Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016 Ran by TOSHIBA (2016-04-24 03:06:37) Running from C:\Users\TOSHIBA\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-08-27 19:50:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1870027983-4264097883-3264919129-500 - Administrator - Disabled) Guest (S-1-5-21-1870027983-4264097883-3264919129-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1870027983-4264097883-3264919129-1002 - Limited - Enabled) TOSHIBA (S-1-5-21-1870027983-4264097883-3264919129-1000 - Administrator - Enabled) => C:\Users\TOSHIBA ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AntiLogger (HKLM-x32\...\{014534FF-1D46-4A77-9B48-29EFD145995B}) (Version: 1.9.3.602 - Zemana Ltd.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden doPDF (Version: 8.1.921 - Softland) Hidden doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland) doPDF 8 (HKLM-x32\...\{f3778a1a-fca8-458f-8de8-b8eb3ff21cf4}) (Version: 8.1.921 - Softland) ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.) Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\{13BE5FED-4B98-3DE1-9510-47EA0693FDE8}) (Version: 50.0.2661.87 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java SE Development Kit 7 Update 75 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.) K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - ) Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation) Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version: - Novawave Inc.) novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{37AFBFC0-AE39-425B-97CB-A90319D39A4B}) (Version: 8.1.921 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{056A3023-0724-49F0-82F8-88A1F0783D53}) (Version: 8.1.921 - Softland) novaPDF 8 Printer Driver (HKLM\...\{52BC4F1A-207A-458F-B763-060D54516290}) (Version: 8.1.921 - Softland) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden UsbFix (HKLM-x32\...\Usbfix) (Version: 8.228 - El Desaparecido - www.usb-antivirus.com - www.sosvirus.net) Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) welcome (x32 Version: 11.0.22500.0.0 - Nero AG) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.25 - WildTangent) Hidden Windows 7 Manager (HKLM\...\{C7534E78-48F0-4E13-A919-A19330CA79B2}) (Version: 5.0.5 - Yamicsoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation) معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00319510-7845-4687-8241-FEF6AA2EFB4C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {09C7C5E4-62D1-4A9E-A8DF-E00490D214AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {201AAA6E-09B8-4794-8C45-27A9278F9B4C} - System32\Tasks\{DFBB9C3B-5519-44F4-926A-A03E1CB076C7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&page=tsMain Task: {26801DB5-E95F-43BC-B435-804B5A0C9BFA} - System32\Tasks\{8E7A84AF-E5A7-416D-B154-D5278AB14BAB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 Task: {28085BD9-F62B-4251-AEA0-370E68760C57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {2EC04AD8-3003-4EF9-98D0-260D0BE65084} - System32\Tasks\{F311B61F-7D6D-426F-AE46-DA8CA3D826F1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/en/go/help.faq.installer?LastError=1603 Task: {41D08551-AA0E-45CB-913B-2118CB27F7C7} - System32\Tasks\{86411224-2BDF-458A-AA66-E99068EAC9FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603 Task: {4D0033AF-4BB9-4E42-A2D2-64DDCE403FF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {4F91EEE4-8CE0-44D6-9470-FD374C0267A9} - System32\Tasks\{2DBF06EF-013D-46C7-9E03-0B35C049ADF8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 Task: {50E8D6C9-5DCD-462D-95E4-2B58EA8636DF} - System32\Tasks\{5CC9E16A-A791-4F14-A184-356D52809A5B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603 Task: {5A6825CC-4CAE-474F-BBDD-D6198E6CDC76} - System32\Tasks\{9BACA7D0-BEB0-4AA9-9A59-05722B1BE9A5} => pcalua.exe -a "C:\Program Files (x86)\USBScan\unins000.exe" Task: {5E1E5867-1A54-4891-8E1F-96DEA54A34FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation) Task: {7872C8AA-BCD2-4E41-A223-B2E362226731} - System32\Tasks\{BB803D7B-095E-463C-A6DF-45F3A65DE27E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar Task: {91D41589-5180-4CB3-9D43-B8D20C4A9FF9} - System32\Tasks\{B49BEC05-6DD4-4525-B571-7DAAD3113BA3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 Task: {B23948A0-E270-4806-9E2A-DBD24914FC0F} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-12-16] () Task: {C55D2579-9812-4BDE-8252-A4032902BF92} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation) Task: {CFCA0DDF-10D4-40B6-BF40-BCFECB5FED7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {D2FD0D34-1129-4FA7-B38B-8980ED9BC337} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation) Task: {D8933CF3-973E-44D7-BF1B-6885F71697A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {F60DD6BF-6EDE-457F-9689-174D3A8126A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21] (Google Inc.) Task: {F6708DFB-6F6B-4D49-968E-A228E65A2485} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14] (Adobe Systems Incorporated) Task: {F806A241-4586-411B-826D-610136845788} - System32\Tasks\{F4D38DEE-AFAC-4ECC-B2EF-75E5A51CFD76} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll 2014-07-16 14:52 - 2011-03-01 00:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll 2015-11-24 01:45 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-04-06 13:37 - 2016-04-16 16:11 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll 2015-11-24 01:50 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-12-16 15:17 - 2014-12-16 15:17 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll 2016-04-06 13:37 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-11-24 01:46 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2016-04-22 23:04 - 2016-04-20 23:08 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\libglesv2.dll 2016-04-22 23:04 - 2016-04-20 23:08 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\1mybigdreamnowreal.com -> www.1mybigdreamnowreal.com IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> www.1sexparty.com IE restricted site: HKU\.DEFAULT\...\1sms.de -> www.1sms.de IE restricted site: HKU\.DEFAULT\...\1spybot.com -> www.1spybot.com IE restricted site: HKU\.DEFAULT\...\1stantivirus.com -> www.1stantivirus.com IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> www.1stpagehere.com IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> www.1stsearchportal.com IE restricted site: HKU\.DEFAULT\...\2-2005-search.com -> www.2-2005-search.com IE restricted site: HKU\.DEFAULT\...\2006ooo.com -> www.2006ooo.com IE restricted site: HKU\.DEFAULT\...\2007-download.com -> www.2007-download.com IE restricted site: HKU\.DEFAULT\...\2008-search-destroy.com -> www.2008-search-destroy.com IE restricted site: HKU\.DEFAULT\...\2008-viewer.com -> www.2008-viewer.com IE restricted site: HKU\.DEFAULT\...\2008firefox.com -> www.2008firefox.com IE restricted site: HKU\.DEFAULT\...\2008search-destroy.com -> spybot.2008search-destroy.com IE restricted site: HKU\.DEFAULT\...\2009--access.com -> www.2009--access.com IE restricted site: HKU\.DEFAULT\...\2009-box.com -> firefox.2009-box.com IE restricted site: HKU\.DEFAULT\...\2009-edition.com -> www.2009-edition.com IE restricted site: HKU\.DEFAULT\...\2009-phone.com -> www.2009-phone.com IE restricted site: HKU\.DEFAULT\...\2009-version.info -> www.2009-version.info IE restricted site: HKU\.DEFAULT\...\2009antivirpro.com -> www.2009antivirpro.com There are 7826 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-04-24 00:36 - 00000035 ____N C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: ASO3DiskOptimizer => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: c2cautoupdatesvc => 2 MSCONFIG\Services: c2cpnrsvc => 2 MSCONFIG\Services: CSObjectsSrv => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: GFNEXSrv => 2 MSCONFIG\Services: glarab_http_proxy => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdate1d07c27b3c11b6 => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gupdatem1d07c27bae3622 => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MWAgent => 2 MSCONFIG\Services: NAUpdate => 3 MSCONFIG\Services: PanService => 3 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: TemproMonitoringService => 3 MSCONFIG\Services: TMachInfo => 3 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA Bluetooth Service => 2 MSCONFIG\Services: TOSHIBA eco Utility Service => 2 MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3 MSCONFIG\Services: TPCHSrv => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Monitor.lnk => C:\windows\pss\Bluetooth Monitor.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: New Value #2 => C:\Windows\system32\ctfmon.exe MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7F307436-1D5A-4C17-BA68-82EC3EE69202}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{38AC23E1-194F-4E7C-8357-7756DB71F921}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{DF351DA7-B952-4013-9458-5AB5953F13E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{F1126B55-432D-49DE-AF30-638D00B71744}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{F3B5366E-24FF-4DB3-BB7D-A1093F92CCE6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{B6479181-C761-48E6-8742-B74B667C4B82}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{498EAF1F-2583-4118-BE9B-1CA979685788}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 23-04-2016 19:21:16 Restore Point Created by FRST 23-04-2016 23:41:41 Windows Modules Installer 24-04-2016 01:11:43 Norton_Power_Eraser_20160424011140283 24-04-2016 03:00:13 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/24/2016 01:29:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d Exception code: 0xc0000374 Fault offset: 0x000ce843 Faulting process id: 0x16e8 Faulting application start time: 0xWLXPhotoGallery.exe0 Faulting application path: WLXPhotoGallery.exe1 Faulting module path: WLXPhotoGallery.exe2 Report Id: WLXPhotoGallery.exe3 Error: (04/23/2016 11:46:24 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">. Error: (04/23/2016 11:46:10 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">. Error: (04/23/2016 11:27:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d Exception code: 0xc0000374 Fault offset: 0x000ce843 Faulting process id: 0x1388 Faulting application start time: 0xWLXPhotoGallery.exe0 Faulting application path: WLXPhotoGallery.exe1 Faulting module path: WLXPhotoGallery.exe2 Report Id: WLXPhotoGallery.exe3 Error: (04/23/2016 10:49:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625 Exception code: 0xc0000374 Fault offset: 0x00000000000bf262 Faulting process id: 0x6b8 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (04/23/2016 10:49:05 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">. Error: (04/23/2016 10:48:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d Exception code: 0xc0000374 Fault offset: 0x000ce843 Faulting process id: 0xed8 Faulting application start time: 0xWLXPhotoGallery.exe0 Faulting application path: WLXPhotoGallery.exe1 Faulting module path: WLXPhotoGallery.exe2 Report Id: WLXPhotoGallery.exe3 Error: (04/23/2016 10:48:28 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/23/2016 10:48:28 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/23/2016 10:48:28 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (04/24/2016 02:53:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel AGP Bus Filter service failed to start due to the following error: %%1058 Error: (04/24/2016 01:58:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/24/2016 01:58:16 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} CodeIntegrity: =================================== Date: 2016-04-22 03:40:11.639 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-22 03:40:11.608 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.804 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.788 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.757 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.741 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.164 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.133 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-18 22:12:56.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 35% Total physical RAM: 8151.8 MB Available physical RAM: 5237.05 MB Total Virtual: 14291.99 MB Available Virtual: 11084.71 MB ==================== Drives ================================ Drive c: (S3A2575D002) (Fixed) (Total:290.98 GB) (Free:231.61 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: () (Fixed) (Total:287.88 GB) (Free:287.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: FE1684A7) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=291 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=287.9 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15.8 GB) - (Type=17) ==================== End of Addition.txt ============================