Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot run any malware program [Solved]


  • This topic is locked This topic is locked

#16
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hey again.

 

The FRST file is on the USB drive (as I am not able to copy it to my sick computer). Is that where I should put the notepad thing as well? I am unable to create a new Notepad document on my computer anyway (or to change an existent one) so I suppose it has to be?


  • 0

Advertisements


#17
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I have done the steps. I am now able to create and copy files again to my computer! Thanks a lot. Here are the logs:

 


Run FRST and press Fix
On completion a log will be generated please post that
 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by FranciscoMartins at 2015-04-13 15:12:31 Run:1
Running from H:\
Loaded Profiles: UpdatusUser & FranciscoMartins (Available profiles: UpdatusUser & FranciscoMartins)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
Toolbar: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR Extension: (YoutubeAdblocker) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd [2014-02-02]
CHR Extension: (Easy Surf) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-02-02]
CHR Extension: (WebsAvE) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni [2014-02-02]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.

"C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd" directory move:

Could not move "C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd" directory. => Scheduled to move on reboot.


"C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb" directory move:

Could not move "C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb" directory. => Scheduled to move on reboot.


"C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni" directory move:

Could not move "C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni" directory. => Scheduled to move on reboot.


"C:\windows\system32\GroupPolicy\Machine" directory move:

Could not move "C:\windows\system32\GroupPolicy\Machine" directory. => Scheduled to move on reboot.

Could not move "C:\windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1355559273-4184100690-1832665884-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1355559273-4184100690-1832665884-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::857e:9d85:4b59:e583%13
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : SWDLWDS.com

Tunnel adapter isatap.novasbe.pt:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1448:861:3f57:f4c5
   Link-local IPv6 Address . . . . . : fe80::1448:861:3f57:f4c5%19
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : novasbe.pt
   Link-local IPv6 Address . . . . . : fe80::857e:9d85:4b59:e583%13
   IPv4 Address. . . . . . . . . . . : 192.168.11.58
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Default Gateway . . . . . . . . . : 192.168.15.254

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : SWDLWDS.com

Tunnel adapter isatap.novasbe.pt:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : novasbe.pt

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:30cc:17d3:3f57:f4c5
   Link-local IPv6 Address . . . . . : fe80::30cc:17d3:3f57:f4c5%19
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {67CE0496-9D11-41D6-B88A-0FC14014A5AF}.
Unable to cancel {131B6BFA-9965-4A75-8815-A61EA9C59AE2}.
Unable to cancel {C1DC8D2C-69EC-4755-A9EA-07B26F07A1EF}.
Unable to cancel {1F78488C-F49C-4198-9F4F-D4F96EA995D8}.
Unable to cancel {8D0921D8-783C-4E65-BA27-C6582805B8BF}.
Unable to cancel {42BA2D29-D0A9-4AF6-AAC0-8DA05B085FAB}.
Unable to cancel {F9F1D336-D0F5-4D1E-9C5C-993E124D4D97}.
Unable to cancel {1A0EEDFE-7344-4EAE-91D2-419B62822CA2}.
Unable to cancel {27FDA309-ED10-42D4-BFCE-7619D6181A34}.
Unable to cancel {D7E04EE3-EF28-43CF-B165-FE127755E53D}.
Unable to cancel {E6704EBC-F819-4D2F-A222-6E7D33168CC3}.
Unable to cancel {61C55A9F-4A26-45C7-BF1B-777D46ACE231}.
Unable to cancel {769013DF-1B93-4B5E-8209-A565A1FA1E80}.
Unable to cancel {32CCD566-8003-4BDC-875D-00B38ECD6184}.
Unable to cancel {418E3048-53C9-448D-B04E-86BE77970F29}.
Unable to cancel {6A217340-EE38-493A-934C-C71512832DB5}.
Unable to cancel {F0914A01-DE30-4EE6-BCF0-4E6A77C6829A}.
Unable to cancel {4F27873D-F201-4568-8099-22FF17A26AD8}.
Unable to cancel {C1D694AE-BCB5-4726-A770-51B1B9905763}.
Unable to cancel {05A31C89-D792-43DE-805D-1EE07DDFC387}.
Unable to cancel {653E28F0-3355-4962-802C-6742C3822B4F}.
Unable to cancel {2CDE63AE-C996-4283-94F1-8F6B9A44EC6E}.
Unable to cancel {EA3EEC50-5FB1-4276-97D7-50285C9BFF20}.
Unable to cancel {2607C368-4FEA-4873-AA9D-DE3572A56E76}.
Unable to cancel {4851981E-B05C-4592-8593-5E35EA894DD6}.
0 out of 25 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 3.1 GB temporary data.

==== End of Fixlog 15:13:21 ====

 

 

THEN :

Please run a fresh FRST scan copying FRST to the desktop of the affected system if at all possible

 

 

It was indeed possible. Again, two logs were generated. I am copying both here.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by FranciscoMartins (administrator) on FRANCISCO on 13-04-2015 15:41:01
Running from C:\Users\FranciscoMartins\Desktop
Loaded Profiles: UpdatusUser & FranciscoMartins (Available profiles: UpdatusUser & FranciscoMartins)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Power8 Team) C:\Program Files (x86)\Power8 team\Power8\Power8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Dropbox, Inc.) C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TRCMan] => C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [751528 2012-08-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosPU] => C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright © TOSHIBA Corp. 2012)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-21] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [279552 2011-07-14] (Vodafone)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1355559273-4184100690-1832665884-1001\...\Run: [] => [X]
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Run: [Power8] => C:\Program Files (x86)\Power8 team\Power8\Power8.exe [360960 2014-12-01] (Power8 Team)
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Run: [uTorrent] => C:\Users\FranciscoMartins\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2013-12-24] (Anvisoft)
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\MountPoints2: {849c6661-35a9-11e2-be75-84a6c8ae2ad0} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\MountPoints2: {8677e080-e72e-11e2-be93-b888e31ade21} - "E:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\MountPoints2: {8677e0e5-e72e-11e2-be93-b888e31ade21} - "E:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\MountPoints2: {f855c336-b80b-11e2-be8d-b888e31ade21} - "E:\AutoRun.exe"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\MountPoints2: {f855c366-b80b-11e2-be8d-b888e31ade21} - "E:\AutoRun.exe"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\MountPoints2: {f855c43a-b80b-11e2-be8d-b888e31ade21} - "E:\AutoRun.exe"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\MountPoints2: {f855c58b-b80b-11e2-be8d-b888e31ade21} - "E:\AutoRun.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [247144 2012-08-01] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~2\WS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\WS-Enabler\Assistant_x64.dll [4229120 2014-02-02] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [202600 2012-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~2\ws-ena~1\assist~1.dll => c:\Program Files (x86)\WS-Enabler\Assistant.dll [4105728 2014-02-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\FranciscoMartins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002 -> DefaultScope {2D6B5669-7159-40E0-8202-7703CAAEC01D} URL =
SearchScopes: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002 -> {2D6B5669-7159-40E0-8202-7703CAAEC01D} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-20] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.254

FireFox:
========
FF ProfilePath: C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Corretor para Português de Portugal - C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065\Extensions\[email protected] [2015-04-05]
FF Extension: Português Portugal Language Pack - C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065\Extensions\[email protected] [2015-02-14]
FF Extension: Adblock Plus - C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YoutubeAdblocker) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd [2014-02-02]
CHR Extension: (Easy Surf) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-02-02]
CHR Extension: (WebsAvE) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni [2014-02-02]
CHR Extension: (YTBooKMark) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph [2014-02-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2013-12-24] (Anvisoft)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 cfb41c29; c:\Program Files (x86)\WS-Enabler\AssistantSvc.dll [183632 2014-02-02] () [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-07-14] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-10] (Windows ® Win 7 DDK provider)
S3 vodafone_zte_cdc_acm; C:\Windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys [79872 2011-05-20] (Vodafone)
S3 vodafone_zte_cdc_ecm; C:\Windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys [58880 2011-05-20] (Vodafone)
S3 vodafone_zte_cpo; C:\Windows\system32\DRIVERS\vodafone_zte_cpo.sys [14336 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum; C:\Windows\System32\drivers\vodafone_zte_ecm_enum.sys [56320 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum_filter; C:\Windows\System32\drivers\vodafone_zte_ecm_enum_filter.sys [56320 2011-05-20] (Vodafone)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 15:41 - 2015-04-13 15:41 - 00023883 _____ () C:\Users\FranciscoMartins\Desktop\FRST.txt
2015-04-13 15:40 - 2015-04-12 20:43 - 02096640 _____ (Farbar) C:\Users\FranciscoMartins\Desktop\FRST64.exe
2015-04-13 15:36 - 2015-04-13 15:41 - 00000000 ____D () C:\FRST
2015-04-13 15:33 - 2015-04-13 15:33 - 00003472 ____N () C:\bootsqm.dat
2015-04-12 19:11 - 2015-04-13 15:34 - 00003206 _____ () C:\windows\PFRO.log
2015-04-11 17:21 - 2015-04-12 17:36 - 00086108 _____ () C:\windows\WindowsUpdate.log
2015-04-11 13:15 - 2015-04-11 19:40 - 00000000 ____D () C:\Users\FranciscoMartins\Downloads\Marvels Daredevil S01 WEBRip x264-MiXED[ettv]
2015-04-11 00:19 - 2012-07-26 06:26 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150411-001901.backup
2015-04-10 23:59 - 2015-04-10 23:59 - 00001366 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-10 23:59 - 2015-04-10 23:59 - 00001354 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-10 23:59 - 2015-04-10 23:59 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-04-10 23:59 - 2015-04-10 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-10 23:58 - 2015-04-11 00:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-10 23:58 - 2015-04-11 00:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-10 23:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-04-10 23:57 - 2015-04-10 23:58 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\FranciscoMartins\Desktop\452-spybot-2.4.exe
2015-04-10 23:57 - 2015-04-10 23:57 - 00001759 _____ () C:\Users\FranciscoMartins\Desktop\Continue Spybot - Search.lnk
2015-04-08 10:55 - 2015-04-08 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-07 01:56 - 2015-04-07 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-04-07 01:56 - 2015-04-07 01:56 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2015-03-25 16:28 - 2015-04-07 09:44 - 00022871 _____ () C:\Users\FranciscoMartins\Downloads\Survey.xlsx
2015-03-25 11:55 - 2015-03-04 08:26 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2015-03-25 11:55 - 2015-03-04 08:26 - 00467952 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2015-03-25 11:55 - 2015-03-04 08:26 - 00011105 _____ () C:\windows\system32\AutoconfigV2.cab
2015-03-25 11:55 - 2015-03-04 07:41 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-03-25 11:55 - 2015-03-04 07:41 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-25 11:55 - 2015-03-04 05:53 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-03-25 11:55 - 2015-03-04 05:53 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-21 01:00 - 2015-04-07 02:01 - 00425736 _____ () C:\windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 15:37 - 2012-11-24 00:44 - 00000000 ___RD () C:\Users\FranciscoMartins\Dropbox
2015-04-13 15:36 - 2015-03-11 13:05 - 00000000 ___RD () C:\Users\FranciscoMartins\iCloudDrive
2015-04-13 15:36 - 2012-11-24 00:42 - 00000000 ____D () C:\Users\FranciscoMartins\AppData\Roaming\Dropbox
2015-04-13 15:35 - 2014-02-02 11:47 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-04-13 15:34 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-13 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2015-04-13 14:55 - 2012-11-24 03:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 10:42 - 2012-07-26 08:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-13 09:51 - 2012-11-24 01:08 - 00000000 ____D () C:\Users\FranciscoMartins\AppData\Roaming\uTorrent
2015-04-11 19:34 - 2012-12-14 15:47 - 00000000 ____D () C:\Users\FranciscoMartins\Downloads\Séries
2015-04-11 11:20 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2015-04-11 01:43 - 2012-11-23 23:39 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1355559273-4184100690-1832665884-1002
2015-04-10 11:00 - 2012-11-24 00:44 - 00001023 _____ () C:\Users\FranciscoMartins\Desktop\Dropbox.lnk
2015-04-10 11:00 - 2012-11-24 00:43 - 00000000 ____D () C:\Users\FranciscoMartins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 19:23 - 2014-11-21 23:09 - 00000000 ___HD () C:\$Windows.~BT
2015-04-08 14:25 - 2012-11-24 00:40 - 00000000 ____D () C:\Users\FranciscoMartins\AppData\Roaming\Skype
2015-04-08 10:56 - 2012-11-24 00:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-08 10:56 - 2012-11-24 00:40 - 00000000 ____D () C:\ProgramData\Skype
2015-04-08 10:55 - 2014-03-24 00:27 - 00002707 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-07 01:58 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\WinStore
2015-04-07 01:56 - 2012-11-23 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-07 01:56 - 2012-11-23 23:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 11:55 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\NDF
2015-03-25 14:24 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp
2015-03-23 12:01 - 2012-11-23 23:54 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-23 12:01 - 2012-11-23 23:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-23 12:01 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-23 12:00 - 2012-11-24 01:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-23 12:00 - 2012-11-24 01:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-21 00:59 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-15 15:00 - 2012-07-26 09:12 - 00000000 ___RD () C:\windows\ToastData
2015-03-15 15:00 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 15:00 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-15 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2013-04-26 23:15 - 2013-04-27 01:00 - 0005120 _____ () C:\Users\FranciscoMartins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-12 14:02 - 2011-07-12 14:02 - 0232496 ____R () C:\ProgramData\DeviceManager.xml.rc4
2014-09-08 12:00 - 2014-09-08 12:10 - 0000828 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\FranciscoMartins\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfse6mr.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-28 22:12

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by FranciscoMartins at 2015-04-13 15:41:17
Running from C:\Users\FranciscoMartins\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.63.1071 - AB Team, d.o.o.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.1 - Anvisoft)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
ENE CIR Receiver Driver (HKLM\...\6DF033BE7150A557197EF9B53DB9ACF77B7EA884) (Version: 4.1.0.0 - ENE)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 18 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160180}) (Version: 1.6.0.180 - Sun Microsystems, Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoFiltre (HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\PhotoFiltre) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Power8 (HKLM-x32\...\{72E06E86-25EC-413B-B80C-01D8BFE010D4}) (Version: 1.4.3.619 - Power8 team)
Power8 (HKLM-x32\...\{FC3E2A5E-AAC7-4471-8C64-46F9ECFF28C3}) (Version: 1.5.5.838 - Power8 team)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
PS_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.3 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.8.1C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6625.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 1.0.0.5C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Remote Control Manager (HKLM-x32\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1014.2 - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tzar - The Burden of the Crown (HKLM-x32\...\GOGPACKTZAR_is1) (Version: 2.0.0.8 - GOG.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.52.6 - TOSHIBA) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.302.33178 - Vodafone)
Vodafone web phone (HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\Vodafone web phone) (Version: 5.0.0.2391 - Vodafone PT)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WS-Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{cfb41c29}) (Version:  - Verified Publisher) <==== ATTENTION
YoutubeAdblocker (HKLM-x32\...\{CF830981-8F31-C561-C7A0-FE2CE1878B40}) (Version: 4.2.0.1447 - YoutubeAdblocker) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-04-2015 14:02:37 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-04-11 20:15 - 00000938 ____R C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18617A97-B73D-4C33-8908-C9D6DA323ECE} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {1B32ADB5-8B90-4CFC-8F4B-6E0446B9E082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D981847-535D-4549-80F3-9EA6711C0A6E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {3BE58AE9-E988-4D38-B8F4-B0E327A6790D} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {5F4771F2-8EAC-4298-A3B6-FA5EA8FE901B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {65DA24B9-E62B-40D6-81F5-DDF3F62580DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {6BF646CC-E60E-4380-A2B0-F20CBADB2B48} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6CED544B-5BE1-4AB4-9F6C-1F4690302920} - \AutoKMS No Task File <==== ATTENTION
Task: {A2F35C05-07AF-4789-84A9-243723E75F4A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {A689450D-88D0-4057-A1B8-102BE01EE602} - System32\Tasks\{BB5F80EA-DE7B-4FA6-84CF-8C6B8FAB4132} => Firefox.exe http://ui.skype.com/...all?page=tsBing
Task: {B284BA75-D2FD-4805-8507-7E9FDC3A92A4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BD2CB8D0-F1B4-49E7-B14E-1803779DDA70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-03-13] (Microsoft Corporation)
Task: {D3C55A07-98C9-4881-AD71-6C5E4756B936} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-28] (Synaptics Incorporated)
Task: {E27FCF9B-DA4E-4659-96C1-1842DF3D7935} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-06 05:36 - 2012-08-06 05:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-30 22:34 - 2012-08-30 22:34 - 02609064 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2012-08-04 23:01 - 2012-08-04 23:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2011-08-12 22:57 - 2011-08-12 22:57 - 00437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2012-07-25 21:44 - 2012-07-25 21:35 - 00129024 _____ () C:\windows\system32\WinMetadata\Windows.UI.winmd
2012-07-25 21:44 - 2012-07-25 21:35 - 00036864 _____ () C:\windows\system32\WinMetadata\Windows.Data.winmd
2015-02-22 22:58 - 2015-02-22 22:58 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\19b3a0667450d039aa3ebef43d489fe7\Windows.Foundation.ni.dll
2015-04-10 23:58 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-10 23:58 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-10 23:58 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-10 23:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-10 23:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-13 15:36 - 2015-04-13 15:36 - 00043008 _____ () c:\Users\FranciscoMartins\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfse6mr.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00750080 _____ () C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00047616 _____ () C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00865280 _____ () C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00200704 _____ () C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-10-19 06:07 - 2012-06-26 00:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\FranciscoMartins\Documents\Probabilidades:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\FranciscoMartins\Pictures\P130310_15.060001.jpg
DNS Servers: 192.168.15.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "MobileBroadband"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "CloudSystemBooster"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "uTorrent"

==================== Accounts: =============================

Administrator (S-1-5-21-1355559273-4184100690-1832665884-500 - Administrator - Disabled)
FranciscoMartins (S-1-5-21-1355559273-4184100690-1832665884-1002 - Administrator - Enabled) => C:\Users\FranciscoMartins
Guest (S-1-5-21-1355559273-4184100690-1832665884-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1355559273-4184100690-1832665884-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 03:35:04 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/13/2015 03:13:06 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070570, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (04/13/2015 03:12:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = H:\FRST64.exe ; Description = Restore Point Created by FRST; Error = 0x80070570).

Error: (04/13/2015 03:12:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {355454ef-929d-438c-9d47-bfa24adbb718}

Error: (04/13/2015 03:06:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0x728
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/13/2015 02:49:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070570, Failed to add Gather Application: Windows>.

Error: (04/13/2015 02:49:01 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialised.


Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 01:20:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0x28
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/13/2015 01:20:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ee8

Start Time: 01d075de4a1cd3fb

Termination Time: 29

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 794cabbb-e1d7-11e4-bed7-b888e31ade21

Faulting package full name:

Faulting package-relative application ID:

Error: (04/13/2015 00:41:06 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070570, Failed to add Gather Application: Windows>.


System errors:
=============
Error: (04/13/2015 03:17:26 PM) (Source: DCOM) (EventID: 10010) (User: Francisco)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/13/2015 03:15:14 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume42

Error: (04/13/2015 03:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 12 time(s).

Error: (04/13/2015 03:13:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392

Error: (04/13/2015 03:12:59 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=1392) while initializing logging resources for channel Microsoft-Windows-Winsock-WS2HELP/Operational.

Error: (04/13/2015 02:49:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 11 time(s).

Error: (04/13/2015 02:49:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392

Error: (04/13/2015 00:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 10 time(s).

Error: (04/13/2015 00:41:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%1392

Error: (04/13/2015 00:41:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 9 time(s).


Microsoft Office Sessions:
=========================
Error: (04/13/2015 03:35:04 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (04/13/2015 03:13:06 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x80070570Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (04/13/2015 03:12:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: H:\FRST64.exe Restore Point Created by FRST0x80070570

Error: (04/13/2015 03:12:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {355454ef-929d-438c-9d47-bfa24adbb718}

Error: (04/13/2015 03:06:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142572801d075e77d98f825C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll421f533d-e1e6-11e4-bed7-b888e31ade21

Error: (04/13/2015 02:49:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070570Failed to add Gather Application: Windows

Error: (04/13/2015 02:49:01 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 01:20:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014252801d075e13e449784C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7d8f80ae-e1d7-11e4-bed7-b888e31ade21

Error: (04/13/2015 01:20:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.5500ee801d075de4a1cd3fb29C:\Program Files (x86)\Mozilla Firefox\firefox.exe794cabbb-e1d7-11e4-bed7-b888e31ade21

Error: (04/13/2015 00:41:06 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070570Failed to add Gather Application: Windows


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8081.63 MB
Available physical RAM: 6411.11 MB
Total Pagefile: 9297.63 MB
Available Pagefile: 7571.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI30999600A) (Fixed) (Total:687.87 GB) (Free:73.79 GB) NTFS
Drive h: (SUTENT) (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1000 MB) (Disk ID: 00618F57)
Partition 1: (Active) - (Size=999 MB) - (Type=06)

==================== End Of Log ============================


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes do it that way please. When you try to boot from the \USB do you get any errors ? Or does it just boot to normal windows.

Also can you get to safe mode with networking
  • 0

#19
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Yes do it that way please. When you try to boot from the \USB do you get any errors ? Or does it just boot to normal windows.

Also can you get to safe mode with networking

 

I just saw this now, I had already done the steps. Should I re-do anything?


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OOps missed page 2, ignore my last :)

I will reset the network again after I have removed one of the programmes.

Once done could you try to download adwcleaner on this computer and let me know the result

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
AppInit_DLLs: C:\PROGRA~2\WS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\WS-Enabler\Assistant_x64.dll [4229120 2014-02-02] ()
AppInit_DLLs-x32: c:\progra~2\ws-ena~1\assist~1.dll => c:\Program Files (x86)\WS-Enabler\Assistant.dll [4105728 2014-02-02] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR Extension: (Easy Surf) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-02-02]
CHR Extension: (WebsAvE) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni [2014-02-02]
CHR Extension: (YoutubeAdblocker) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd [2014-02-02]
S2 cfb41c29; c:\Program Files (x86)\WS-Enabler\AssistantSvc.dll [183632 2014-02-02] () [File not signed]
Task: {6CED544B-5BE1-4AB4-9F6C-1F4690302920} - \AutoKMS No Task File <==== ATTENTION
c:\Program Files (x86)\WS-Enabler
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#21
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

You have no idea how much I appreciate all this, thank you so much, you are saving me here!

 

Anyway, here are the logs:

 

 

Run FRST and press Fix
On completion a log will be generated please post that

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by FranciscoMartins at 2015-04-13 15:57:43 Run:1
Running from H:\
Loaded Profiles: UpdatusUser & FranciscoMartins (Available profiles: UpdatusUser & FranciscoMartins)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
AppInit_DLLs: C:\PROGRA~2\WS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\WS-Enabler\Assistant_x64.dll [4229120 2014-02-02] ()
AppInit_DLLs-x32: c:\progra~2\ws-ena~1\assist~1.dll => c:\Program Files (x86)\WS-Enabler\Assistant.dll [4105728 2014-02-02] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR Extension: (Easy Surf) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-02-02]
CHR Extension: (WebsAvE) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni [2014-02-02]
CHR Extension: (YoutubeAdblocker) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd [2014-02-02]
S2 cfb41c29; c:\Program Files (x86)\WS-Enabler\AssistantSvc.dll [183632 2014-02-02] () [File not signed]
Task: {6CED544B-5BE1-4AB4-9F6C-1F4690302920} - \AutoKMS No Task File <==== ATTENTION
c:\Program Files (x86)\WS-Enabler
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"C:\PROGRA~2\WS-ENA~1\ASSIST~2.DLL" => Value Data removed successfully.
"c:\progra~2\ws-ena~1\assist~1.dll" => Value Data removed successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb => Moved successfully.
C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni => Moved successfully.
C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd => Moved successfully.
cfb41c29 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6CED544B-5BE1-4AB4-9F6C-1F4690302920}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CED544B-5BE1-4AB4-9F6C-1F4690302920}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
c:\Program Files (x86)\WS-Enabler => Moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::857e:9d85:4b59:e583%13
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : SWDLWDS.com

Tunnel adapter isatap.novasbe.pt:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:30a2:3021:3f57:f4c5
   Link-local IPv6 Address . . . . . : fe80::30a2:3021:3f57:f4c5%19
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : novasbe.pt
   Link-local IPv6 Address . . . . . : fe80::857e:9d85:4b59:e583%13
   IPv4 Address. . . . . . . . . . . : 192.168.11.58
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Default Gateway . . . . . . . . . : 192.168.15.254

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : SWDLWDS.com

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:30a2:3021:3f57:f4c5
   Link-local IPv6 Address . . . . . : fe80::30a2:3021:3f57:f4c5%19
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 5.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:58:42 ====

 

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

# AdwCleaner v4.201 - Logfile created 13/04/2015 at 16:05:53
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8  (x64)
# Username : FranciscoMartins - FRANCISCO
# Running from : C:\Users\FranciscoMartins\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\RandomPricee
Folder Deleted : C:\ProgramData\RemioveTHeAudApp
Folder Deleted : C:\Program Files (x86)\RandomPricee
Folder Deleted : C:\Program Files (x86)\RemioveTHeAudApp
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\FranciscoMartins\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{cfb41c29}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF830981-8F31-C561-C7A0-FE2CE1878B40}

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17267


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [3833 bytes] - [05/03/2014 23:24:19]
AdwCleaner[R1].txt - [7626 bytes] - [13/04/2015 16:02:16]
AdwCleaner[S0].txt - [3663 bytes] - [05/03/2014 23:27:34]
AdwCleaner[S1].txt - [7624 bytes] - [13/04/2015 16:05:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7683  bytes] ##########
 


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
NIce,  AdwCleaner was downloaded on this system correct ?
 
OK now a scan for any that I have missed so far..  Also how is the computer behaving at the moment

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#23
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

NIce,  AdwCleaner was downloaded on this system correct ?
 
OK now a scan for any that I have missed so far..  Also how is the computer behaving at the moment

 

Yes, it was downloaded on this system, something that yesterday seemed an impossible frontier to me :D

 

I think the computer is back to behaving normally. I am able to save things again, to open attachments and to open applications.

 

 

When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

That option didn't show up to me. It just said it was finished. Maybe it was because it detected zero things with problems? Or did I do something wrong?

 

 

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

 

There were two possible logs. Scan and Protection. I have saved both and I am copying both of them to you here:

 

Objectos Verificados: 427913
Tempo Decorrido: 25 min, 39 seg

Memória: Activado
Arranque: Activado
Sistema de Ficheiros: Activado
Arquivos: Activado
Rootkits: Desactivado
Heurísticos: Activado
PPI: Activado
MPI: Activado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registo: 0
(Nenhum item malicioso detectado)

Valores de Registo: 0
(Nenhum item malicioso detectado)

Dados de Registo: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Ficheiros: 0
(Nenhum item malicioso detectado)

Sectores Físicos: 0
(Nenhum item malicioso detectado)


(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 13/04/2015 16:19:16, SYSTEM, FRANCISCO, Manual, Remediation Database, 2015.3.9.1, 2015.4.6.2,
Update, 13/04/2015 16:19:16, SYSTEM, FRANCISCO, Manual, Rootkit Database, 2015.2.25.1, 2015.3.31.1,
Update, 13/04/2015 16:19:26, SYSTEM, FRANCISCO, Manual, Malware Database, 2015.3.9.5, 2015.4.13.5,
Scan, 13/04/2015 16:45:21, SYSTEM, FRANCISCO, Manual, Iniciar:13/04/2015 16:19:42, Durção:25 min 39 seg, Verificação por Ameaças, Concluída, 0 Detecções de Malware, 0 Detecção de Código Potencialmente Indesejads,

(end)


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No zero is good... Could you now give your computer a run testing all your normal programmes and let me know of anything untoward that is occurring

I notice that you are using widows defender as your anti-virus. Would you like to replace that with a free third party programme, as defender is not really brilliant at stopping malware. The antivirus is your very first line of defence. Also do you make backup images of your system
  • 0

#25
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

No zero is good... Could you now give your computer a run testing all your normal programmes and let me know of anything untoward that is occurring

 

Everything seems very normal to me right now. I've opened the usual apps and I've tried to uninstall a program and save files (all things I wasn't able to do during the weekend) and everything seems quite normal!

 

I notice that you are using widows defender as your anti-virus. Would you like to replace that with a free third party programme, as defender is not really brilliant at stopping malware. The antivirus is your very first line of defence. Also do you make backup images of your system

 

Yes, I was about to ask you for this. How should I protect my laptop better moving forward? I used to buy Norton every year but I eventually stopped doing it, not sure why, probably just being reckless. Should I buy it again? I honestly don't mind paying as long as I remain protected moving forward, but of course if you can recommend me one that is free, all the better. In addition, should I also instal a specific anti malware program or do the anti virus perform that role as well? I never quite got the difference :laughing: . Finally, any behavior I should avoid?

 

I don't know how to thank you. You literally saved me here. Thank you SO MUCH! Really! This place rocks!


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK ...

Finally, any behavior I should avoid?

As you use your computer for work related stuff you are an ideal target for the makers of Ransomware, they encrypt all your document, pictures etc.., so you will need protection against that.  The main defence against that would be not to open any e-mail attachments that you were not expecting or come from an unknown source, but I will give you a small programme that can mitigate that threat :)
 
The following is my set up :
 
 
How to set up a reasonable and light security regime for your system.  Apart from cryptoprevent all other elements are install and forget.
DOWNLOAD AND INSTALL ANTIVIRUS
Download Avast - direct link  Avast 2015

Select Custom install
Remove the ticks from the first page for the following unless you want them :
avastchrome.JPG
Dropbox
Chrome
Chrome toolbar

Select Next

Deselect the following from the middle column as you will not need them :
avasttools.JPG

SecureLine
Grimefighter

Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine
Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb

How to register

Right click the Avast orange blob on the task bar
Select registration
Select Standard Protection
avast%20register1.JPG
Fill in your e-mail address
avast%20register2.JPG
Click register with e-mail address and you are done

Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
pups.JPG

The free programme does have one or two ads per day but you can reduce them to a one second popup
Staying in Settings > General open the popup section and set them to 1 second as shown :)
Capture.JPG

PROTECT AGAINST RANSOMWARE

CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly
CryptoPrevent.JPG

PROTECT AGAINST UNWANTED BUNDLED SOFTWARE

Unchecky
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
unchecky.JPG
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  ;)

IF YOU USE USB DRIVES

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

BACKUP AND IMAGING
It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo...t-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )
macrium%20reflect.JPG

If you have any questions then please do not hesitate to ask.

Once you are happy with everything let me know and I will remove the tolls and tidy up behind me :)
  • 0

#27
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Ok so I think I am mostly done with everything! Just a few questions before I stop bothering you and thank you forever:

1. For the CryptoPrevent, how should I update it every month? I should go to the site and download it again? Is that it?

 

2. McShield will scan any USB drives that I insert on my laptop automatically, is that correct?

 

3. I haven't finished the backup thing yet. I have two questions here. The first is what exactly am I backing up and what is its use. Like if something happens to my computer, what exactly is here? I suppose my files aren't (I regularly move them to an external drive anyway), so what is it and how can I eventually use it? The second one is whether the external drive that I use needs to be exclusive for this. Currently I only have with me big external drives that I would rather keep using after doing the backup. Is that a problem?

 

4. Do I also need a firewall or are these enough? I only ask because it is something I see referred quite often but as you have probably understood I know next to nothing about these topics so I will totally trust what you tell me.

 

Once again... THANKS!!


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

1. For the CryptoPrevent, how should I update it every month? I should go to the site and download it again? Is that it?

 

No need, just open the programme and along the top is a heading "update" click that and it will do it itself  

 

2. McShield will scan any USB drives that I insert on my laptop automatically, is that correct?

 

Yup, it autoupdates and just sits there fat dumb and happy until you insert a USB, then it dives in and has a quick look before anything can happen  

 

3. I haven't finished the backup thing yet. I have two questions here. The first is what exactly am I backing up and what is its use. Like if something happens to my computer, what exactly is here? I suppose my files aren't (I regularly move them to an external drive anyway), so what is it and how can I eventually use it? The second one is whether the external drive that I use needs to be exclusive for this. Currently I only have with me big external drives that I would rather keep using after doing the backup. Is that a problem?

 

As I generally tend to mess my system up monthly when I am playing, I make an image of the disc and have it on a removable drive.  Then I update that monthly by creating a new image and deleting the old.  But, there would be no problem with using another partition on the system although a small removable drive would be best.  The best use of this is that your files are safe from encryption by ransomware, so if you do get hit just reload the last backup and it will be gone

 

  4. Do I also need a firewall or are these enough? I only ask because it is something I see referred quite often but as you have probably understood I know next to nothing about these topics so I will totally trust what you tell me.

 

Windows 8 firewall is sufficient as the webshield on Avast stops all bad traffic in and out


  • 0

#29
fracm

fracm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Ok thanks, I am clear on everything. I am just waiting for Avast to stop the scan to do the backup thing since it is apparently finding a lot of infected files (it says 130 and it's just on 5%) so I should probably wait to clean the system before backing it up, right?


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Yes please, could you let me know what files it found

 

I will prepare the details of how to get it.

 

Once the scan has finished you will be offered a boot scan Select no for now


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP