Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Interpol Virus [Solved]


  • This topic is locked This topic is locked

#1
joecool90

joecool90

    Member

  • Member
  • PipPip
  • 49 posts

Hello, I was running Google Chrome and when browsing a website came across a message from Interpol saying I have to pay Interpol £100 to unlock Chrome. I suspect this to be a virus from internet research, in any case Chrome now refuses to run and I am nervous of the virus still being on my system. I'd be grateful for any advice from you about how to check my system for this virus and/or other relating viruses.

 

My Internet Explorer is currently working.

 

Many thanks for your help!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Toshiba-laptop (administrator) on TOSHIBA on 30-05-2015 10:18:39
Running from C:\Users\Toshiba-laptop\Desktop
Loaded Profiles: Toshiba-laptop (Available Profiles: Toshiba-laptop)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Flux Software LLC) C:\Users\Toshiba-laptop\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Toshiba-laptop\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4521272 2015-04-27] (iolo technologies, LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-03] (Avast Software s.r.o.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-30] (CyberLink Corp.)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [f.lux] => C:\Users\Toshiba-laptop\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [GoogleChromeAutoLaunch_A20EA583DEF46BFA013087ED20694C35] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [Spotify Web Helper] => C:\Users\Toshiba-laptop\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
AppInit_DLLs-x32: AirfoilInjector_3_7.dll => "AirfoilInjector_3_7.dll" File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-03] (Avast Software s.r.o.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-967705235-186355052-2569062438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-967705235-186355052-2569062438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-967705235-186355052-2569062438-1001 -> DefaultScope {B2D96509-5650-4F69-AE4B-05D226BF4373} URL =
SearchScopes: HKU\S-1-5-21-967705235-186355052-2569062438-1001 -> {B2D96509-5650-4F69-AE4B-05D226BF4373} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-03] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-03] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-31] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-03]

Chrome:
=======
CHR Profile: C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-31]
CHR Extension: (Google Docs) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-31]
CHR Extension: (Google Drive) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (Rapport) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-31]
CHR Extension: (YouTube) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-31]
CHR Extension: (Adblock Plus) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-04-03]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-03-31]
CHR Extension: (Google Search) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (Avast SafePrice) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-17]
CHR Extension: (Google Sheets) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-31]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-03-31]
CHR Extension: (Bookmark Manager) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Avast Online Security) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-31]
CHR Extension: (G.lux) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinolicfmhnjadpggledmhnffommefaf [2015-03-31]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-03-31]
CHR Extension: (Hangouts) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Hangouts) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-03-31]
CHR Extension: (Google Wallet) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-31]
CHR Extension: (Gmail) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKU\S-1-5-21-967705235-186355052-2569062438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-03] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-03] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-03] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4676408 2015-04-27] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2214168 2015-05-08] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-03] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-03] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-03] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-22] (Microsoft Corporation)
R1 RapportCerberus_1412097; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412097.sys [910872 2015-05-18] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-08] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-08] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-08] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-08] (IBM Corp.)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2015-03-23] (EldoS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-03] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-02] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-30] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 10:18 - 2015-05-30 10:18 - 00019400 _____ () C:\Users\Toshiba-laptop\Desktop\FRST.txt
2015-05-30 10:18 - 2015-05-30 10:18 - 00000000 ____D () C:\FRST
2015-05-30 10:17 - 2015-05-30 10:16 - 02108928 _____ (Farbar) C:\Users\Toshiba-laptop\Desktop\FRST64.exe
2015-05-30 10:16 - 2015-05-30 10:16 - 02108928 _____ (Farbar) C:\Users\Toshiba-laptop\Downloads\FRST64.exe
2015-05-29 20:45 - 2015-05-29 20:46 - 231301114 _____ () C:\Users\Toshiba-laptop\Documents\Agents.of.SHIELD.S01E09_findvideo.biz.mp4
2015-05-29 20:01 - 2015-05-29 20:02 - 288790331 _____ () C:\Users\Toshiba-laptop\Documents\Agents.of.SHIELD.S01E08_findvideo.biz.mp4
2015-05-24 23:29 - 2015-05-24 23:29 - 00002182 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 15.lnk
2015-05-24 23:29 - 2015-05-24 23:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 15
2015-05-24 23:27 - 2015-05-24 23:27 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-05-20 11:01 - 2015-05-20 11:01 - 00762368 _____ () C:\Users\Toshiba-laptop\Desktop\fem_1112.xls
2015-05-20 11:01 - 2015-05-20 11:01 - 00673792 _____ () C:\Users\Toshiba-laptop\Desktop\fem_1011_revised2.xls
2015-05-20 11:00 - 2015-05-20 11:00 - 00878592 _____ () C:\Users\Toshiba-laptop\Desktop\fraud-and-error-in-the-benefit-system-2012-13_estimates.xls
2015-05-20 11:00 - 2015-05-20 11:00 - 00318101 _____ () C:\Users\Toshiba-laptop\Desktop\FEMA_Tables_1415P-v2.xlsx
2015-05-20 10:59 - 2015-05-20 10:59 - 00449536 _____ () C:\Users\Toshiba-laptop\Desktop\Tables_FEMA_1314.xls
2015-05-18 19:55 - 2015-05-18 19:55 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2015-05-18 19:55 - 2015-05-18 19:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2015-05-17 11:10 - 2015-05-18 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-05-17 11:10 - 2015-05-17 11:10 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Local\Trusteer
2015-05-17 11:10 - 2015-05-17 11:10 - 00000000 ____D () C:\Program Files (x86)\Trusteer
2015-05-17 11:10 - 2015-05-08 17:25 - 00375128 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-05-17 11:10 - 2015-05-08 17:25 - 00121208 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-05-17 11:09 - 2015-05-17 11:09 - 00436504 _____ (IBM Corp.) C:\Users\Toshiba-laptop\Desktop\RapportSetup.exe
2015-05-17 11:09 - 2015-05-17 11:09 - 00000000 ____D () C:\ProgramData\Trusteer
2015-05-14 18:49 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-14 18:49 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 21:36 - 2015-05-24 23:32 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\CyberLink
2015-05-13 21:36 - 2015-05-13 21:38 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-05-13 21:36 - 2015-05-13 21:36 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\CyberLink
2015-05-13 21:36 - 2015-05-13 21:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-13 21:34 - 2015-05-24 23:29 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Local\CyberLink
2015-05-13 21:34 - 2015-05-13 21:34 - 00000000 ____D () C:\ProgramData\PDVD
2015-05-13 21:33 - 2015-05-24 23:27 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-05-13 21:33 - 2015-05-13 21:33 - 00000000 ____D () C:\ProgramData\install_clap
2015-05-13 21:32 - 2015-05-24 23:24 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-13 21:32 - 2015-05-13 21:32 - 01209192 _____ (CyberLink) C:\Users\Toshiba-laptop\Desktop\CyberLink_PowerDVD_Downloader.exe
2015-05-13 21:21 - 2015-05-13 21:21 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\sMedio
2015-05-13 21:21 - 2015-05-13 21:21 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\dvdcss
2015-05-12 22:23 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:23 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:35 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 18:35 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 18:35 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 18:34 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 18:34 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 18:34 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 18:34 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 18:34 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 18:34 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 18:34 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 18:34 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 18:34 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 18:34 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 18:34 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 18:34 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 18:34 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 18:34 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 18:34 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 18:34 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 18:34 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 18:34 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 18:34 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 18:34 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 18:34 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 18:34 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 18:34 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 18:34 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 18:34 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 18:34 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 18:34 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 18:34 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 18:34 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 18:34 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 18:34 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 18:34 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 18:34 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 18:34 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 18:34 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 18:34 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 18:34 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 18:34 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 18:34 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 18:34 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 18:34 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 18:34 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 18:34 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 18:34 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 18:34 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 18:34 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 18:34 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 18:34 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 18:34 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 18:34 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 18:34 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 18:34 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 18:34 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 18:34 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 18:34 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 18:34 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 18:34 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 18:34 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 18:34 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 18:34 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 18:34 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 18:34 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 18:34 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 18:34 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 18:34 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 18:34 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 18:34 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 18:34 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 18:34 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 18:34 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 18:34 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 18:34 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 18:34 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-10 16:13 - 2015-05-10 16:55 - 00008704 _____ () C:\Users\Toshiba-laptop\Desktop\CA expenditure & caseload.xls
2015-05-10 16:08 - 2015-05-10 16:08 - 01120249 _____ () C:\Users\Toshiba-laptop\Desktop\Outturn-and-forecast-Budget-2015.xlsx
2015-05-06 17:43 - 2015-05-06 17:46 - 00031744 _____ () C:\Users\Toshiba-laptop\Documents\150506 Bills joe.xls
2015-05-06 17:42 - 2015-05-06 17:42 - 00044544 _____ () C:\Users\Toshiba-laptop\Documents\150405 Bills joe DA.xls
2015-05-02 13:30 - 2015-05-15 22:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-02 13:30 - 2015-05-15 22:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-02 13:30 - 2015-05-12 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-30 19:56 - 2015-04-27 10:16 - 02142520 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 10:17 - 2015-04-02 00:35 - 01336022 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-30 10:05 - 2015-03-31 22:31 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\vlc
2015-05-30 10:04 - 2014-11-22 02:01 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-30 10:00 - 2015-04-02 08:13 - 00000000 ___DO () C:\Users\Toshiba-laptop\OneDrive
2015-05-30 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-30 09:59 - 2015-04-02 00:32 - 00000000 ____D () C:\Users\Toshiba-laptop
2015-05-30 09:59 - 2015-03-31 22:24 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 09:59 - 2013-08-22 15:46 - 00292266 _____ () C:\WINDOWS\setupact.log
2015-05-30 09:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-30 09:34 - 2015-03-31 22:24 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 05:05 - 2015-04-03 05:34 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EAC0E400-71B2-4028-B99A-104530FA0E22}
2015-05-30 05:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-30 04:59 - 2015-04-01 22:05 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\Spotify
2015-05-29 22:19 - 2015-04-04 12:39 - 00103729 _____ () C:\Users\Toshiba-laptop\Documents\tasks1.odt
2015-05-29 18:24 - 2015-04-01 22:05 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Local\Spotify
2015-05-25 21:42 - 2015-03-30 11:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-967705235-186355052-2569062438-1001
2015-05-25 21:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-25 19:35 - 2015-03-31 22:24 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 23:29 - 2012-11-28 00:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-24 23:25 - 2014-11-21 17:51 - 00039874 _____ () C:\WINDOWS\PFRO.log
2015-05-24 14:38 - 2015-04-03 06:10 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2015-05-23 11:16 - 2015-04-04 12:40 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\Budget
2015-05-22 15:30 - 2015-04-04 12:40 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\Pass
2015-05-21 20:20 - 2015-04-02 01:18 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-21 20:20 - 2015-04-02 01:18 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-21 20:20 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 11:03 - 2015-04-05 14:19 - 00032256 ___SH () C:\Users\Toshiba-laptop\Desktop\Thumbs.db
2015-05-16 11:29 - 2015-03-31 22:24 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 11:29 - 2015-03-31 22:24 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 22:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-15 22:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 22:05 - 2013-08-22 15:44 - 00362544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 22:05 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 21:33 - 2015-04-03 05:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-13 17:45 - 2015-04-03 05:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 22:23 - 2015-03-31 22:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 22:21 - 2015-03-31 22:35 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:20 - 2014-11-22 01:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-08 14:50 - 2015-04-19 18:42 - 00000000 ____D () C:\download
2015-05-08 05:09 - 2015-04-04 12:40 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\Batman
2015-05-05 18:59 - 2015-04-03 05:41 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2015-04-03 05:41 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-30 20:12 - 2015-04-03 05:50 - 00000000 ____D () C:\ProgramData\iolo
2015-04-30 19:56 - 2015-04-03 05:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-04-30 19:55 - 2015-04-03 05:51 - 00003118 _____ () C:\WINDOWS\System32\Tasks\iolo Process Governor
2015-04-30 19:55 - 2015-04-03 05:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-04-30 19:55 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-20 18:12

==================== End of log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Toshiba-laptop at 2015-05-30 10:19:13
Running from C:\Users\Toshiba-laptop\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-967705235-186355052-2569062438-500 - Administrator - Disabled)
Guest (S-1-5-21-967705235-186355052-2569062438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-967705235-186355052-2569062438-1005 - Limited - Enabled)
Toshiba-laptop (S-1-5-21-967705235-186355052-2569062438-1001 - Administrator - Enabled) => C:\Users\Toshiba-laptop

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Airfoil (HKLM-x32\...\Airfoil) (Version: 3.6.5 - Rogue Amoeba)
AMD Catalyst Install Manager (HKLM\...\{97F61E19-8AE5-28D8-1A79-EB1497596A43}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
f.lux (HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Flux) (Version:  - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.2 - iolo technologies, LLC)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{2EF76291-8647-46F0-89D8-0AA8B72A5420}) (Version: 12.0.00600 - Nero AG)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Rapport (x32 Version: 3.5.1412.158 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.158 - Trusteer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-05-2015 21:33:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-05-2015 11:10:14 Installed Rapport
18-05-2015 19:55:24 Installed Rapport
21-05-2015 20:20:13 Windows Update
28-05-2015 21:50:44 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {066E05F0-3CF3-4F06-AD56-B30BB3BD472F} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {13213E5E-D5F0-4CFC-BED2-76BDF8D39CF7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-03] (Avast Software s.r.o.)
Task: {20AEEA1B-D538-4391-9598-D85A7A6661ED} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-04-27] (iolo technologies, LLC)
Task: {2C270434-2A98-42B3-8838-4FB60568FDB7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {345839DF-928D-4948-9954-04E5681B6292} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {587FD855-94C2-49AE-8C50-0609183D0E44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {84C5D30E-18A1-4679-9212-22309FCE827B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {9672ABBF-8550-4CD0-ACD8-CD184AB072CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {AA7315B0-9A6D-409F-AA75-326C4F41556D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CB773349-7D8E-4225-AE5B-45D93F8A9FC3} - System32\Tasks\iolo DelOnReboot => cmd.exe /c del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {F0E6AE60-238F-473B-A18C-CF3BB81617D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {F34018F4-CF97-420B-BB2C-BDCCA7D2861E} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 20:13 - 2012-08-13 20:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2015-01-27 13:18 - 2015-01-27 13:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2015-04-03 05:59 - 2015-04-03 05:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-03 05:59 - 2015-04-03 05:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-30 09:42 - 2015-05-30 09:42 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053000\algo.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-05-25 19:35 - 2015-05-22 21:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 19:35 - 2015-05-22 21:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-04-03 05:59 - 2015-04-03 05:59 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-24 23:28 - 2015-03-30 10:09 - 00867592 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
2015-05-24 23:28 - 2013-12-10 12:31 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
2015-05-24 23:28 - 2013-12-10 12:31 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
2015-05-24 23:28 - 2013-12-10 12:31 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
2015-05-24 23:28 - 2013-12-10 12:31 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
2013-03-01 03:48 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Toshiba-laptop\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-967705235-186355052-2569062438-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Toshiba-laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C7A8CC79-C0A3-494F-850B-E3DB4796BD03}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3068C748-FC9E-4DEB-AAC7-4DA25CBA338E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4ADECCC7-EA69-4BC7-BB2D-BDD158E1489D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D00A890D-3F46-4399-802A-9917BAA7F4E9}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{F80B71E2-C261-4AE7-B522-A6F32C0948F3}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{CCF8394C-F32C-4AE6-B7DD-49F19C477DBE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{BF4D3990-89C2-4F46-9825-BD2701873E30}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{37A13F5A-0E0E-4558-A760-B53E6C107E52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7005B827-8EAD-443C-9F79-7AD969623E61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{926CFA85-1A94-484B-9A1B-CB89656E1038}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B8C1448C-7BBE-467C-8B1A-3D3DB3A4BCA3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{2E38FCB4-ADDD-4F31-BE4F-C8EF2A9BB283}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{511398FC-150D-45AA-AFFF-01BB71E89ADA}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{64853AFA-A82D-47FD-94F2-66BE65594EAB}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe
FirewallRules: [UDP Query User{49B89E46-3952-4934-B2BA-BB68BF2B50C1}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe
FirewallRules: [TCP Query User{AAC4C27E-37F0-4EA4-89AF-6427DDC4C90A}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FBFEF647-A782-467B-8698-50CE26219B5E}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [{61DB5DC8-B34A-45D0-8E45-BBB0D11112D4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{2C99AFE1-B1F2-4FE1-B6DE-234BF01B1438}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{066A0B2C-49B2-419A-9A0B-32B1F6C3FB47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{F832E625-D453-4AC3-9422-4A99931DE656}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{EFD63964-FBCC-433C-B88B-E9AE959A0099}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{2C49D439-8359-4D00-9D8C-5C9A2AF5D470}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

System errors:
=============
Error: (05/30/2015 09:59:32 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (05/30/2015 09:59:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:42:20 on ‎30/‎05/‎2015 was unexpected.

Error: (05/24/2015 00:11:27 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.6 with the system
having network hardware address 2C-54-CF-FE-73-5D. Network operations on this system may
be disrupted as a result.

Error: (05/20/2015 10:58:29 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74

Error: (05/19/2015 05:29:07 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74

Error: (05/18/2015 07:54:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (05/18/2015 05:51:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74

Error: (05/17/2015 06:35:48 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74

Error: (05/17/2015 00:39:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/17/2015 00:03:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Microsoft Office:
=========================
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16336.22 MB
Available physical RAM: 13702.59 MB
Total Pagefile: 18768.22 MB
Available Pagefile: 15937.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI31027000A) (Fixed) (Total:100.21 GB) (Free:38.86 GB) NTFS
Drive e: (TI31027000A) (Fixed) (Total:687.84 GB) (Free:531.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

Advertisements


#2
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient. ;)

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:
 

  • Please note that you should have Administrator rights to perform any fixes.
     
  • Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
     
  • Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
     
  • Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
     
  • Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
     
  • When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

First of all, I'm sorry for your wait, and I'll see what I can do to get you back up and running here. :D

 

While I review your logs and devise a plan for you, please answer these questions:

  1. When did the issues first start happening?
  2. What tools have you tried on the system already?
  3. So it looks like you were able to run FRST originally.  Are you still able to log into your desktop OK, even without the mouse?

Thanks for your patience!

 


  • 1

#3
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thanks for your reply.

1. Issues started occurring last Saturday, I presume from a website?
2. Tried to run avast antivirus before startup but it didn't find anything.
3. Yes I can log into windows, I just can't move the mouse cursor once I'm in. I assume the virus has done something to
my mouse driver?
  • 0

#4
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts
  • OK, it is your laptop's touchpad that stops working?
     
  • Do you have another mouse that you can try, like a USB one?
     
  • And what is your Toshiba laptop model #?
     
  • What can you tell me about these files?
    • Agents.of.SHIELD.S01E09_findvideo.biz.mp4
    • Agents.of.SHIELD.S01E08_findvideo.biz.mp4

  • 1

#5
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

1. Yes it's the laptop touchpad that stops working.

2. Yes I'll try a standard mouse and will get back to you.

3. I'm not at home at the moment, I'll send you the laptop model later today.

4. Those 2 files are video files as far as I'm aware.

 

Thanks.


  • 0

#6
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

I can easily delete those 2 files if you feel they may be a problem?


  • 0

#7
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

I can easily delete those 2 files if you feel they may be a problem?

 

I'm not saying there's a problem with them per se, but their timestamps are from around when you said you started having problems.

 

 

It is quite possible that your touchpad issue is not malware-related.  Please try this:

  • Look along your Function keys on the laptop keyboard (F1 through F12) for a key with the image of your touchpad on it.
  • Hold the keyboard Fn key down (typically next to the Windows key) and press the Function key you identified in the previous step (looks like it might be F9)
  • Try your touchpad again. 
  • You might also have a small button or switch near the touchpad to enable/disable it, but I don't have a Toshiba laptop, so I can't definitively say.  With the model number, we can look it up to be sure.

 

This touchpad enable/disable appears to normally be a per-user setting.  That may explain why it works until you log in (in which case the above should affect it).

 

Let me know your results and information later today when you can.  I'll look for your response as I continue to prepare cleanup steps for you.


  • 1

#8
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello joecool90,

In addition to the touchpad steps in my last post, we are going to uninstall your version of Chrome for now, and run some tools. You reported that Internet Explorer works fine, so we'll use that to download any needed files. I'll tell you when we can reinstall Chrome. :)

Let me know about your touchpad and if the Fn + Function key shortcut works for you, else we may end up reinstalling your Touchpad drivers.

There are several steps here, so if you get stuck or have any questions, please stop and ask.

Are you ready? :)


First
Programs uninstall

Go to Control Panel > Programs and Features, and uninstall the following programs. If you aren't sure how to get there, see this link.

  • Bonjour (if it is not used, as it's causing system errors)
  • Google Chrome (Agree to remove user data and settings. Don't worry, we will reinstall after cleaning up.)
  • iolo technologies' System Mechanic (dodgy reputation)

Second
Run a FRST Fix


  • Download the attached fixlist.txt file and save it to the Desktop.

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Third
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

  • Shut down your protection software now to avoid potential conflicts. See here for more information.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Fourth
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • FRST log
  • JRT log
  • AdwCleaner Scan log

And tell me:

  • If you were able to turn your touchpad back on with the Fn + Function key, and
  • How the system is running. :)

  • 1

#9
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

And here is the missing file that you'll need for step 2: Attached File  fixlist.txt   2.67KB   162 downloads


  • 1

#10
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Please see as directed. Also a few other things:

 

- Toshiba L855-149.

- Just pressing F5 got the mouse control back thanks.

- Would you not recommend System Mechanic? Is there any similar software you'd recommend to keep my laptop running smooth?

- After this is all fixed, is there anything else I should install to prevent Interpol or suchlike virus from getting on my system?

- System seems to be running ok.

 

Thanks!

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Toshiba-laptop at 2015-06-03 19:29:24 Run:1
Running from C:\Users\Toshiba-laptop\Desktop
Loaded Profiles: Toshiba-laptop (Available Profiles: Toshiba-laptop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4521272 2015-04-27] (iolo technologies, LLC)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [GoogleChromeAutoLaunch_A20EA583DEF46BFA013087ED20694C35] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
AppInit_DLLs-x32: AirfoilInjector_3_7.dll => "AirfoilInjector_3_7.dll" File not found
SearchScopes: HKU\S-1-5-21-967705235-186355052-2569062438-1001 -> DefaultScope {B2D96509-5650-4F69-AE4B-05D226BF4373} URL =
SearchScopes: HKU\S-1-5-21-967705235-186355052-2569062438-1001 -> {B2D96509-5650-4F69-AE4B-05D226BF4373} URL =
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4676408 2015-04-27] (iolo technologies, LLC)
2015-04-30 19:56 - 2015-04-27 10:16 - 02142520 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll
2015-04-30 20:12 - 2015-04-03 05:50 - 00000000 ____D () C:\ProgramData\iolo
2015-04-30 19:56 - 2015-04-03 05:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-04-30 19:55 - 2015-04-03 05:51 - 00003118 _____ () C:\WINDOWS\System32\Tasks\iolo Process Governor
2015-04-30 19:55 - 2015-04-03 05:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
Task: {20AEEA1B-D538-4391-9598-D85A7A6661ED} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-04-27] (iolo technologies, LLC)
Task: {CB773349-7D8E-4225-AE5B-45D93F8A9FC3} - System32\Tasks\iolo DelOnReboot => cmd.exe /c del /f C:\ProgramData\iolo\ops\smrr.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
FirewallRules: [{C7A8CC79-C0A3-494F-850B-E3DB4796BD03}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3068C748-FC9E-4DEB-AAC7-4DA25CBA338E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4ADECCC7-EA69-4BC7-BB2D-BDD158E1489D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************

Restore point was successfully created.
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe => No running process found
C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe => No running process found
C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iolo Startup => value not found.
HKU\S-1-5-21-967705235-186355052-2569062438-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A20EA583DEF46BFA013087ED20694C35 => value not found.
"AirfoilInjector_3_7.dll" => value data Removed successfully.
HKU\S-1-5-21-967705235-186355052-2569062438-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKU\S-1-5-21-967705235-186355052-2569062438-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2D96509-5650-4F69-AE4B-05D226BF4373}" => key Removed successfully
HKCR\CLSID\{B2D96509-5650-4F69-AE4B-05D226BF4373} => key not found.
ioloSystemService => Service not found.
"C:\WINDOWS\system32\Incinerator64.dll" => File/Folder not found.
"C:\ProgramData\iolo" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic" => File/Folder not found.
"C:\WINDOWS\System32\Tasks\iolo Process Governor" => File/Folder not found.
"C:\ProgramData\ioloGovernor" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20AEEA1B-D538-4391-9598-D85A7A6661ED} => key not found.
C:\Windows\System32\Tasks\iolo Process Governor not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo Process Governor => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB773349-7D8E-4225-AE5B-45D93F8A9FC3} => key not found.
C:\Windows\System32\Tasks\iolo DelOnReboot not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo DelOnReboot => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7A8CC79-C0A3-494F-850B-E3DB4796BD03} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3068C748-FC9E-4DEB-AAC7-4DA25CBA338E} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ADECCC7-EA69-4BC7-BB2D-BDD158E1489D} => value Removed successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-967705235-186355052-2569062438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-967705235-186355052-2569062438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully

========= End of RemoveProxy: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {B3E2CE33-A314-4344-8588-BDC38A05B166}.
Unable to cancel {A4225650-CAE7-4E4C-B566-2FF3674511DA}.
Unable to cancel {A44819F7-46D3-4111-B70E-3B27DD6E8F2A}.
Unable to cancel {93E41488-2397-41A9-9952-A3ED16F4F661}.
Unable to cancel {B9151F9A-9927-48ED-A817-28A80914970C}.
Unable to cancel {32BB4AFD-62DD-4228-8FB2-01548C2EB80C}.
Unable to cancel {244DE58B-981E-44D2-AE8C-F7D712CDC68D}.
Unable to cancel {E0FAA84D-4C70-4A20-8766-C3CBA067C571}.
{59338860-7C61-4D20-9B48-D6C60E91BB02} canceled.
1 out of 9 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 735 MB temporary data.

The system needed a reboot.

==== End of Fixlog 19:29:49 ====

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 8.1 x64
Ran by Toshiba-laptop on 03/06/2015 at 19:34:49.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\users\public\desktop\ebay.lnk

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/06/2015 at 19:37:47.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

# AdwCleaner v4.206 - Logfile created 03/06/2015 at 19:45:45
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Toshiba-laptop - TOSHIBA
# Running from : C:\Users\Toshiba-laptop\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Toshiba-laptop\AppData\Roaming\DesktopIconForAmazon
Folder Found : C:\Users\Toshiba-laptop\Documents\hosts

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\OCS
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [850 bytes] - [03/06/2015 19:45:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [908 bytes] ##########


  • 0

Advertisements


#11
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Please see as directed. Also a few other things:
 
- Toshiba L855-149.
- Just pressing F5 got the mouse control back thanks.

Thank you, and Great news! :thumbsup:
 

- Would you not recommend System Mechanic? Is there any similar software you'd recommend to keep my laptop running smooth?

iolo has a poor reputation and has even been caught stealing from Malwarebytes. A program like CCleaner or similar could be used to help identify programs to uninstall to free up space, orphaned shortcuts, etc. The most important thing is not to allow automatic registry changes that can harm or damage your computer, potentially rendering it unbootable.
 

- After this is all fixed, is there anything else I should install to prevent Interpol or suchlike virus from getting on my system?

Sure, I'll provide some detailed information on protecting yourself and your system at the end of our journey here. But please dont' make any system changes until I tell you your system is all clean! ;)
 

- System seems to be running ok.

More great news!
 

 

Questions for you:

  1. AdwCleaner has flagged this folder for deletion: C:\Users\Toshiba-laptop\Documents\hosts  It's not clear why to me, as I can't see the contents, but Adw rarely flags anything that is legitimate. 
    1. Did you create this?
    2. What can you tell me about it?
    3. Do you care if it gets deleted?
       

Please let me know and hang tight for further steps.  :)


  • 1

#12
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Thanks for your detailed replies.

 

The hosts folder is just where I last stored the MVPS Hosts file, used to block ads. This is recommended by your site:

 

http://www.geekstogo...he-first-place/

 

Should I still use this?

 

Looking forward to your last steps and getting my laptop back to normal!


  • 0

#13
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Thanks for your detailed replies.

You are welcome.   Thanks for carefully following my detailed instructions! :)
 

The hosts folder is just where I last stored the MVPS Hosts file, used to block ads. This is recommended by your site:
 
http://www.geekstogo...he-first-place/
 
Should I still use this?

Nice! :thumbsup:  You can use it.  You have Avast!, which shouldn't automatically reset the hosts file on you.  If you were to switch to using Windows Defender instead, the hosts file would get reset unless you created an exception for this. :geek:
 

Moving on...

 

Lets fix the AdwCleaner items, and get a malware and an online virus scan for another opinion.  Again, if you have any problems, please stop and let me know.  :)
 
 
First
Run AdwCleaner

  • Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
  • Uncheck your C:\Users\Toshiba-laptop\Documents\hosts folder in the Folders tab.
  • Click the Cleaning button.
    AdwCleaner_Clean_zpsmn8bl7wa.png
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Second
Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application.  (x.x.x.xxxx represents the current version number).
  • If prompted to uninstall a previous version, please do so.
  • During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish.  You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it should download and install the latest updates automatically:
    MBAM_Dash_zpsd9c2j7gn.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM_ScanSettings_zpsobmtmm4g.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM_Dash_zpsd9c2j7gn.png
  • The scan may take some time to finish,so please be patient.
    MBAM_Scanning_zps7ytxgci2.png
  • When the scan is complete, it will show you the results:
    MBAM_Remove_zpszsjiczt4.png
  • Make sure that everything is checked, and click Remove Selected (or similar).
  • When disinfection is completed, a log may open in Notepad and you may be prompted to Restart.  (See Extra Note below)
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
  • Choose the latest Scan Log:
    MBAM_ScanLog_zpslkvxr7dk.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
    MBAM_ExportLog_zpswbzi1y40.png
  • Copy & Paste the entire contents of the report log in your next reply.

Third
Please run a free online scan with the ESET Online Scanner:

Important: You must use Internet Explorer and also disable your Anti-Virus scanner for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to Yes, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications.
  • Select Advanced Settings:
    ESET2_zpsc701c045.png
  • Check the option Enable Anti-Stealth technology, but make sure that Remove found threats is unchecked!
  • Click Start. (This scan can take several hours, so please be patient.)
  • Allow the program to update:
    ESETupdate_zps36feabec.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Important: Make sure that the Uninstall application on close and Delete quarantined files checkboxes are both unchecked !

    Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)
  • Copy and paste that log as a reply to this topic.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • AdwCleaner log
  • MBAM log
  • ESET log

And tell me how the system is running. :)


  • 1

#14
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

As requested. Only ESET Online scanner found 1 virus, the other two came up with nothing I think.

 

# AdwCleaner v4.206 - Logfile created 04/06/2015 at 20:10:03

# Updated 01/06/2015 by Xplode

# Database : 2015-06-01.1 [Server]

# Operating system : Windows 8.1 (x64)

# Username : Toshiba-laptop - TOSHIBA

# Running from : C:\Users\Toshiba-laptop\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Toshiba-laptop\AppData\Roaming\DesktopIconForAmazon

[x] Not Deleted : C:\Users\Toshiba-laptop\Documents\hosts

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\OCS

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

*************************

 

AdwCleaner[R0].txt - [994 bytes] - [03/06/2015 19:45:45]

AdwCleaner[R1].txt - [1053 bytes] - [04/06/2015 20:08:13]

AdwCleaner[S0].txt - [948 bytes] - [04/06/2015 20:10:03]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1006 bytes] ##########

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/06/2015
Scan Time: 20:14:50
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.04.04
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Toshiba-laptop

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349018
Time Elapsed: 7 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

ESET:

 

C:\Users\Toshiba-laptop\Downloads\vlc-media-player-64-bit-.exe a variant of Win32/DownloadSponsor.C potentially unwanted application
 


  • 0

#15
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

And system seems to be running ok.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP