Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016 Ran by TOSHIBA (2016-04-23 17:52:11) Running from C:\Users\TOSHIBA\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-08-27 19:50:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1870027983-4264097883-3264919129-500 - Administrator - Disabled) Guest (S-1-5-21-1870027983-4264097883-3264919129-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1870027983-4264097883-3264919129-1002 - Limited - Enabled) TOSHIBA (S-1-5-21-1870027983-4264097883-3264919129-1000 - Administrator - Enabled) => C:\Users\TOSHIBA ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AntiLogger (x32 Version: 1.9.3.602 - Zemana Ltd.) Hidden Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden doPDF (Version: 8.1.921 - Softland) Hidden doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland) doPDF 8 (HKLM-x32\...\{f3778a1a-fca8-458f-8de8-b8eb3ff21cf4}) (Version: 8.1.921 - Softland) ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.) Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\{13BE5FED-4B98-3DE1-9510-47EA0693FDE8}) (Version: 50.0.2661.87 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java SE Development Kit 7 Update 75 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.) K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - ) Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation) Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version: - Novawave Inc.) novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{37AFBFC0-AE39-425B-97CB-A90319D39A4B}) (Version: 8.1.921 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{056A3023-0724-49F0-82F8-88A1F0783D53}) (Version: 8.1.921 - Softland) novaPDF 8 Printer Driver (HKLM\...\{52BC4F1A-207A-458F-B763-060D54516290}) (Version: 8.1.921 - Softland) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) welcome (x32 Version: 11.0.22500.0.0 - Nero AG) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.25 - WildTangent) Hidden Windows 7 Manager (HKLM\...\{C7534E78-48F0-4E13-A919-A19330CA79B2}) (Version: 5.0.5 - Yamicsoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation) معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00319510-7845-4687-8241-FEF6AA2EFB4C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {09C7C5E4-62D1-4A9E-A8DF-E00490D214AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {201AAA6E-09B8-4794-8C45-27A9278F9B4C} - System32\Tasks\{DFBB9C3B-5519-44F4-926A-A03E1CB076C7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&page=tsMain Task: {26801DB5-E95F-43BC-B435-804B5A0C9BFA} - System32\Tasks\{8E7A84AF-E5A7-416D-B154-D5278AB14BAB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 Task: {28085BD9-F62B-4251-AEA0-370E68760C57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {2EC04AD8-3003-4EF9-98D0-260D0BE65084} - System32\Tasks\{F311B61F-7D6D-426F-AE46-DA8CA3D826F1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/en/go/help.faq.installer?LastError=1603 Task: {41D08551-AA0E-45CB-913B-2118CB27F7C7} - System32\Tasks\{86411224-2BDF-458A-AA66-E99068EAC9FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603 Task: {4D0033AF-4BB9-4E42-A2D2-64DDCE403FF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {4F91EEE4-8CE0-44D6-9470-FD374C0267A9} - System32\Tasks\{2DBF06EF-013D-46C7-9E03-0B35C049ADF8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 Task: {50E8D6C9-5DCD-462D-95E4-2B58EA8636DF} - System32\Tasks\{5CC9E16A-A791-4F14-A184-356D52809A5B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603 Task: {5A6825CC-4CAE-474F-BBDD-D6198E6CDC76} - System32\Tasks\{9BACA7D0-BEB0-4AA9-9A59-05722B1BE9A5} => pcalua.exe -a "C:\Program Files (x86)\USBScan\unins000.exe" Task: {5E1E5867-1A54-4891-8E1F-96DEA54A34FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation) Task: {7872C8AA-BCD2-4E41-A223-B2E362226731} - System32\Tasks\{BB803D7B-095E-463C-A6DF-45F3A65DE27E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar Task: {91D41589-5180-4CB3-9D43-B8D20C4A9FF9} - System32\Tasks\{B49BEC05-6DD4-4525-B571-7DAAD3113BA3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 Task: {B23948A0-E270-4806-9E2A-DBD24914FC0F} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-12-16] () Task: {C55D2579-9812-4BDE-8252-A4032902BF92} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation) Task: {CFCA0DDF-10D4-40B6-BF40-BCFECB5FED7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {D2FD0D34-1129-4FA7-B38B-8980ED9BC337} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation) Task: {D8933CF3-973E-44D7-BF1B-6885F71697A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {F60DD6BF-6EDE-457F-9689-174D3A8126A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21] (Google Inc.) Task: {F6708DFB-6F6B-4D49-968E-A228E65A2485} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14] (Adobe Systems Incorporated) Task: {F806A241-4586-411B-826D-610136845788} - System32\Tasks\{F4D38DEE-AFAC-4ECC-B2EF-75E5A51CFD76} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll 2014-07-16 14:52 - 2011-03-01 00:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll 2015-11-24 01:45 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-04-06 13:37 - 2016-04-16 16:11 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll 2015-11-24 01:50 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-12-16 15:17 - 2014-12-16 15:17 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll 2016-04-06 13:37 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-11-24 01:46 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com There are 7846 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-04-22 03:40 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: ASO3DiskOptimizer => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: c2cautoupdatesvc => 2 MSCONFIG\Services: c2cpnrsvc => 2 MSCONFIG\Services: CSObjectsSrv => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: GFNEXSrv => 2 MSCONFIG\Services: glarab_http_proxy => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdate1d07c27b3c11b6 => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gupdatem1d07c27bae3622 => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MWAgent => 2 MSCONFIG\Services: NAUpdate => 3 MSCONFIG\Services: PanService => 3 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: TemproMonitoringService => 3 MSCONFIG\Services: TMachInfo => 3 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA Bluetooth Service => 2 MSCONFIG\Services: TOSHIBA eco Utility Service => 2 MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3 MSCONFIG\Services: TPCHSrv => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Monitor.lnk => C:\windows\pss\Bluetooth Monitor.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: New Value #2 => C:\Windows\system32\ctfmon.exe MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7F307436-1D5A-4C17-BA68-82EC3EE69202}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{38AC23E1-194F-4E7C-8357-7756DB71F921}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{DF351DA7-B952-4013-9458-5AB5953F13E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{F1126B55-432D-49DE-AF30-638D00B71744}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{F3B5366E-24FF-4DB3-BB7D-A1093F92CCE6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{B6479181-C761-48E6-8742-B74B667C4B82}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{498EAF1F-2583-4118-BE9B-1CA979685788}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 12-04-2016 12:56:42 Windows Update 13-04-2016 13:35:34 Windows Update 17-04-2016 13:09:14 JRT Pre-Junkware Removal 19-04-2016 12:16:16 Windows Update 21-04-2016 03:42:44 Windows Update 21-04-2016 12:08:04 Restore Point Created by FRST 21-04-2016 13:31:15 ResetBrowser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/23/2016 12:25:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625 Exception code: 0xc0000374 Fault offset: 0x00000000000bf262 Faulting process id: 0x604 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (04/23/2016 11:43:20 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">. Error: (04/23/2016 11:40:59 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">. Error: (04/23/2016 11:38:01 AM) (Source: System Restore) (EventID: 8206) (User: ) Description: The restore point selected was damaged or deleted during the restore (ResetBrowser). Error: (04/23/2016 03:03:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625 Exception code: 0xc0000374 Fault offset: 0x00000000000bf262 Faulting process id: 0x1020 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (04/23/2016 01:51:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625 Exception code: 0xc0000374 Fault offset: 0x00000000000bf262 Faulting process id: 0x6c0 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (04/23/2016 01:08:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d Exception code: 0xc0000374 Fault offset: 0x000ce843 Faulting process id: 0x14d8 Faulting application start time: 0xWLXPhotoGallery.exe0 Faulting application path: WLXPhotoGallery.exe1 Faulting module path: WLXPhotoGallery.exe2 Report Id: WLXPhotoGallery.exe3 Error: (04/22/2016 10:42:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 50.0.2661.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7f8 Start Time: 01d19cb1c8c886e1 Termination Time: 3 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: c5d0bd85-08ca-11e6-b24e-4c72b96f1d9f Error: (04/22/2016 03:54:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d Exception code: 0xc0000374 Fault offset: 0x000ce843 Faulting process id: 0x14a8 Faulting application start time: 0xWLXPhotoGallery.exe0 Faulting application path: WLXPhotoGallery.exe1 Faulting module path: WLXPhotoGallery.exe2 Report Id: WLXPhotoGallery.exe3 Error: (04/22/2016 03:53:47 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">. System errors: ============= Error: (04/23/2016 05:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel AGP Bus Filter service failed to start due to the following error: %%1058 Error: (04/23/2016 11:46:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel AGP Bus Filter service failed to start due to the following error: %%1058 Error: (04/23/2016 11:37:03 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/23/2016 11:32:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel AGP Bus Filter service failed to start due to the following error: %%1058 Error: (04/23/2016 11:32:14 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY) Description: The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-DriverFrameworks-UserMode/Operational. Error: (04/22/2016 05:55:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel AGP Bus Filter service failed to start due to the following error: %%1058 Error: (04/22/2016 05:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (04/22/2016 05:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/22/2016 05:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/22/2016 05:37:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The novaPDF Server service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-04-22 03:40:11.639 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-22 03:40:11.608 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.804 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.788 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.757 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.741 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.164 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.133 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 25% Total physical RAM: 8151.8 MB Available physical RAM: 6054.66 MB Total Virtual: 14291.99 MB Available Virtual: 12148.09 MB ==================== Drives ================================ Drive c: (S3A2575D002) (Fixed) (Total:290.98 GB) (Free:227.82 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: () (Fixed) (Total:287.88 GB) (Free:287.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: FE1684A7) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=291 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=287.9 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15.8 GB) - (Type=17) ==================== End of Addition.txt ============================