Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Reply to thread
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Arabyonline.com pop-up/malware
Message
<blockquote data-quote="iHateArabyOnline" data-source="post: 371599" data-attributes="member: 35247"><p>FRST scan log:</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015</p><p>Ran by Admin (administrator) on ADMIN-PC on 08-04-2015 18:08:53</p><p>Running from C:\Users\Admin\Downloads</p><p>Loaded Profiles: Admin (Available profiles: Admin & fbwuser)</p><p>Platform: Windows 7 Professional (X64) OS Language: English (United States)</p><p>Internet Explorer Version 9 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe</p><p>() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe</p><p>(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe</p><p>() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe</p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe</p><p>(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe</p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe</p><p>(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wbengine.exe</p><p>(Microsoft Corporation) C:\Windows\System32\vds.exe</p><p>(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)</p><p>HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-12-03] (RealNetworks, Inc.)</p><p>HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-12] (Google Inc.)</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [NI4TH6NZFE] => C:\Users\Admin\AppData\Roaming\yTGD4RNoF\yiFguCpBt.exe [1680896 2013-02-09] (Windows)</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software)</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: F - F:\LaunchU3.exe -a</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: G - G:\autorun.exe</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: {5a5b0e25-8639-11e1-9741-fc9d06134537} - G:\LaunchU3.exe -a</p><p>Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk</p><p>ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk</p><p>ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = <a href="http://www.msn.com/?pc=UP97&ocid=UP97DHP" target="_blank">http://www.msn.com/?pc=UP97&ocid=UP97DHP</a></p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://g.msn.com/1ewenusDefaultPack/UP97_FRPage" target="_blank">http://g.msn.com/1ewenusDefaultPack/UP97_FRPage</a></p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-27] (Kaspersky Lab ZAO)</p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)</p><p>BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO)</p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)</p><p>BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-27] (Kaspersky Lab ZAO)</p><p>BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)</p><p>BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-27] (Kaspersky Lab ZAO)</p><p>BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)</p><p>BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)</p><p>BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-27] (Kaspersky Lab ZAO)</p><p>BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)</p><p>BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-01] (Oracle Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)</p><p>BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-27] (Kaspersky Lab ZAO)</p><p>BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-01] (Oracle Corporation)</p><p>BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-27] (Kaspersky Lab ZAO)</p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)</p><p>Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)</p><p>Tcpip\Parameters: [DhcpNameServer] 193.188.97.211 193.188.97.197</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-01] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-01] (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)</p><p>FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-12-03] (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-12-03] (RealPlayer)</p><p>FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-2891971351-2350418588-1802881347-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-2891971351-2350418588-1802881347-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext</p><p>FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-03]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:url_advisor@kaspersky.com">url_advisor@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:url_advisor@kaspersky.com">url_advisor@kaspersky.com</a></p><p>FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:url_advisor@kaspersky.com">url_advisor@kaspersky.com</a> [2014-08-09]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a> [2014-08-09]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a> [2014-08-09]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:anti_banner@kaspersky.com">anti_banner@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:anti_banner@kaspersky.com">anti_banner@kaspersky.com</a></p><p>FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:anti_banner@kaspersky.com">anti_banner@kaspersky.com</a> [2014-08-09]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a> [2014-08-09]</p><p>FF HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Firefox\Extensions: [<a href="mailto:wcapturex@deskperience.com">wcapturex@deskperience.com</a>] - C:\Program Files (x86)\WordWeb\WCaptureMoz</p><p>FF Extension: WCaptureX - C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-04-11]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> </p><p>CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://<a href="http://www.sweet-page.com/?type=hp&ts=1424818265&from=cor&uid=TOSHIBAXMK5075GSX_Y176P69BTXXY176P69BT" target="_blank">www.sweet-page.com/?type=hp&ts=1424818265&from=cor&uid=TOSHIBAXMK5075GSX_Y176P69BTXXY176P69BT</a>"</p><p>CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-03-27]</p><p>CHR Extension: (Kaspersky URL Advisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-09]</p><p>CHR Extension: (Highlight to Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2015-03-24]</p><p>CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-27]</p><p>CHR Extension: (Safe Money) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-03-27]</p><p>CHR Extension: (Dangerous Websites Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-03-27]</p><p>CHR Extension: (RealDownloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-03-27]</p><p>CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]</p><p>CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-27]</p><p>CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]</p><p>CHR Extension: (Anti-Banner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-03-27]</p><p>CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - <a href="https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa" target="_blank">https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa</a> [Not Found]</p><p>CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - <a href="https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa" target="_blank">https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa</a> [Not Found]</p><p>CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-02-27]</p><p>CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-02-27]</p><p>CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-02-27]</p><p>CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]</p><p>CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-02-27]</p><p>CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]</p><p>CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-02-27]</p><p>StartMenuInternet: Google Chrome - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-02-27] (Kaspersky Lab ZAO)</p><p>S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()</p><p>R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()</p><p>R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]</p><p>S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]</p><p>R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)</p><p>S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.)</p><p>R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)</p><p>R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-27] (Kaspersky Lab ZAO)</p><p>S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-09] (Kaspersky Lab ZAO)</p><p>R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-08-09] (Kaspersky Lab ZAO)</p><p>R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-02-27] (Kaspersky Lab ZAO)</p><p>R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-27] (Kaspersky Lab ZAO)</p><p>R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-02-27] (Kaspersky Lab ZAO)</p><p>R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)</p><p>R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)</p><p>R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-27] (Kaspersky Lab ZAO)</p><p>S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)</p><p>R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)</p><p>S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-04-08 18:08 - 2015-04-08 18:09 - 00024720 _____ () C:\Users\Admin\Downloads\FRST.txt</p><p>2015-04-08 17:30 - 2015-04-08 17:30 - 00000000 ____D () C:\Windows\system32\SPReview</p><p>2015-04-06 03:55 - 2015-04-06 03:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\{5127ECFB-46B0-4A66-ABCB-2E9A7B576CFF}</p><p>2015-03-31 05:39 - 2015-03-31 05:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\{871DB603-3F8F-4213-B685-83C9B76FC587}</p><p>2015-03-31 05:39 - 2015-03-31 05:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VolIE</p><p>2015-03-29 03:01 - 2015-03-29 03:02 - 02095616 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe</p><p>2015-03-28 19:58 - 2015-03-28 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8CF2662E-D616-4D44-9ED3-D3C1FB993720}</p><p>2015-03-27 21:15 - 2015-03-27 21:15 - 04441416 _____ (Google) C:\Users\Admin\Downloads\software_removal_tool.exe</p><p>2015-03-27 21:15 - 2015-03-27 21:15 - 00004197 _____ () C:\Users\Admin\Downloads\software_removal_tool.log</p><p>2015-03-27 19:34 - 2015-03-27 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2015-03-27 19:00 - 2015-03-27 19:32 - 00000000 ____D () C:\AdwCleaner</p><p>2015-03-27 18:12 - 2015-03-27 18:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{66A2BAA9-A0A8-4BD8-B228-D7F4A97FCB6B}</p><p>2015-03-27 17:05 - 2015-03-27 17:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\{72DB383C-64FE-42D7-969A-2704207951AB}</p><p>2015-03-27 03:59 - 2015-03-27 03:59 - 00000000 _____ () C:\autoexec.bat</p><p>2015-03-27 03:29 - 2015-04-08 18:08 - 00000000 ____D () C:\FRST</p><p>2015-03-27 03:22 - 2015-03-27 03:22 - 00000000 ____D () C:\zoek_backup</p><p>2015-03-26 19:29 - 2015-04-08 17:52 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000</p><p>2015-03-26 19:29 - 2015-04-08 17:52 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000</p><p>2015-03-25 17:49 - 2015-03-11 05:39 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll</p><p>2015-03-25 17:49 - 2015-03-11 05:39 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll</p><p>2015-03-25 17:49 - 2015-03-11 05:39 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll</p><p>2015-03-25 17:49 - 2015-03-11 05:39 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll</p><p>2015-03-25 17:49 - 2015-03-11 05:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2015-03-25 17:49 - 2015-03-11 05:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll</p><p>2015-03-25 17:49 - 2015-03-11 05:34 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2015-03-24 22:34 - 2015-04-08 17:52 - 00004546 __RSH () C:\ProgramData\ntuser.pol</p><p>2015-03-24 22:34 - 2015-03-31 05:40 - 00003750 _____ () C:\Windows\System32\Tasks\Newsfeed</p><p>2015-03-24 22:34 - 2015-03-31 05:39 - 00003256 _____ () C:\Windows\System32\Tasks\AdUp Update</p><p>2015-03-24 22:34 - 2015-03-31 05:39 - 00000066 _____ () C:\Windows\SysWOW64\sn.txt</p><p>2015-03-24 22:34 - 2015-03-31 05:39 - 00000058 _____ () C:\Windows\SysWOW64\out.txt</p><p>2015-03-24 22:34 - 2015-03-31 05:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Ndoye</p><p>2015-03-24 22:34 - 2015-03-31 05:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\homerj</p><p>2015-03-24 22:34 - 2015-03-31 05:39 - 00000000 ____D () C:\ProgramData\AdsFree</p><p>2015-03-24 22:34 - 2015-03-24 22:34 - 00000000 ____D () C:\ProgramData\Mistl</p><p>2015-03-21 13:58 - 2015-03-21 13:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4589FD46-A439-4D63-B6F4-67CA56AC6847}</p><p>2015-03-20 22:12 - 2015-03-31 05:39 - 00003720 _____ () C:\Windows\System32\Tasks\Mistl</p><p>2015-03-20 22:12 - 2015-03-21 14:03 - 00000000 ____D () C:\ProgramData\Drv</p><p>2015-03-20 22:12 - 2015-03-21 03:36 - 00000000 ____D () C:\ProgramData\Kirin</p><p>2015-03-20 22:12 - 2015-03-20 22:12 - 00003240 _____ () C:\Windows\System32\Tasks\Drv Update</p><p>2015-03-20 22:12 - 2015-03-20 22:12 - 00000027 _____ () C:\Users\Admin\AppData\Local\f123.txt</p><p>2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\htcon</p><p>2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Fixs</p><p>2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Crown</p><p>2015-03-20 19:35 - 2015-03-21 13:53 - 00262144 _____ () C:\Windows\system32\config\elam</p><p>2015-03-16 08:56 - 2015-03-16 08:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0C5448C2-A9AA-4E0F-ACCB-8401E9BEE81E}</p><p>2015-03-11 00:59 - 2015-03-11 01:00 - 00000000 ____D () C:\Users\Admin\Desktop\pSX_1_13</p><p>2015-03-11 00:50 - 2015-03-11 00:51 - 00661688 _____ () C:\Users\Admin\Downloads\pSX_1_13.rar</p><p>2015-03-10 14:21 - 2015-03-20 22:30 - 00000000 ____D () C:\Users\Admin\Desktop\Games</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-04-08 18:08 - 2012-06-19 17:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent</p><p>2015-04-08 18:04 - 2012-04-12 20:33 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA.job</p><p>2015-04-08 18:01 - 2009-07-14 07:45 - 00021632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-04-08 18:01 - 2009-07-14 07:45 - 00021632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-04-08 17:58 - 2014-09-17 04:52 - 01916905 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-04-08 17:57 - 2013-07-03 10:43 - 00000000 ____D () C:\Users\Admin\Desktop\Movies</p><p>2015-04-08 17:53 - 2014-08-09 20:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab</p><p>2015-04-08 17:52 - 2014-09-05 04:44 - 00022182 _____ () C:\Windows\setupact.log</p><p>2015-04-08 17:52 - 2012-10-24 05:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-04-08 17:52 - 2012-04-12 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-04-08 17:52 - 2012-04-11 11:42 - 00000000 ____D () C:\Users\Admin\Tracing</p><p>2015-04-08 17:52 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-04-08 17:38 - 2012-10-24 05:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-04-08 17:28 - 2012-04-12 20:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2015-04-08 13:11 - 2015-03-07 22:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc</p><p>2015-04-08 07:03 - 2012-04-12 20:33 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core.job</p><p>2015-04-07 12:54 - 2012-04-11 01:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype</p><p>2015-04-05 12:47 - 2009-07-14 08:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2015-04-05 07:45 - 2015-02-17 23:46 - 00000000 ____D () C:\Users\Admin\Desktop\AOU</p><p>2015-03-31 05:39 - 2012-04-12 20:34 - 00002466 _____ () C:\Users\Admin\Desktop\Chrome.lnk</p><p>2015-03-27 21:34 - 2009-07-14 08:08 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2015-03-27 20:58 - 2014-10-19 13:00 - 00029966 _____ () C:\Windows\PFRO.log</p><p>2015-03-26 19:30 - 2014-12-11 03:24 - 00000000 ____D () C:\Windows\system32\appraiser</p><p>2015-03-26 19:30 - 2014-10-19 12:59 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2015-03-25 01:45 - 2014-06-20 03:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft</p><p>2015-03-25 01:45 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games</p><p>2015-03-24 22:34 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy</p><p>2015-03-11 04:35 - 2012-04-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2015-03-11 04:34 - 2009-07-14 05:34 - 00000478 _____ () C:\Windows\win.ini</p><p>2015-03-11 03:19 - 2013-08-07 03:01 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2015-03-11 03:03 - 2012-04-14 04:50 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-03-25 01:36 - 2015-03-25 01:36 - 0033134 _____ () C:\Users\Admin\AppData\Roaming\UserTile.png</p><p>2015-03-20 22:12 - 2015-03-20 22:12 - 0000027 _____ () C:\Users\Admin\AppData\Local\f123.txt</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Admin\AppData\Local\Temp\AVGTBInstall.exe</p><p>C:\Users\Admin\AppData\Local\Temp\BingBarSetup-Partner.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup15.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup164.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup172.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup2139.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup270.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup272.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup3250.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup4391.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup4653.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup4976.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup6124.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup6434.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup649.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup7255.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup8059.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup8217.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup8327.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup8515.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup863.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup866.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup8776.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup9682.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup9725.exe</p><p>C:\Users\Admin\AppData\Local\Temp\CloudBackup9966.exe</p><p>C:\Users\Admin\AppData\Local\Temp\oi_{D5E5119A-0303-4496-8D02-6CA31BBCDE9C}.exe</p><p>C:\Users\Admin\AppData\Local\Temp\Runner.exe</p><p>C:\Users\Admin\AppData\Local\Temp\vcredist_2013_x86.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-02-24 02:33</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Addition scan log:</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015</p><p>Ran by Admin at 2015-04-08 18:09:47</p><p>Running from C:\Users\Admin\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}</p><p>AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)</p><p>Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)</p><p>Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)</p><p>Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)</p><p>Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications)</p><p>Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)</p><p>Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)</p><p>Burn4Free DB Toolbar Toolbar (HKLM-x32\...\Burn4Free DB Toolbar Toolbar) (Version: - )</p><p>Burn4Free DVD Burning 5.9.0.0 (HKLM-x32\...\Burn4Free DVD Burning_is1) (Version: - Ikysasoft s.r.l. uninominale)</p><p>CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Google Chrome (HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)</p><p>Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden</p><p>Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree)</p><p>Hotspot Shield Toolbar (HKLM-x32\...\Hotspot_Shield Toolbar) (Version: 6.8.9.0 - Hotspot Shield) <==== ATTENTION</p><p>Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)</p><p>Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)</p><p>Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden</p><p>Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)</p><p>Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)</p><p>Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)</p><p>MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - <a href="http://www.motioninjoy.com" target="_blank">www.motioninjoy.com</a>)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>NVIDIA Graphics Driver 268.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.57 - NVIDIA Corporation)</p><p>NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)</p><p>NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)</p><p>RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden</p><p>RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden</p><p>RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden</p><p>Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)</p><p>Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)</p><p>RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden</p><p>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)</p><p>Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)</p><p>Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)</p><p>TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)</p><p>TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.85.5 - TOSHIBA CORPORATION)</p><p>TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation)</p><p>Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)</p><p>VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)</p><p>WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)</p><p>WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)</p><p>World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File</p><p></p><p>==================== Restore Points =========================</p><p></p><p>06-04-2015 04:00:10 Windows Update</p><p>07-04-2015 03:00:12 Windows Update</p><p>08-04-2015 03:00:15 Windows Update</p><p>08-04-2015 17:28:45 Windows Update</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {00E6BF14-3781-4262-8A59-C6956C29014D} - System32\Tasks\AdUp Update => C:\ProgramData\AdsFree\AdsFree.exe [2015-02-05] ()</p><p>Task: {0EB704F5-3057-4E23-BE61-AEE6BE2D1E99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12] (Adobe Systems Incorporated)</p><p>Task: {12D966AB-8E8E-4CC1-927B-0772B5EE8625} - System32\Tasks\Newsfeed => C:\Users\Admin\AppData\Roaming\homerj\c32s.exe [2015-03-19] ()</p><p>Task: {3971E0C7-8F44-435D-978B-C2CAD808567C} - System32\Tasks\{DE629398-970E-4F45-9610-04A70A571D02} => pcalua.exe -a E:\WebCam\Setup\Setup.exe -d E:\</p><p>Task: {4BB1B550-689C-4D71-8D20-48F2190D78F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)</p><p>Task: {56BC178D-3AA8-45B4-9EC1-9130A72735DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.)</p><p>Task: {5B45BB9D-2386-4FD9-AD6C-C750E12D8F54} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)</p><p>Task: {6E7924EB-A7D5-41DA-8F39-EBA6861AA331} - System32\Tasks\Mistl => C:\ProgramData\Mistl\Mistl.exe</p><p>Task: {6F9FEEF0-9791-44D8-A4E6-F51CBFAD9088} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)</p><p>Task: {96E20029-D856-4586-A073-10AF76FE3FB6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)</p><p>Task: {B4724B72-A23A-4A99-9084-5DD6AD96E7C4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc</p><p>Task: {B655482D-9882-4ACB-9C53-AA8DCA73F466} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)</p><p>Task: {BD284272-9247-4B99-A2AF-35C36738015E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.)</p><p>Task: {C2693C65-CDB1-46A4-9C9C-9D8BA6F32DDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)</p><p>Task: {C2A47750-A53C-4780-B2B1-E769F2553FEA} - System32\Tasks\Drv Update => C:\ProgramData\Drv\Drv.exe [2015-03-05] ()</p><p>Task: {E3E16045-6760-4895-AD6B-1694ED2B7964} - System32\Tasks\{8E41A7EC-7D30-4940-8C6D-CBD0C5A6F266} => Chrome.exe <a href="http://www.skype.com/go/downloading?source=installer&amp;ver=6.1.0.129.272&amp;LastError=-9" target="_blank">http://www.skype.com/go/downloading?source=installer&amp;ver=6.1.0.129.272&amp;LastError=-9</a></p><p>Task: {EE738FA4-4007-41BF-BFBD-DB0D80AC9BA8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) ==============</p><p></p><p>2014-05-17 01:34 - 2014-05-17 01:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe</p><p>2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe</p><p>2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll</p><p>2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll</p><p>2014-05-17 03:11 - 2014-05-17 03:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll</p><p>2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2012-04-11 01:17 - 2011-07-13 21:06 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll</p><p>2015-04-05 07:06 - 2015-03-31 00:07 - 01174856 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll</p><p>2015-04-05 07:06 - 2015-03-31 00:07 - 00080200 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll</p><p>2015-04-05 07:06 - 2015-03-31 00:07 - 09279304 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll</p><p>2015-04-05 07:06 - 2015-03-31 00:07 - 14974280 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\Users\Admin\Downloads\Appointment Required.eml:OECustomProperty</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>DNS Servers: 193.188.97.211 - 193.188.97.197</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Admin (S-1-5-21-2891971351-2350418588-1802881347-1000 - Administrator - Enabled) => C:\Users\Admin</p><p>Administrator (S-1-5-21-2891971351-2350418588-1802881347-500 - Administrator - Disabled)</p><p>fbwuser (S-1-5-21-2891971351-2350418588-1802881347-1003 - Limited - Disabled) => C:\Users\fbwuser</p><p>Guest (S-1-5-21-2891971351-2350418588-1802881347-501 - Limited - Enabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Bluetooth RFCOMM</p><p>Description: Bluetooth RFCOMM</p><p>Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}</p><p>Manufacturer: TOSHIBA</p><p>Service: tosrfcom</p><p>Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)</p><p>Resolution: Update the driver</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (04/08/2015 03:32:10 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004</p><p>Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002</p><p>Exception code: 0x40000015</p><p>Fault offset: 0x007c915a</p><p>Faulting process id: 0xf0c</p><p>Faulting application start time: 0xvlc.exe0</p><p>Faulting application path: vlc.exe1</p><p>Faulting module path: vlc.exe2</p><p>Report Id: vlc.exe3</p><p></p><p>Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1005) (User: )</p><p>Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-709213AB004A4E219EF6F10985D59178D55FB5A6.bin.VE0 for one of the following reasons:</p><p>there is a problem with the network connection, the disk that the file is stored on, or the storage</p><p>drivers installed on this computer; or the disk is missing.</p><p>Windows closed the program Host Process for Windows Services because of this error.</p><p></p><p>Program: Host Process for Windows Services</p><p>File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-709213AB004A4E219EF6F10985D59178D55FB5A6.bin.VE0</p><p></p><p>The error value is listed in the Additional Data section.</p><p>User Action</p><p>1. Open the file again.</p><p>This situation might be a temporary problem that corrects itself when the program runs again.</p><p>2.</p><p>If the file still cannot be accessed and</p><p> - It is on the network,</p><p>your network administrator should verify that there is not a problem with the network and that the server can be contacted.</p><p> - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.</p><p>3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.</p><p>4. If the problem persists, restore the file from a backup copy.</p><p>5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for</p><p>further assistance.</p><p></p><p>Additional Data</p><p>Error value: C0000185</p><p>Disk type: 3</p><p></p><p>Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1</p><p>Faulting module name: mpengine.dll, version: 1.1.11502.0, time stamp: 0x550404d4</p><p>Exception code: 0xc0000006</p><p>Fault offset: 0x000000000000ceb4</p><p>Faulting process id: 0xe14</p><p>Faulting application start time: 0xsvchost.exe_WinDefend0</p><p>Faulting application path: svchost.exe_WinDefend1</p><p>Faulting module path: svchost.exe_WinDefend2</p><p>Report Id: svchost.exe_WinDefend3</p><p></p><p>Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".</p><p>Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".</p><p>Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (03/27/2015 08:43:28 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546</p><p>Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10</p><p>Exception code: 0xc00000fd</p><p>Fault offset: 0x0002f29d</p><p>Faulting process id: 0xaa4</p><p>Faulting application start time: 0xmbam.exe0</p><p>Faulting application path: mbam.exe1</p><p>Faulting module path: mbam.exe2</p><p>Report Id: mbam.exe3</p><p></p><p>Error: (03/27/2015 08:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546</p><p>Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10</p><p>Exception code: 0xc00000fd</p><p>Fault offset: 0x0002ea7e</p><p>Faulting process id: 0xe50</p><p>Faulting application start time: 0xmbam.exe0</p><p>Faulting application path: mbam.exe1</p><p>Faulting module path: mbam.exe2</p><p>Report Id: mbam.exe3</p><p></p><p>Error: (03/27/2015 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546</p><p>Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10</p><p>Exception code: 0xc00000fd</p><p>Fault offset: 0x0002fcdb</p><p>Faulting process id: 0x12c8</p><p>Faulting application start time: 0xmbam.exe0</p><p>Faulting application path: mbam.exe1</p><p>Faulting module path: mbam.exe2</p><p>Report Id: mbam.exe3</p><p></p><p>Error: (03/27/2015 07:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546</p><p>Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10</p><p>Exception code: 0xc00000fd</p><p>Fault offset: 0x0002fcdb</p><p>Faulting process id: 0xd34</p><p>Faulting application start time: 0xmbam.exe0</p><p>Faulting application path: mbam.exe1</p><p>Faulting module path: mbam.exe2</p><p>Report Id: mbam.exe3</p><p></p><p>Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1005) (User: )</p><p>Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0 for one of the following reasons:</p><p>there is a problem with the network connection, the disk that the file is stored on, or the storage</p><p>drivers installed on this computer; or the disk is missing.</p><p>Windows closed the program Host Process for Windows Services because of this error.</p><p></p><p>Program: Host Process for Windows Services</p><p>File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0</p><p></p><p>The error value is listed in the Additional Data section.</p><p>User Action</p><p>1. Open the file again.</p><p>This situation might be a temporary problem that corrects itself when the program runs again.</p><p>2.</p><p>If the file still cannot be accessed and</p><p> - It is on the network,</p><p>your network administrator should verify that there is not a problem with the network and that the server can be contacted.</p><p> - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.</p><p>3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.</p><p>4. If the problem persists, restore the file from a backup copy.</p><p>5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for</p><p>further assistance.</p><p></p><p>Additional Data</p><p>Error value: C0000185</p><p>Disk type: 3</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p>Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort0.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (04/08/2015 03:32:10 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: vlc.exe2.2.0.000000004libqt4_plugin.dll2.2.0.00002000240000015007c915af0c01d07193538c4d2fC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dllb112495a-dd86-11e4-b69f-dc0ea13ab9d6</p><p></p><p>Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1005) (User: )</p><p>Description: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-709213AB004A4E219EF6F10985D59178D55FB5A6.bin.VE0Host Process for Windows ServicesC00001853</p><p></p><p>Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: svchost.exe_WinDefend6.1.7600.163854a5bc3c1mpengine.dll1.1.11502.0550404d4c0000006000000000000ceb4e1401d07004548a6971C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C80B5008-8ECB-42AF-9684-2274D0EA2E2D}\mpengine.dllf2c01c20-dbf7-11e4-b69f-dc0ea13ab9d6</p><p></p><p>Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe</p><p></p><p>Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )</p><p>Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe</p><p></p><p>Error: (03/27/2015 08:43:28 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002f29daa401d068b3aa4c3540C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dllc68d5514-d4a8-11e4-8195-dc0ea13ab9d6</p><p></p><p>Error: (03/27/2015 08:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002ea7ee5001d068b162a4c29fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll90423fbc-d4a6-11e4-8195-dc0ea13ab9d6</p><p></p><p>Error: (03/27/2015 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002fcdb12c801d068af6730d136C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll9386cb06-d4a4-11e4-8195-dc0ea13ab9d6</p><p></p><p>Error: (03/27/2015 07:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002fcdbd3401d068ac0bc821f4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll26bfca93-d4a2-11e4-8195-dc0ea13ab9d6</p><p></p><p>Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1005) (User: )</p><p>Description: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0Host Process for Windows ServicesC00001853</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2015-03-27 02:14:44.353</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-03-27 02:14:42.240</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-03-09 04:01:22.806</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2015-03-09 04:01:22.731</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-12-12 19:38:07.114</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-12-12 19:38:07.104</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-12-12 19:30:38.461</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-12-12 19:30:38.451</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-12-12 04:29:40.435</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-12-12 04:29:40.418</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz</p><p>Percentage of memory in use: 52%</p><p>Total physical RAM: 4073.76 MB</p><p>Available physical RAM: 1931.3 MB</p><p>Total Pagefile: 4071.9 MB</p><p>Available Pagefile: 1715.54 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.83 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:195.21 GB) (Free:110.01 GB) NTFS</p><p>Drive d: () (Fixed) (Total:270.45 GB) (Free:270.35 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10D36F71)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="iHateArabyOnline, post: 371599, member: 35247"] FRST scan log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Admin (administrator) on ADMIN-PC on 08-04-2015 18:08:53 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Admin & fbwuser) Platform: Windows 7 Professional (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbengine.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-12-03] (RealNetworks, Inc.) HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-12] (Google Inc.) HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [NI4TH6NZFE] => C:\Users\Admin\AppData\Roaming\yTGD4RNoF\yiFguCpBt.exe [1680896 2013-02-09] (Windows) HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software) HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: G - G:\autorun.exe HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: {5a5b0e25-8639-11e1-9741-fc9d06134537} - G:\LaunchU3.exe -a Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.google.com[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://www.google.com[/URL] HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [URL]http://www.msn.com/?ocid=iehp[/URL] HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [URL]http://www.msn.com/?pc=UP97&ocid=UP97DHP[/URL] HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = [URL]http://g.msn.com/1ewenusDefaultPack/UP97_FRPage[/URL] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-27] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-27] (Kaspersky Lab ZAO) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-27] (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-27] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-01] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-27] (Kaspersky Lab ZAO) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-01] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-27] (Kaspersky Lab ZAO) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL] Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 193.188.97.211 193.188.97.197 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-12-03] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-12-03] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin HKU\S-1-5-21-2891971351-2350418588-1802881347-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin HKU\S-1-5-21-2891971351-2350418588-1802881347-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-03] FF HKLM-x32\...\Firefox\Extensions: [[email]url_advisor@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]url_advisor@kaspersky.com[/email] FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]url_advisor@kaspersky.com[/email] [2014-08-09] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [[email]virtual_keyboard@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]virtual_keyboard@kaspersky.com[/email] FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]virtual_keyboard@kaspersky.com[/email] [2014-08-09] FF HKLM-x32\...\Firefox\Extensions: [[email]content_blocker@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]content_blocker@kaspersky.com[/email] FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]content_blocker@kaspersky.com[/email] [2014-08-09] FF HKLM-x32\...\Firefox\Extensions: [[email]anti_banner@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]anti_banner@kaspersky.com[/email] FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]anti_banner@kaspersky.com[/email] [2014-08-09] FF HKLM-x32\...\Firefox\Extensions: [[email]online_banking@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]online_banking@kaspersky.com[/email] FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email]online_banking@kaspersky.com[/email] [2014-08-09] FF HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Firefox\Extensions: [[email]wcapturex@deskperience.com[/email]] - C:\Program Files (x86)\WordWeb\WCaptureMoz FF Extension: WCaptureX - C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-04-11] Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://[URL="http://www.sweet-page.com/?type=hp&ts=1424818265&from=cor&uid=TOSHIBAXMK5075GSX_Y176P69BTXXY176P69BT"]www.sweet-page.com/?type=hp&ts=1424818265&from=cor&uid=TOSHIBAXMK5075GSX_Y176P69BTXXY176P69BT[/URL]" CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-03-27] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-09] CHR Extension: (Highlight to Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2015-03-24] CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-27] CHR Extension: (Safe Money) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-03-27] CHR Extension: (Dangerous Websites Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-03-27] CHR Extension: (RealDownloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-03-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-27] CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Anti-Banner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-03-27] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - [URL]https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[/URL] [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - [URL]https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[/URL] [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-02-27] StartMenuInternet: Google Chrome - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-02-27] (Kaspersky Lab ZAO) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] () R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] () R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-27] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-08-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-02-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-02-27] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-27] (Kaspersky Lab ZAO) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 18:08 - 2015-04-08 18:09 - 00024720 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-04-08 17:30 - 2015-04-08 17:30 - 00000000 ____D () C:\Windows\system32\SPReview 2015-04-06 03:55 - 2015-04-06 03:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\{5127ECFB-46B0-4A66-ABCB-2E9A7B576CFF} 2015-03-31 05:39 - 2015-03-31 05:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\{871DB603-3F8F-4213-B685-83C9B76FC587} 2015-03-31 05:39 - 2015-03-31 05:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VolIE 2015-03-29 03:01 - 2015-03-29 03:02 - 02095616 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-03-28 19:58 - 2015-03-28 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8CF2662E-D616-4D44-9ED3-D3C1FB993720} 2015-03-27 21:15 - 2015-03-27 21:15 - 04441416 _____ (Google) C:\Users\Admin\Downloads\software_removal_tool.exe 2015-03-27 21:15 - 2015-03-27 21:15 - 00004197 _____ () C:\Users\Admin\Downloads\software_removal_tool.log 2015-03-27 19:34 - 2015-03-27 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-27 19:00 - 2015-03-27 19:32 - 00000000 ____D () C:\AdwCleaner 2015-03-27 18:12 - 2015-03-27 18:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{66A2BAA9-A0A8-4BD8-B228-D7F4A97FCB6B} 2015-03-27 17:05 - 2015-03-27 17:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\{72DB383C-64FE-42D7-969A-2704207951AB} 2015-03-27 03:59 - 2015-03-27 03:59 - 00000000 _____ () C:\autoexec.bat 2015-03-27 03:29 - 2015-04-08 18:08 - 00000000 ____D () C:\FRST 2015-03-27 03:22 - 2015-03-27 03:22 - 00000000 ____D () C:\zoek_backup 2015-03-26 19:29 - 2015-04-08 17:52 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000 2015-03-26 19:29 - 2015-04-08 17:52 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000 2015-03-25 17:49 - 2015-03-11 05:39 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 17:49 - 2015-03-11 05:39 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 17:49 - 2015-03-11 05:39 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 17:49 - 2015-03-11 05:39 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 17:49 - 2015-03-11 05:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 17:49 - 2015-03-11 05:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 17:49 - 2015-03-11 05:34 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-24 22:34 - 2015-04-08 17:52 - 00004546 __RSH () C:\ProgramData\ntuser.pol 2015-03-24 22:34 - 2015-03-31 05:40 - 00003750 _____ () C:\Windows\System32\Tasks\Newsfeed 2015-03-24 22:34 - 2015-03-31 05:39 - 00003256 _____ () C:\Windows\System32\Tasks\AdUp Update 2015-03-24 22:34 - 2015-03-31 05:39 - 00000066 _____ () C:\Windows\SysWOW64\sn.txt 2015-03-24 22:34 - 2015-03-31 05:39 - 00000058 _____ () C:\Windows\SysWOW64\out.txt 2015-03-24 22:34 - 2015-03-31 05:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Ndoye 2015-03-24 22:34 - 2015-03-31 05:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\homerj 2015-03-24 22:34 - 2015-03-31 05:39 - 00000000 ____D () C:\ProgramData\AdsFree 2015-03-24 22:34 - 2015-03-24 22:34 - 00000000 ____D () C:\ProgramData\Mistl 2015-03-21 13:58 - 2015-03-21 13:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4589FD46-A439-4D63-B6F4-67CA56AC6847} 2015-03-20 22:12 - 2015-03-31 05:39 - 00003720 _____ () C:\Windows\System32\Tasks\Mistl 2015-03-20 22:12 - 2015-03-21 14:03 - 00000000 ____D () C:\ProgramData\Drv 2015-03-20 22:12 - 2015-03-21 03:36 - 00000000 ____D () C:\ProgramData\Kirin 2015-03-20 22:12 - 2015-03-20 22:12 - 00003240 _____ () C:\Windows\System32\Tasks\Drv Update 2015-03-20 22:12 - 2015-03-20 22:12 - 00000027 _____ () C:\Users\Admin\AppData\Local\f123.txt 2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\htcon 2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Fixs 2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Crown 2015-03-20 19:35 - 2015-03-21 13:53 - 00262144 _____ () C:\Windows\system32\config\elam 2015-03-16 08:56 - 2015-03-16 08:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0C5448C2-A9AA-4E0F-ACCB-8401E9BEE81E} 2015-03-11 00:59 - 2015-03-11 01:00 - 00000000 ____D () C:\Users\Admin\Desktop\pSX_1_13 2015-03-11 00:50 - 2015-03-11 00:51 - 00661688 _____ () C:\Users\Admin\Downloads\pSX_1_13.rar 2015-03-10 14:21 - 2015-03-20 22:30 - 00000000 ____D () C:\Users\Admin\Desktop\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 18:08 - 2012-06-19 17:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent 2015-04-08 18:04 - 2012-04-12 20:33 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA.job 2015-04-08 18:01 - 2009-07-14 07:45 - 00021632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-08 18:01 - 2009-07-14 07:45 - 00021632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-08 17:58 - 2014-09-17 04:52 - 01916905 _____ () C:\Windows\WindowsUpdate.log 2015-04-08 17:57 - 2013-07-03 10:43 - 00000000 ____D () C:\Users\Admin\Desktop\Movies 2015-04-08 17:53 - 2014-08-09 20:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-04-08 17:52 - 2014-09-05 04:44 - 00022182 _____ () C:\Windows\setupact.log 2015-04-08 17:52 - 2012-10-24 05:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-08 17:52 - 2012-04-12 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-08 17:52 - 2012-04-11 11:42 - 00000000 ____D () C:\Users\Admin\Tracing 2015-04-08 17:52 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-08 17:38 - 2012-10-24 05:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-08 17:28 - 2012-04-12 20:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-08 13:11 - 2015-03-07 22:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc 2015-04-08 07:03 - 2012-04-12 20:33 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core.job 2015-04-07 12:54 - 2012-04-11 01:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2015-04-05 12:47 - 2009-07-14 08:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-05 07:45 - 2015-02-17 23:46 - 00000000 ____D () C:\Users\Admin\Desktop\AOU 2015-03-31 05:39 - 2012-04-12 20:34 - 00002466 _____ () C:\Users\Admin\Desktop\Chrome.lnk 2015-03-27 21:34 - 2009-07-14 08:08 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-27 20:58 - 2014-10-19 13:00 - 00029966 _____ () C:\Windows\PFRO.log 2015-03-26 19:30 - 2014-12-11 03:24 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 19:30 - 2014-10-19 12:59 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 01:45 - 2014-06-20 03:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2015-03-25 01:45 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-24 22:34 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2015-03-11 04:35 - 2012-04-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 04:34 - 2009-07-14 05:34 - 00000478 _____ () C:\Windows\win.ini 2015-03-11 03:19 - 2013-08-07 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 03:03 - 2012-04-14 04:50 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2015-03-25 01:36 - 2015-03-25 01:36 - 0033134 _____ () C:\Users\Admin\AppData\Roaming\UserTile.png 2015-03-20 22:12 - 2015-03-20 22:12 - 0000027 _____ () C:\Users\Admin\AppData\Local\f123.txt Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\AVGTBInstall.exe C:\Users\Admin\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup15.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup164.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup172.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup2139.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup270.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup272.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup3250.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup4391.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup4653.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup4976.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup6124.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup6434.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup649.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup7255.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup8059.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup8217.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup8327.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup8515.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup863.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup866.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup8776.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup9682.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup9725.exe C:\Users\Admin\AppData\Local\Temp\CloudBackup9966.exe C:\Users\Admin\AppData\Local\Temp\oi_{D5E5119A-0303-4496-8D02-6CA31BBCDE9C}.exe C:\Users\Admin\AppData\Local\Temp\Runner.exe C:\Users\Admin\AppData\Local\Temp\vcredist_2013_x86.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-24 02:33 ==================== End Of Log ============================ Addition scan log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Admin at 2015-04-08 18:09:47 Running from C:\Users\Admin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION) Burn4Free DB Toolbar Toolbar (HKLM-x32\...\Burn4Free DB Toolbar Toolbar) (Version: - ) Burn4Free DVD Burning 5.9.0.0 (HKLM-x32\...\Burn4Free DVD Burning_is1) (Version: - Ikysasoft s.r.l. uninominale) CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree) Hotspot Shield Toolbar (HKLM-x32\...\Hotspot_Shield Toolbar) (Version: 6.8.9.0 - Hotspot Shield) <==== ATTENTION Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - [URL="http://www.motioninjoy.com"]www.motioninjoy.com[/URL]) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Graphics Driver 268.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.57 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.85.5 - TOSHIBA CORPORATION) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation) Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 06-04-2015 04:00:10 Windows Update 07-04-2015 03:00:12 Windows Update 08-04-2015 03:00:15 Windows Update 08-04-2015 17:28:45 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00E6BF14-3781-4262-8A59-C6956C29014D} - System32\Tasks\AdUp Update => C:\ProgramData\AdsFree\AdsFree.exe [2015-02-05] () Task: {0EB704F5-3057-4E23-BE61-AEE6BE2D1E99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12] (Adobe Systems Incorporated) Task: {12D966AB-8E8E-4CC1-927B-0772B5EE8625} - System32\Tasks\Newsfeed => C:\Users\Admin\AppData\Roaming\homerj\c32s.exe [2015-03-19] () Task: {3971E0C7-8F44-435D-978B-C2CAD808567C} - System32\Tasks\{DE629398-970E-4F45-9610-04A70A571D02} => pcalua.exe -a E:\WebCam\Setup\Setup.exe -d E:\ Task: {4BB1B550-689C-4D71-8D20-48F2190D78F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.) Task: {56BC178D-3AA8-45B4-9EC1-9130A72735DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.) Task: {5B45BB9D-2386-4FD9-AD6C-C750E12D8F54} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {6E7924EB-A7D5-41DA-8F39-EBA6861AA331} - System32\Tasks\Mistl => C:\ProgramData\Mistl\Mistl.exe Task: {6F9FEEF0-9791-44D8-A4E6-F51CBFAD9088} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {96E20029-D856-4586-A073-10AF76FE3FB6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {B4724B72-A23A-4A99-9084-5DD6AD96E7C4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {B655482D-9882-4ACB-9C53-AA8DCA73F466} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) Task: {BD284272-9247-4B99-A2AF-35C36738015E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.) Task: {C2693C65-CDB1-46A4-9C9C-9D8BA6F32DDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.) Task: {C2A47750-A53C-4780-B2B1-E769F2553FEA} - System32\Tasks\Drv Update => C:\ProgramData\Drv\Drv.exe [2015-03-05] () Task: {E3E16045-6760-4895-AD6B-1694ED2B7964} - System32\Tasks\{8E41A7EC-7D30-4940-8C6D-CBD0C5A6F266} => Chrome.exe [URL]http://www.skype.com/go/downloading?source=installer&ver=6.1.0.129.272&LastError=-9[/URL] Task: {EE738FA4-4007-41BF-BFBD-DB0D80AC9BA8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-05-17 01:34 - 2014-05-17 01:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-05-17 03:11 - 2014-05-17 03:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-04-11 01:17 - 2011-07-13 21:06 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll 2015-04-05 07:06 - 2015-03-31 00:07 - 01174856 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll 2015-04-05 07:06 - 2015-03-31 00:07 - 00080200 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll 2015-04-05 07:06 - 2015-03-31 00:07 - 09279304 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll 2015-04-05 07:06 - 2015-03-31 00:07 - 14974280 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Admin\Downloads\Appointment Required.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 193.188.97.211 - 193.188.97.197 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Admin (S-1-5-21-2891971351-2350418588-1802881347-1000 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-2891971351-2350418588-1802881347-500 - Administrator - Disabled) fbwuser (S-1-5-21-2891971351-2350418588-1802881347-1003 - Limited - Disabled) => C:\Users\fbwuser Guest (S-1-5-21-2891971351-2350418588-1802881347-501 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Bluetooth RFCOMM Description: Bluetooth RFCOMM Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94} Manufacturer: TOSHIBA Service: tosrfcom Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (04/08/2015 03:32:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004 Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002 Exception code: 0x40000015 Fault offset: 0x007c915a Faulting process id: 0xf0c Faulting application start time: 0xvlc.exe0 Faulting application path: vlc.exe1 Faulting module path: vlc.exe2 Report Id: vlc.exe3 Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-709213AB004A4E219EF6F10985D59178D55FB5A6.bin.VE0 for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-709213AB004A4E219EF6F10985D59178D55FB5A6.bin.VE0 The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: mpengine.dll, version: 1.1.11502.0, time stamp: 0x550404d4 Exception code: 0xc0000006 Fault offset: 0x000000000000ceb4 Faulting process id: 0xe14 Faulting application start time: 0xsvchost.exe_WinDefend0 Faulting application path: svchost.exe_WinDefend1 Faulting module path: svchost.exe_WinDefend2 Report Id: svchost.exe_WinDefend3 Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/27/2015 08:43:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10 Exception code: 0xc00000fd Fault offset: 0x0002f29d Faulting process id: 0xaa4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (03/27/2015 08:27:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10 Exception code: 0xc00000fd Fault offset: 0x0002ea7e Faulting process id: 0xe50 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (03/27/2015 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10 Exception code: 0xc00000fd Fault offset: 0x0002fcdb Faulting process id: 0x12c8 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (03/27/2015 07:56:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546 Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10 Exception code: 0xc00000fd Fault offset: 0x0002fcdb Faulting process id: 0xd34 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0 for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0 The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 System errors: ============= Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (04/08/2015 06:03:04 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Microsoft Office Sessions: ========================= Error: (04/08/2015 03:32:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.2.0.000000004libqt4_plugin.dll2.2.0.00002000240000015007c915af0c01d07193538c4d2fC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dllb112495a-dd86-11e4-b69f-dc0ea13ab9d6 Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-709213AB004A4E219EF6F10985D59178D55FB5A6.bin.VE0Host Process for Windows ServicesC00001853 Error: (04/06/2015 03:57:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_WinDefend6.1.7600.163854a5bc3c1mpengine.dll1.1.11502.0550404d4c0000006000000000000ceb4e1401d07004548a6971C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C80B5008-8ECB-42AF-9684-2274D0EA2E2D}\mpengine.dllf2c01c20-dbf7-11e4-b69f-dc0ea13ab9d6 Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (03/27/2015 08:43:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002f29daa401d068b3aa4c3540C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dllc68d5514-d4a8-11e4-8195-dc0ea13ab9d6 Error: (03/27/2015 08:27:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002ea7ee5001d068b162a4c29fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll90423fbc-d4a6-11e4-8195-dc0ea13ab9d6 Error: (03/27/2015 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002fcdb12c801d068af6730d136C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll9386cb06-d4a4-11e4-8195-dc0ea13ab9d6 Error: (03/27/2015 07:56:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002fcdbd3401d068ac0bc821f4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll26bfca93-d4a2-11e4-8195-dc0ea13ab9d6 Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0Host Process for Windows ServicesC00001853 CodeIntegrity Errors: =================================== Date: 2015-03-27 02:14:44.353 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-27 02:14:42.240 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 04:01:22.806 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 04:01:22.731 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-12 19:38:07.114 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-12 19:38:07.104 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-12 19:30:38.461 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-12 19:30:38.451 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-12 04:29:40.435 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-12 04:29:40.418 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 52% Total physical RAM: 4073.76 MB Available physical RAM: 1931.3 MB Total Pagefile: 4071.9 MB Available Pagefile: 1715.54 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:110.01 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:270.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10D36F71) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top