) (Total:297.85 GB) (Free:90.16 GB) NTFS</p><p></p><p>Drive d: (Data) (Fixed) (Total:297.93 GB) (Free:297.8 GB) NTFS</p><p></p><p>Drive e: (EDDIE_IZZARD_SEXIE) (CDROM) (Total:6.21 GB) (Free:0 GB) UDF</p><p></p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p></p><p>========================================================</p><p></p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E950BCE7)</p><p></p><p>Partition 1: (Active) - (Size=400 MB) - (Type=27)</p><p></p><p>Partition 2: (Not Active) - (Size=297.9 GB) - (Type=07 NTFS)</p><p></p><p>Partition 3: (Not Active) - (Size=297.9 GB) - (Type=07 NTFS)</p><p></p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="thedarkhippy, post: 404138, member: 36149"] Hello Basically my computer is infected with a proxy server virus (127.0.0.1 port 8118) and has been for a few months now. I have tried so many different things that I have lost tract of the methods that I have used. I have listed above some of the thigs that I have tried and failed. I am unable to connect to the internet so I can not run and add the files you require. I am really sorry about this but I have manged to run the Farbar recovery scan tool but it is an outdated version as I downloaded this last month as was going to ask for help then. I cannot get an up to date program as not internet. I am also unable to upload the results so I have copied and pasted then below. I hope this is ok. Please please help me I am completely lost and desperate. Thanking you in advance. Lisa Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015 ([color=red]ATTENTION: ====> FRST version is 57 days old and could be outdated[/color]) Ran by User (administrator) on USER-TOSH on 28-06-2015 23:01:38 Running from C:\Users\User\Desktop Loaded Profiles: User (Available profiles: User) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe ( ) C:\Windows\System32\dlbacoms.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe () C:\Program Files (x86)\spotimote\spotimote.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> Spotify.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [spotimote] => C:\Program Files (x86)\spotimote\spotimote.exe [2364840 2014-05-23] () HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.) HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-29] (Spotify Ltd) HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-29] (Spotify Ltd) HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-09] (Google Inc.) HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\MountPoints2: {dde7cca0-7c72-11e2-910c-047d7b4a33ef} - F:\Startme.exe HKU\S-1-5-21-2153010267-44935286-722844377-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013-02-17] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2013-02-17] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-2153010267-44935286-722844377-1000] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.google.com[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://www.google.com[/URL] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19[/URL] HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19[/URL] HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19[/URL] HKU\S-1-5-21-2153010267-44935286-722844377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://google.co.uk/[/URL] SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [URL]http://www.google.com/search[/URL] SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = [URL]https://mysearch.avg.com/search?cid={82D6FA40-0F1E-4B81-86A0-C3C1DA2A3420}&mid=95af1eaf2fdc48d1b0d40876b44fd7a6-26e80913c2737e07a653ddcb9f983deba96fae33&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-16[/URL] 11:40:30&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {6E5D40DA-3836-9F50-88D8-772672F80DA1} URL = SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = [URL]https://mysearch.avg.com/search?cid={82D6FA40-0F1E-4B81-86A0-C3C1DA2A3420}&mid=95af1eaf2fdc48d1b0d40876b44fd7a6-26e80913c2737e07a653ddcb9f983deba96fae33&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-16[/URL] 11:40:30&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = [URL]http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=20&locale=en_GB&gct=kwd&qsrc=2869[/URL] BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-04-16] (AVG) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.) Toolbar: HKU\S-1-5-21-2153010267-44935286-722844377-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-11-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-2153010267-44935286-722844377-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\54f69738d97a1bbc5dfe9f40e1e05da9 [2015-03-25] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2015-03-17] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-05-21] FF HKLM-x32\...\Thunderbird\Extensions: [[email]msktbird@mcafee.com[/email]] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-30] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30] CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-03-17] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30] CHR Extension: (Facebook news) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2013-11-19] CHR Extension: (Gmail Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-11-19] CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-19] CHR Extension: (Hola Better Internet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-21] CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-10] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-22] CHR Extension: (Norton Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-08-10] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-19] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [URL]https://clients2.google.com/service/update2/crx[/URL] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [Not Found] CHR HKU\S-1-5-21-2153010267-44935286-722844377-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\User\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [URL]https://clients2.google.com/service/update2/crx[/URL] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM-x32\...\Chrome\Extension: [oihiaojfckjaconbjjpanjechlighodn] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) R2 dlba_device; C:\Windows\system32\dlbacoms.exe [567280 2007-03-05] ( ) R2 dlba_device; C:\Windows\SysWOW64\dlbacoms.exe [538096 2007-03-05] ( ) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-16] (WildTangent) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-03-25] (AV Security Software) [File not signed] <==== ATTENTION R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation) S2 PrivoxyService; C:\Program Files (x86)\AFC Secure Net\privoxy.exe [371200 2015-03-25] (The Privoxy team - [URL="http://www.privoxy.org"]www.privoxy.org[/URL]) [File not signed] <==== ATTENTION R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.) R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-04-16] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-16] () R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.) S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-07] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150313.001\IDSvia64.sys [669400 2015-03-03] (Symantec Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-13] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150315.022\ENG64.SYS [129752 2015-03-15] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150315.022\EX64.SYS [2137304 2015-03-15] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-20] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.) S3 cpuz134; \??\C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 L1C; system32\DRIVERS\L1C62x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-06-28 21:52 - 2015-06-28 23:12 - 00029252 _____ () C:\Users\User\Desktop\FRST.txt 2015-06-27 22:41 - 2015-06-28 22:41 - 00003266 _____ () C:\Windows\System32\Tasks\AFC Secure Net Service 2015-06-24 10:06 - 2015-06-25 10:06 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2015-06-22 10:42 - 2015-06-22 20:06 - 00000000 ___RD () C:\Users\TEMP.User-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-22 10:42 - 2015-06-22 20:06 - 00000000 ___RD () C:\Users\TEMP.User-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-22 10:42 - 2015-06-22 10:43 - 00000000 ____D () C:\Users\TEMP.User-TOSH 2015-06-22 10:42 - 2015-04-18 11:07 - 00000000 ____D () C:\Users\TEMP.User-TOSH\AppData\Roaming\TuneUp Software 2015-06-22 10:42 - 2015-03-23 02:51 - 00000000 ____D () C:\Users\TEMP.User-TOSH\AppData\Roaming\Macromedia 2015-06-22 10:42 - 2013-03-17 14:23 - 00000000 ____D () C:\Users\TEMP.User-TOSH\AppData\Local\Microsoft Help 2015-06-21 19:47 - 2015-06-22 18:20 - 00000000 ___SD () C:\ComboFix 2015-06-21 19:33 - 2015-06-21 19:33 - 00083298 _____ () C:\ComboFix.txt 2015-06-21 18:59 - 2015-06-21 18:59 - 00000000 ____D () C:\Users\User\AppData\Local\CrashRpt 2015-06-21 18:53 - 2015-06-21 18:53 - 00000000 ____D () C:\Users\User\Documents\ProcAlyzer Dumps 2015-06-21 18:50 - 2015-06-22 18:20 - 00000000 ____D () C:\Windows\erdnt 2015-06-21 18:48 - 2015-06-21 18:48 - 00004367 _____ () C:\Users\User\Desktop\JRT.txt 2015-06-21 18:30 - 2015-06-21 18:30 - 00000000 ____D () C:\RegBackup 2015-06-21 18:22 - 2015-06-21 18:48 - 00000000 ____D () C:\Users\User\Documents\virsu scan reports 2015-06-17 18:49 - 2015-06-28 22:38 - 00000000 ____D () C:\Users\User\Documents\Food 2015-06-16 16:21 - 2015-06-24 00:58 - 00000000 ____D () C:\ProgramData\Avg_Update_0615tb 2015-06-15 08:30 - 2015-06-15 08:30 - 00000000 ____D () C:\Program Files\Common Files\AV 2015-06-09 19:09 - 2015-06-09 19:09 - 00013673 ____H () C:\Users\User\Desktop\~WRL1115.tmp 2015-06-09 16:34 - 2015-06-09 16:34 - 00325632 ____H () C:\Users\User\Desktop\~WRL3544.tmp 2015-06-06 17:40 - 2015-06-06 17:40 - 00000000 ____D () C:\Users\User\AppData\Local\Avg 2015-06-05 09:10 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 09:10 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 09:10 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 09:10 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 09:10 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 09:10 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 09:10 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 09:10 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-02 08:32 - 2015-06-02 08:32 - 00000000 ____D () C:\Users\User\AppData\Local\GWX ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-06-28 23:12 - 2013-04-14 20:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-28 23:02 - 2015-05-03 17:53 - 00000000 ____D () C:\FRST 2015-06-28 22:46 - 2011-08-03 04:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-28 22:38 - 2013-02-17 10:17 - 01176618 _____ () C:\Windows\WindowsUpdate.log 2015-06-28 22:35 - 2013-02-24 13:49 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify 2015-06-28 22:31 - 2013-05-25 18:35 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA.job 2015-06-28 21:27 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-28 21:27 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-28 21:04 - 2013-02-24 13:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify 2015-06-28 21:02 - 2015-03-17 14:43 - 00000000 ____D () C:\ProgramData\MFAData 2015-06-28 20:59 - 2011-08-03 04:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-28 20:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-28 20:58 - 2009-07-14 05:51 - 00197413 _____ () C:\Windows\setupact.log 2015-06-25 09:11 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-24 00:58 - 2015-04-16 15:20 - 00000000 ____D () C:\Users\User\Desktop\security 2015-06-24 00:58 - 2015-04-16 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-06-24 00:58 - 2015-04-04 10:59 - 00000000 ___SD () C:\Windows\system32\GWX 2015-06-24 00:58 - 2015-03-25 14:27 - 00000000 ____D () C:\Program Files (x86)\AFC Secure Net 2015-06-24 00:58 - 2015-03-25 14:26 - 00000000 ____D () C:\Program Files (x86)\PrivateVPN 2015-06-24 00:58 - 2015-03-17 17:05 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2015-06-24 00:58 - 2015-03-17 14:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Check Point Software Technologies LTD 2015-06-24 00:58 - 2014-03-17 18:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-06-24 00:58 - 2014-03-17 18:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-06-24 00:58 - 2014-03-17 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-06-24 00:58 - 2014-03-17 18:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-06-24 00:58 - 2013-02-17 10:34 - 00000000 ____D () C:\Windows\system32\nn-NO 2015-06-24 00:58 - 2013-02-17 10:34 - 00000000 ____D () C:\Program Files (x86)\Atheros 2015-06-24 00:58 - 2011-08-03 04:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-24 00:58 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-06-24 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-06-24 00:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-06-24 00:55 - 2015-03-17 17:07 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Web TuneUp 2015-06-24 00:55 - 2015-03-17 17:06 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp 2015-06-24 00:55 - 2015-03-17 17:06 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2015-06-24 00:55 - 2015-03-17 14:48 - 00000000 ____D () C:\ProgramData\AVG2015 2015-06-24 00:55 - 2014-02-17 23:11 - 00000000 ____D () C:\Users\User\Documents\Add-in Express 2015-06-24 00:55 - 2013-02-22 10:08 - 00000000 ____D () C:\Users\User\AppData\Local\Google 2015-06-24 00:55 - 2011-08-03 04:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-06-24 00:54 - 2015-03-17 14:39 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD 2015-06-24 00:54 - 2013-03-15 14:02 - 00000000 __RHD () C:\MSOCache 2015-06-23 16:44 - 2014-12-07 09:32 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList 2015-06-23 16:44 - 2014-06-02 21:59 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList 2015-06-23 16:44 - 2014-06-02 21:59 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList 2015-06-22 11:16 - 2014-03-30 16:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\spotimote 2015-06-21 18:53 - 2015-05-20 23:34 - 00000000 ____D () C:\Users\TEMP 2015-06-20 23:00 - 2015-05-11 06:18 - 00000000 ____D () C:\Users\User\Documents\new project 2015-06-19 19:50 - 2013-06-26 09:32 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2015-06-10 12:29 - 2013-09-19 21:03 - 00000000 ____D () C:\Windows\system32\MRT 2015-06-10 11:28 - 2013-05-25 18:35 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core.job 2015-06-06 00:43 - 2014-12-11 00:23 - 00000000 ____D () C:\Windows\system32\appraiser 2015-06-06 00:43 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== Files in the root of some directories ======= 2015-03-28 18:52 - 2015-03-28 18:52 - 0009662 _____ () C:\Users\User\AppData\Roaming\em_64x64.ico 2013-02-17 12:27 - 2013-02-17 12:28 - 0000000 _____ () C:\Users\User\AppData\Local\{ADAB624D-CC58-45AA-913F-2E96B85B0844} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 07:44 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015 Ran by User at 2015-06-28 23:14:06 Running from C:\Users\User\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2153010267-44935286-722844377-500 - Administrator - Disabled) Guest (S-1-5-21-2153010267-44935286-722844377-501 - Limited - Disabled) User (S-1-5-21-2153010267-44935286-722844377-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Spybot - Search and Destroy (Enabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D} AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2} FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}) (Version: 11.5.502.146 - Adobe Systems Incorporated) Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) ATI Catalyst Install Manager (HKLM\...\{6167672A-758D-9960-C32C-47A15E180A70}) (Version: 3.0.829.0 - ATI Technologies, Inc.) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies) AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies) BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.) BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.09(T) - TOSHIBA CORPORATION) Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version: - Dell, Inc.) Dell System Detect (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony) Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.4.104.12040 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.104.12040 - Sony) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG) Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG) Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG) Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony) Spotify (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB) spotimote (HKLM-x32\...\spotimote) (Version: - ) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA ConfigFree (HKLM-x32\...\{28F05B12-E618-48A8-839A-0755FC8C9081}) (Version: 8.0.39 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.23.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.01.00 - ) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.01.00 - ) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.25 - TOSHIBA Corporation) TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vampire Ventures (x32 Version: 3.0.2.51 - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point) ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD) ZoneAlarm Security Toolbar (HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1132\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2153010267-44935286-722844377-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 05-06-2015 13:05:00 Windows Update 06-06-2015 17:32:56 Checkpoint by HitmanPro 10-06-2015 12:09:57 Windows Update 20-06-2015 08:57:03 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-06-23 17:02 - 00000798 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {008001D6-BCFE-49E6-94AF-6AD36A83A397} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {0E73D895-5E75-49F4-8449-0B53E61BA4EE} - \EPUpdater No Task File <==== ATTENTION Task: {116B0671-6510-4E05-AE45-98446AB1DB52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {1187E7D8-23A4-4A11-8011-4A7A096019D3} - System32\Tasks\{533CB7F0-663B-4BCF-9E11-A97A7098D3CF} => pcalua.exe -a C:\Users\User\Downloads\20130509-004-i64.exe -d C:\Users\User\Downloads Task: {23C23932-4AA9-40D6-91C6-894FBFE18432} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION Task: {24993DAA-7AE9-427A-A5FC-403531DA553A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.) Task: {26BAF950-B212-44B3-8CAD-1C3657EFE19A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.) Task: {4255F3D8-FCF9-44FD-A0FD-91D066382719} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.) Task: {48BE70D6-DEEB-49E6-83D5-C772184B3DFA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {4A4ACFFC-CD12-4369-B510-DB27CCACAB90} - System32\Tasks\{3F7D6D0B-DDCC-41AE-B1D2-EDC07EA3A6C5} => pcalua.exe -a E:\Setup.EXE -d E:\ Task: {4C2BFB5C-3DF5-4282-BB11-53743D62DBBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14] (Adobe Systems Incorporated) Task: {4CD6058F-B430-41F0-9EDB-A5B0CD6B5F8B} - \BrowserDefendert No Task File <==== ATTENTION Task: {4F7D7BDF-912F-4D8D-ACE1-60DC9ADF65B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {511D9ECE-E382-44B7-8954-B543E20DBDE4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.) Task: {54B5463C-F013-49A7-8E8A-B205FAD4DD87} - System32\Tasks\AFC Secure Net Service => C:\Program Files (x86)\AFC Secure Net\amjob.exe [2015-03-25] (Jelbrus) Task: {58E73E0A-4B17-476B-AD01-E8DD2F2BCE6E} - System32\Tasks\{003EE6F5-6B36-4FD0-8D1F-A14BA34E0F24} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=FileParade bundle uninstaller" "/linkurl=[URL]http://lp.sweetim.com/SweetPacksBundleUninstaller/[/URL]" "/searchProviderApp=FileParade" "/searchProvider=a different" Task: {60E2AC3B-FC7D-4C7D-A3AB-C693298411AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {629BE904-486D-4AC9-8C2A-62EF190E21AA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-04-21] (TOSHIBA CORPORATION) Task: {8A9A0BC2-D490-44CA-ABCD-1DA11DFFE691} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {A237441B-51C6-4527-B39D-0FD5971CC006} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {AC42BE44-6FAF-4F0E-ADE0-F4CD6DFAAFAB} - \Giga Perfect Uninstaller No Task File <==== ATTENTION Task: {B2887708-4FB2-4727-B69C-1119F6168A4A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {BFE6829E-30A3-47A9-B7B2-2B3820568BBD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.) Task: {C5647737-1488-44A9-BCA4-E760273F4459} - \Browser Updater\Browser Updater No Task File <==== ATTENTION Task: {C7CE7C6F-B9E3-46D1-A4A7-331249429EA6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {CB6DD6E8-8FE2-46D8-9F63-A955F44F4C1D} - System32\Tasks\Malware Cleaner => C:\Users\User\AppData\Roaming\D90F.tmp.exe <==== ATTENTION Task: {DB82B61D-D433-48A1-B892-2AD26B978BD2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E0868145-E36A-44C6-B6C2-C352ECA8E9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {E16D4ED5-EF83-4734-8705-990713255BD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {FA8E493D-DD7C-4145-B02C-2717F4133FBE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153010267-44935286-722844377-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-04-16 11:39 - 2015-04-16 11:38 - 00620056 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2014-07-07 18:06 - 2007-02-20 08:30 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbapp6c.dll 2013-06-03 19:17 - 2007-02-20 08:29 - 00106496 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlbaui6c.dll 2014-05-23 10:01 - 2014-05-23 10:01 - 02364840 _____ () C:\Program Files (x86)\spotimote\spotimote.exe 2013-02-21 23:14 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2014-03-17 18:42 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-02-21 23:14 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2013-02-21 23:14 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2011-07-07 15:54 - 2011-07-07 15:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll 2012-10-05 03:51 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll 2013-02-21 23:14 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll 2014-03-10 22:05 - 2014-03-10 22:05 - 00113064 _____ () C:\Program Files (x86)\spotimote\msgdll.dll 2013-09-26 16:47 - 2013-09-26 16:47 - 00610816 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll 2013-06-11 10:31 - 2013-06-11 10:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll 2012-04-04 15:33 - 2012-04-04 15:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll 2013-01-08 18:02 - 2013-01-08 18:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll 2012-07-26 12:51 - 2012-07-26 12:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll 2014-05-23 10:01 - 2014-05-23 10:01 - 01515432 _____ () C:\Program Files (x86)\spotimote\libspotify.dll 2014-05-23 10:01 - 2014-05-23 10:01 - 00261032 _____ () C:\Program Files (x86)\spotimote\CrashRpt1403.dll 2015-03-11 09:47 - 2015-05-29 07:24 - 41287224 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll 2015-04-16 11:39 - 2015-04-16 11:38 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll 2015-06-10 08:52 - 2015-06-05 19:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll 2015-06-10 08:52 - 2015-06-05 19:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2153010267-44935286-722844377-1000\...\dell.com -> dell.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2153010267-44935286-722844377-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk => C:\Windows\pss\Toshiba Places Icon Utility.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk => C:\Windows\pss\TRDCReminder.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: dlbamon.exe => "C:\Program Files (x86)\Dell AIO Printer A940\dlbamon.exe" MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: Internet Helper Anti-phishing => "C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe" MSCONFIG\startupreg: ITSecMng => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: NBAgent => "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [{2AF5DC60-8C7D-40B9-98EB-90E395EA876F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{C46BDB51-F16A-474A-AF72-0CD8240D78F9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{311D6676-98FA-4518-AFE3-8196E28DD08F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{723F3A64-B9AB-4D16-BAC7-BCEF44C496DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{776A4E0E-7894-4336-BC2E-62786F80C9B9}] => (Allow) LPort=2869 FirewallRules: [{BEE83D48-CEA5-49AC-B299-66A98F11D757}] => (Allow) LPort=1900 FirewallRules: [{84106120-686A-4A3C-A173-D3CE891BACA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{4289A481-AA12-40C3-A907-3BFA8912529B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{7A19B326-3084-4678-90B6-79320E219B64}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE FirewallRules: [{2552C470-C6D5-4903-A17B-76D3463857AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE FirewallRules: [{A63238AA-14D6-4F4F-8737-15A93B207311}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe FirewallRules: [{3CB841C8-CF79-4AD4-849A-1722186545C5}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe FirewallRules: [{50B982E9-9977-474C-BB3F-A74EE123D2B3}] => (Allow) C:\Windows\System32\dlbacoms.exe FirewallRules: [{43F7B80E-6C23-4DC0-B489-F3D9D4C039B5}] => (Allow) C:\Windows\System32\dlbacoms.exe FirewallRules: [{39ABB1D4-3DEA-4DE3-9CC9-E83610145870}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe FirewallRules: [{260B04A1-7209-4271-B685-705DCEF4063A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe FirewallRules: [{026EFAFA-526A-4DA4-877D-A054770EE02A}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe FirewallRules: [{E1A73B02-A88F-4CFD-8271-EC27739E5837}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe FirewallRules: [{204CFF69-6AFA-4F1D-ACC4-081856D575CA}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe FirewallRules: [{9BAE10E7-1B1F-410D-B956-C59F1D60A4A9}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe FirewallRules: [{FD88E7EB-8BBC-4B0F-9525-4DF84CBF87E3}] => (Allow) C:\Users\User\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe FirewallRules: [{ECF142E7-F268-4C7F-B78D-F29E5E10DB39}] => (Allow) C:\Users\User\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe FirewallRules: [{DAC5F99F-FAC5-45C0-B486-A7CCAF274092}] => (Allow) C:\Users\User\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe FirewallRules: [{AEF4B307-FD03-4446-99B2-FBB629915194}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{93933057-BC3E-4725-A29D-8DC46B9EB0F7}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [TCP Query User{1BD86667-5BEC-45A9-9880-A5F6D7BF4CC6}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{ACC92334-90A2-4353-9D73-346D1BFDC65B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [{572F3D8B-C77A-4D62-AA4C-30BE742BEA4A}] => (Allow) C:\Program Files (x86)\HomeTab\ProtectedSearch.exe FirewallRules: [{103EF298-45DC-48BA-9B90-9CB613DC24AF}] => (Allow) C:\Users\User\AppData\Local\iLivid\iLivid.exe FirewallRules: [{EA2A57A7-C3CB-4E85-8B81-44A92BFD98BD}] => (Allow) C:\Users\User\AppData\Local\iLivid\iLivid.exe FirewallRules: [{D0DE7B60-2FC2-4BC9-BFC0-34FE4A52E99B}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{549A72DC-8083-44B8-9B58-DF0A4E128A0F}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C3D239B5-7547-4470-B01E-A8E8D606E8ED}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [{96355260-836E-430D-AD6D-BE0416D19F93}] => (Block) C:\program files (x86)\spotimote\spotimote.exe FirewallRules: [{8851EAFF-54B4-4BD4-833E-6B68969E154C}] => (Block) C:\program files (x86)\spotimote\spotimote.exe FirewallRules: [{0492A1EF-6E98-4962-849E-A481F0B50C9A}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe FirewallRules: [{BF5D7DAA-22E9-4618-9148-0990000237C9}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe FirewallRules: [{21BA8236-DB27-49CE-81DF-25627842772E}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe FirewallRules: [{4447F1E4-F10D-46B5-936D-A9CEA5A8ED5F}] => (Allow) C:\Program Files (x86)\spotimote\spotimote.exe FirewallRules: [{D095033B-6291-425A-9648-6793384E2998}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe FirewallRules: [{2BFFE3E2-567F-47E9-AAA8-0477CA6842A0}] => (Allow) C:\Windows\SysWOW64\dlbacoms.exe FirewallRules: [{CF1AF076-4093-4679-BD5C-668E665B7DAF}] => (Allow) C:\Windows\System32\dlbacoms.exe FirewallRules: [{13A59E94-237B-4221-8059-35578456CC76}] => (Allow) C:\Windows\System32\dlbacoms.exe FirewallRules: [{86937A75-5216-4034-97B8-6BD9CFEAFA87}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe FirewallRules: [{97054022-1D30-4E69-8100-3C99BC75D358}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbapswx.exe FirewallRules: [{D7C71F0A-F0DD-4874-BB22-FA1B100494C5}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe FirewallRules: [{E67DACAC-1545-46A2-ABFF-38264CA139CF}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAmon.exe FirewallRules: [{02D47C93-1A54-4D71-B717-3DF594A82556}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe FirewallRules: [{FA472F96-AB45-42DB-A590-63C64FDDD023}] => (Allow) C:\Program Files (x86)\Dell AIO Printer A940\DLBAaiox.exe FirewallRules: [{751E9F65-E3C4-4FB3-866A-532C40E15C6C}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{EA32E477-B141-47F1-A3E4-645018484B87}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{684568FA-B1F8-4B70-AEB7-70F3ABF36360}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{81561D3A-3936-4FA3-AA0B-71AD52D292A2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{761B4684-F99C-4679-BC0F-F68C2D8E19A8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{A2590727-FE84-4922-ADF6-C3CEF9DCEFB2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{9A924A7E-A40E-4A90-993D-B62C6EAFE739}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{C65F5AFD-9CA7-4D68-835E-C540159563C5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{9EBDBBB0-7753-4525-83FF-B63CDFC1CDA6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{23939C0D-5E3B-49F4-B028-82C664819C22}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{6C463659-488B-41DA-BDCC-1942E3B57C54}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{64233DF2-06DD-4188-9B1A-61F4D501A107}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{4AE76827-6993-4E63-BB19-687B2022D3B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{8BCDBE65-2015-459E-B7E5-CC6652B63997}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{A3C6EA68-A35C-4A87-9EBA-A6E10764094F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{493E4580-F71D-42A4-8E9E-7D8E442E0FB9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{7C5BC96A-6D02-43E1-BDE8-16133699ABE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: Bluetooth RFBUS Description: Bluetooth RFBUS Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94} Manufacturer: TOSHIBA Service: tosrfbd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: BHDrvx64 Description: BHDrvx64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: BHDrvx64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Norton Internet Security Settings Manager Description: Norton Internet Security Settings Manager Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ccSet_NIS Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Symantec Iron Driver Description: Symantec Iron Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SymIRON Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Symantec Network Security WFP Driver Description: Symantec Network Security WFP Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SymNetS Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/28/2015 10:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 2.5.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16a8 Start Time: 01d0b1e44c46178c Termination Time: 16 Application Path: C:\Users\User\Desktop\FRST64.exe Report Id: 06088a7f-1dde-11e5-88f1-a817b1405e22 Error: (06/28/2015 10:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WINWORD.EXE version 14.0.7149.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 938 Start Time: 01d0b1e845affbe0 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE Report Id: 561a0767-1ddd-11e5-88f1-a817b1405e22 Error: (06/28/2015 08:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2015 00:10:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2015 10:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2015 09:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/25/2015 07:21:33 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={CE8A1633-EA5E-47CA-9F85-D0D9CCF05E9E}: The user User-TOSH\User dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651. Error: (06/25/2015 07:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/25/2015 09:09:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 08:55:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/28/2015 11:18:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 272 time(s). Error: (06/28/2015 11:18:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 271 time(s). Error: (06/28/2015 11:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 270 time(s). Error: (06/28/2015 11:17:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 269 time(s). Error: (06/28/2015 11:16:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 268 time(s). Error: (06/28/2015 11:16:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 267 time(s). Error: (06/28/2015 11:15:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 266 time(s). Error: (06/28/2015 11:15:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 265 time(s). Error: (06/28/2015 11:14:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 264 time(s). Error: (06/28/2015 11:13:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 263 time(s). Microsoft Office Sessions: ========================= Error: (06/28/2015 10:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe2.5.2015.016a801d0b1e44c46178c16C:\Users\User\Desktop\FRST64.exe06088a7f-1dde-11e5-88f1-a817b1405e22 Error: (06/28/2015 10:38:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: WINWORD.EXE14.0.7149.500093801d0b1e845affbe00C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE561a0767-1ddd-11e5-88f1-a817b1405e22 Error: (06/28/2015 08:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2015 00:10:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2015 10:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2015 09:47:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/25/2015 07:21:33 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {CE8A1633-EA5E-47CA-9F85-D0D9CCF05E9E}User-TOSH\UserBroadband Connection651 Error: (06/25/2015 07:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/25/2015 09:09:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/24/2015 08:55:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-06-21 19:24:46.998 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-06-21 19:24:46.826 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD E-450 APU with Radeon(tm) HD Graphics Percentage of memory in use: 33% Total physical RAM: 5734.87 MB Available physical RAM: 3841.65 MB Total Pagefile: 11467.94 MB Available Pagefile: 9521.77 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:297.85 GB) (Free:90.16 GB) NTFS Drive d: (Data) (Fixed) (Total:297.93 GB) (Free:297.8 GB) NTFS Drive e: (EDDIE_IZZARD_SEXIE) (CDROM) (Total:6.21 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E950BCE7) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=297.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=297.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top