Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus doesn't wanna start! [Solved]


  • This topic is locked This topic is locked

#1
Nele_90

Nele_90

    Member

  • Member
  • PipPip
  • 19 posts

Hi! I need help!

My antivirus nor my malware doesn't wanna start! I have a virus and I don't know how to fix it.

I have Win7 Home Premium x64 with Microsoft Security Essentials and Malwarebytes Anti-Maleware.

 

Thank you in advance!


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi first I will need to take a look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Nele (administrator) on NELE-TOSHIBA on 25-06-2015 16:53:47
Running from C:\Users\Nele\Desktop
Loaded Profiles: Nele (Available Profiles: Nele)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) D:\DAEMON Tools\DAEMON Tools Lite\DTLite.exe
(Akamai Technologies, Inc.) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-03-25] (MyHeritage)
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2815192 2010-05-06] (ALWIL Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Google Update] => "C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [iLivid] => "C:\Users\Nele\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Dropbox Update] => C:\Users\Nele\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {0a94210f-9d4a-11e2-b948-00266c66fe20} - H:\AutoRun.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {4b88909a-f603-11df-a4cb-0026b6ff7b83} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {a39c4005-bd00-11df-aa9a-00266c66fe20} - F:\Setup.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b97300f0-f657-11e3-8d14-00266c66fe20} - H:\AutoRun.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b97300fd-f657-11e3-8d14-00266c66fe20} - H:\AutoRun.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b9730109-f657-11e3-8d14-00266c66fe20} - I:\AutoRun.exe
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File not found
AppInit_DLLs:  c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File not found
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010-09-16]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-23]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-23]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2010-12-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2015-06-13]
ShortcutTarget: v.lnk -> C:\Users\Nele\AppData\Roaming\obiykymgmv.exe ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-01-13] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7078A3BF-BF66-4D05-9076-1D5292D7B64D} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {35989FEC-2CFA-40D8-8B67-20772A75C489} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {35989FEC-2CFA-40D8-8B67-20772A75C489} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> DefaultScope {8C836276-BBAB-450B-8CC7-A6C014DC2E1E} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {35989FEC-2CFA-40D8-8B67-20772A75C489} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {7078A3BF-BF66-4D05-9076-1D5292D7B64D} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {8C836276-BBAB-450B-8CC7-A6C014DC2E1E} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {AEFB8FD2-ADF4-4DC8-A24E-730C71DAD4DD} URL = http://www.amazon.co...ed&linkCode=ur2
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {F32093E8-6444-45D5-AE3D-182B4062554A} URL = http://rover.ebay.co...e={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2010-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2010-05-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @autodesk.com/DWF -> C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll [2011-01-24] (Autodesk)
FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-12-18]
 
Chrome: 
=======
CHR Profile: C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Floorplanner) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2013-12-09]
CHR Extension: (Learn French - Très Bien) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2013-12-09]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-12-09]
CHR Extension: (Search Papoy) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg [2013-10-05]
CHR Extension: (Intelligence Quiz) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddnmcopphcfjagpabphnpdnoemoapgo [2013-12-09]
CHR Extension: (Ancient Map) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2014-09-11]
CHR Extension: (Crazy4Jigsaws) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgliemokfgimmfodoeboneoibjklncc [2013-12-09]
CHR Extension: (Kingdom Rush Frontiers) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfibdjbnmndigbklnlllakjbjheiopj [2014-01-26]
CHR Extension: (AdBlock) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-18]
CHR Extension: (Sniper Team) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2013-09-26]
CHR Extension: (Quotes Book) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfjeadhjbcepmknoanimdbemlobmlpe [2013-12-09]
CHR Extension: (Roomstyler 3D planner) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2013-12-09]
CHR Extension: (Autodesk Homestyler) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-12-09]
CHR Extension: (Cargo Bridge) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2013-10-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Webcam Toy) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-09-27]
CHR Extension: (Sketchpad) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2013-12-09]
CHR Extension: (Floor plans and interior design) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-09-27]
CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Meaning of Names) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nninaahoaamcnfhioafhfnaaegmkfmed [2013-12-09]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2014-09-11]
CHR Extension: (Russian LinguaLift) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbeokliillhaggplnppjdanhbajfcej [2013-12-09]
CHR Extension: (BMI Calculator) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbapipcgadndjlpokbcmgohpjpgkbodo [2013-12-09]
CHR Extension: (Cargo Bridge 2) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmphjijgcdpmmnfjbemolkdiidinogml [2013-10-09]
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://www.istartsur...EFVXXXX5VE7AEFV
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-05-06] (ALWIL Software)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]
S2 AcronisOSSReinstallSvc; "C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [X]
S2 mi-raysat_3dsmax2011_64; "D:\Autodesk 3ds Max\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22096 2010-05-06] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [63568 2010-05-06] (ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-05-06] (ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-05-06] (ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-05-06] (ALWIL Software)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-07] (Duplex Secure Ltd.)
U3 ai324rcr; C:\Windows\System32\Drivers\ai324rcr.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 SASDIFSV; \??\C:\Users\Nele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Nele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-02-28 13:53 - 5131-02-28 13:55 - 00000280 _____ C:\Users\Nele\Documents\acad.err
2015-06-25 16:53 - 2015-06-25 16:54 - 00037511 _____ C:\Users\Nele\Desktop\FRST.txt
2015-06-25 16:53 - 2015-06-25 16:53 - 00000000 ____D C:\FRST
2015-06-25 16:52 - 2015-06-25 16:52 - 02112512 _____ (Farbar) C:\Users\Nele\Desktop\FRST64.exe
2015-06-25 13:50 - 2015-06-25 13:50 - 01415680 _____ (wj32) C:\Program Files\JKLMNOM1.exe
2015-06-25 13:05 - 2015-06-25 13:07 - 00000000 ____D C:\AdwCleaner
2015-06-25 11:57 - 2015-06-25 12:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-25 11:57 - 2015-06-25 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-25 11:34 - 2015-06-25 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
2015-06-25 11:34 - 2010-05-06 22:59 - 00165032 _____ (ALWIL Software) C:\Windows\SysWOW64\aswBoot.exe
2015-06-25 11:34 - 2010-05-06 22:59 - 00038848 _____ (ALWIL Software) C:\Windows\SysWOW64\avastSS.scr
2015-06-25 11:34 - 2010-05-06 22:39 - 00121936 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswSP.sys
2015-06-25 11:34 - 2010-05-06 22:39 - 00051280 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-06-25 11:34 - 2010-05-06 22:34 - 00063568 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-25 11:34 - 2010-05-06 22:34 - 00028752 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-06-25 11:34 - 2010-05-06 22:33 - 00022096 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2015-06-25 11:15 - 2015-06-25 11:15 - 01415680 _____ (wj32) C:\Program Files\YZ01238K.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 01415680 _____ (wj32) C:\Program Files\9N1JXBZF.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 01415680 _____ (wj32) C:\Program Files\MKUY23KC.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 01415680 _____ (wj32) C:\Program Files\048CGKXW.exe
2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\Users\Nele\AppData\Roaming\SUPERAntiSpyware.com
2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-06-24 22:46 - 2015-06-25 11:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-24 22:46 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-24 22:46 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-24 00:31 - 2015-06-24 00:31 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-23 10:12 - 2015-06-23 10:12 - 01415680 _____ (wj32) C:\Program Files\8M0ESAO4.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\Z7RP97AF.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\WW4008SS.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\M2AIA2II.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\KOH6ZK9H.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\DDHHHH1X.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\CKKSYMS2.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\AZD2UMLZ.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\3WKJTIM0.exe
2015-06-22 12:15 - 2015-06-22 12:15 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-22 12:14 - 2015-06-22 12:14 - 00003886 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA
2015-06-22 12:13 - 2015-06-25 16:18 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job
2015-06-22 12:13 - 2015-06-25 12:18 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job
2015-06-22 12:13 - 2015-06-22 12:13 - 00003490 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core
2015-06-22 12:13 - 2015-06-22 12:13 - 00000000 ____D C:\Users\Nele\AppData\Local\Dropbox
2015-06-22 12:13 - 2015-06-22 12:13 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-13 13:51 - 2015-06-13 13:51 - 86781952 __RSH C:\Users\Nele\AppData\Roaming\obiykymgmv.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-25 16:51 - 2010-09-08 10:05 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E5ADB49E-A812-4FCB-BDC1-A2275DC1A6AD}
2015-06-25 16:48 - 2010-10-30 11:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-25 16:38 - 2013-06-01 16:06 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job
2015-06-25 16:31 - 2012-12-18 17:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-25 14:48 - 2014-06-25 21:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf90ad789c0738.job
2015-06-25 14:15 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-25 14:15 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-25 13:53 - 2010-12-08 01:36 - 00000000 ___RD C:\Users\Nele\Documents\My Dropbox
2015-06-25 13:53 - 2010-12-08 01:34 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Dropbox
2015-06-25 13:53 - 2010-05-22 19:38 - 01085709 _____ C:\Windows\WindowsUpdate.log
2015-06-25 13:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-25 13:49 - 2009-07-14 06:51 - 00533515 _____ C:\Windows\setupact.log
2015-06-25 13:42 - 2010-09-11 02:45 - 00000000 ____D C:\Windows\Minidump
2015-06-25 11:45 - 2009-07-14 07:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-25 11:34 - 2010-09-08 11:09 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2015-06-25 11:08 - 2010-09-08 11:20 - 00783492 _____ C:\Windows\PFRO.log
2015-06-24 22:10 - 2014-06-02 14:37 - 00000000 ____D C:\The KMPlayer
2015-06-24 20:00 - 2010-09-08 10:25 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Skype
2015-06-24 19:40 - 2015-05-08 00:31 - 00000445 _____ C:\Users\Nele\Desktop\www.txt
2015-06-24 18:38 - 2013-06-01 16:06 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job
2015-06-24 00:31 - 2012-12-18 17:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 00:31 - 2012-06-09 10:56 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 00:31 - 2011-09-22 14:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 12:14 - 2010-04-23 08:04 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2015-06-25 11:09 - 2015-06-25 11:09 - 1415680 _____ (wj32) C:\Program Files\048CGKXW.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\3WKJTIM0.exe
2010-01-02 00:01 - 2010-01-02 00:01 - 1415680 _____ (wj32) C:\Program Files\6AEIMKUE.exe
2015-06-23 10:12 - 2015-06-23 10:12 - 1415680 _____ (wj32) C:\Program Files\8M0ESAO4.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 1415680 _____ (wj32) C:\Program Files\9N1JXBZF.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\AZD2UMLZ.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\CKKSYMS2.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\DDHHHH1X.exe
2010-01-02 00:03 - 2010-01-02 00:03 - 1415680 _____ (wj32) C:\Program Files\E86G4824.exe
2010-01-02 00:03 - 2010-01-02 00:03 - 1415680 _____ (wj32) C:\Program Files\G7TUGC52.exe
2015-06-25 13:50 - 2015-06-25 13:50 - 1415680 _____ (wj32) C:\Program Files\JKLMNOM1.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\KOH6ZK9H.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\M2AIA2II.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 1415680 _____ (wj32) C:\Program Files\MKUY23KC.exe
2015-05-01 23:03 - 2015-05-01 23:03 - 1415680 _____ (wj32) C:\Program Files\MY6CIKEI.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\WW4008SS.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 1415680 _____ (wj32) C:\Program Files\YZ01238K.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\Z7RP97AF.exe
2012-11-03 03:02 - 2012-11-03 03:02 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-10-05 17:32 - 2013-10-05 21:31 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-12-23 21:35 - 2010-12-23 22:11 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2010-12-23 21:36 - 2014-10-21 14:48 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-06-13 13:51 - 2015-06-13 13:51 - 86781952 __RSH () C:\Users\Nele\AppData\Roaming\obiykymgmv.exe
2012-02-06 02:16 - 2012-02-06 02:16 - 0001456 _____ () C:\Users\Nele\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-09-11 11:33 - 2013-04-09 13:31 - 0004608 _____ () C:\Users\Nele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-03 16:26 - 2011-06-03 16:26 - 0000000 _____ () C:\Users\Nele\AppData\Local\{3592846F-A0DA-4DBE-AB3C-11CD07981BA6}
2010-10-08 20:57 - 2010-10-27 16:57 - 0000088 __RSH () C:\ProgramData\803487E580.sys
2010-09-08 10:26 - 2010-09-08 10:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-08 20:57 - 2010-10-27 16:57 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\Nele\AppData\Local\Temp\cdo1504534688.dll
C:\Users\Nele\AppData\Local\Temp\cdo1704796938.dll
C:\Users\Nele\AppData\Local\Temp\cdo2674234398.dll
C:\Users\Nele\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplr10ck.dll
C:\Users\Nele\AppData\Local\Temp\Quarantine.exe
C:\Users\Nele\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 21:23
 
==================== End of log ============================

  • 0

#4
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Nele at 2015-06-25 16:55:36
Running from C:\Users\Nele\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3458131516-997301713-3897728758-500 - Administrator - Disabled)
Guest (S-1-5-21-3458131516-997301713-3897728758-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3458131516-997301713-3897728758-1002 - Limited - Enabled)
Nele (S-1-5-21-3458131516-997301713-3897728758-1000 - Administrator - Enabled) => C:\Users\Nele
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Actualizare Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0418-0000-0000000FF1CE}_OMUI.ro-ro_{6195740F-0C89-4CDD-ACAD-67CCE1495348}) (Version:  - Microsoft)
Actualizare Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0418-0000-0000000FF1CE}_OMUI.ro-ro_{E78703E2-69D3-4204-B101-9D8B7B72585C}) (Version:  - Microsoft)
Actualizare Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0418-0000-0000000FF1CE}_OMUI.ro-ro_{1531AE8C-8271-4A8C-9ABA-86AE70B0DA82}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{B5896016-3143-B94F-585D-DF75DAF1D879}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
Autodesk 3ds Max 2011 64-bit (HKLM\...\{39BFB02A-9692-0409-A808-3F5C7B1F8953}) (Version: 13.0 - Autodesk)
Autodesk 3ds Max 2011 64-bit Components (HKLM\...\{7563F495-80F5-0409-A514-747C66C22449}) (Version: 13.0 - Autodesk)
Autodesk Backburner 2008.1 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1.1 - Autodesk, Inc.)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM-x32\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit (HKLM\...\Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Architecture 2013 (HKLM\...\Autodesk Revit Architecture 2013) (Version: 12.02.21203 - Autodesk)
avast! Free Antivirus (HKLM-x32\...\avast5) (Version: 5.0.545.0 - Alwil Software)
Ažuriranje za Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041A-0000-0000000FF1CE}_OMUI.hr-hr_{BAEF930D-2299-4291-A776-76180A3A62E2}) (Version:  - Microsoft)
Ažuriranje za Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041A-0000-0000000FF1CE}_OMUI.hr-hr_{AF2BE5BC-7CDA-4D93-BC81-B318E4729D7A}) (Version:  - Microsoft)
Ažuriranje za Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041A-0000-0000000FF1CE}_OMUI.hr-hr_{CB1B45DE-6AAE-46FB-9FFE-B5F4F7029605}) (Version:  - Microsoft)
BearShare (HKLM-x32\...\BearShare) (Version: 10.0.0.122124 - Musiclab, LLC)
BearShare (x32 Version: 10.0.0.122124 - Musiclab, LLC) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - )
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Composite 2011 (64-bit) (HKLM\...\{DBF6B4E9-CD43-476A-895D-4D688D41CE63}) (Version: 6.0.0 - Autodesk)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{5D3DAABF-723A-44FB-9408-6AB8887DD056}) (Version: 15.2.0.661 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.661 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.661 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.2 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
EASEUS Partition Master 9.1.0 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
EasyBits GO (HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Game Organizer) (Version:  - EasyBits Media)
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version:  - FARO Technologies)
FontLab Studio 5 (HKLM-x32\...\{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}) (Version: 5.0 - FontLab)
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp Pro 8 (HKLM-x32\...\{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grasshopper (HKLM-x32\...\Grasshopper) (Version:  - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Ispravka za Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-081A-0000-0000000FF1CE}_OMUI.sr-latn-cs_{F036F214-49FE-4FA9-99F8-3F14C63BCE37}) (Version:  - Microsoft)
Ispravka za Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-081A-0000-0000000FF1CE}_OMUI.sr-latn-cs_{CBFCDB86-805D-4DCE-8FE6-3A8960FAB1B1}) (Version:  - Microsoft)
Ispravka za Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-081A-0000-0000000FF1CE}_OMUI.sr-latn-cs_{4716D793-AAF5-424A-A6C4-BBE31C6C4EF3}) (Version:  - Microsoft)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LIMBO (HKLM-x32\...\LIMBO) (Version:  - )
Lumion 3.0.1 (HKLM\...\Lumion 3.0.1_is1) (Version: 3.0.1 - Act-3D B.V.)
Machinarium (HKLM-x32\...\Machinarium) (Version: 11.10.09 - Amanita Design, s.r.o.)
MagniPic (HKLM\...\{25A360EF-F206-4BF9-A912-BA24FE404219}) (Version: 1.0 - ) <==== ATTENTION
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0418-0000-0000000FF1CE}_OMUI.ro-ro_{13618660-2F11-4E8E-AD45-19D97C3FCF2B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-041A-0000-0000000FF1CE}_OMUI.hr-hr_{B53B3C2C-8D03-49E4-90E4-AF6C87F33584}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0424-0000-0000000FF1CE}_OMUI.sl-si_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-081A-0000-0000000FF1CE}_OMUI.sr-latn-cs_{3D48B377-5CD9-4C3D-9F07-77A104DE59CD}) (Version:  - Microsoft)
Microsoft Office Language Pack 2007 - Croatian/Hrvatski (HKLM-x32\...\OMUI.hr-hr) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Romanian/Română (HKLM-x32\...\OMUI.ro-ro) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Serbian/srpski (HKLM-x32\...\OMUI.sr-latn-cs) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Slovenian/slovenščina (HKLM-x32\...\OMUI.sl-si) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7137 - MyHeritage.com)
Nero 9 Essentials (HKLM-x32\...\{c987ee42-c48d-4fdc-a355-734c033a5a66}) (Version:  - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.25002 - Nero AG)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
PhotoRazor (HKLM-x32\...\PhotoRazor) (Version:  - )
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.51 - NCH Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Posodobitev za Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0424-0000-0000000FF1CE}_OMUI.sl-si_{FD705E62-13B4-4BF5-A4B2-A7599309751B}) (Version:  - Microsoft)
Posodobitev za Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0424-0000-0000000FF1CE}_OMUI.sl-si_{045DC059-1CCC-47B9-BA35-713E269D33B8}) (Version:  - Microsoft)
Posodobitev za Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0424-0000-0000000FF1CE}_OMUI.sl-si_{AD1C31E7-4856-4887-9307-1ABDE0F2DF7C}) (Version:  - Microsoft)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.13 - NCH Software)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Revit Architecture 2013 (Version: 12.02.21203 - Autodesk) Hidden
Revit Architecture 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
Rhino RDK (HKLM-x32\...\Rhino RDK) (Version:  - )
Rhinoceros 4.0 (HKLM-x32\...\{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}) (Version: 4.0.20118 - McNeel & Associates)
Rhinoceros 4.0 SR8 (HKLM-x32\...\{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}) (Version: 4.0.50401 - Robert McNeel & Associates)
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shaun White Skateboarding (HKLM-x32\...\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}) (Version: 1.0 - Ubisoft)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.124 - PandoraTV)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}) (Version: 8.0.29 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Vegas Pro 11.0 (64-bit) (HKLM\...\{43EBA222-8DF7-11E1-862B-F04DA23A5C58}) (Version: 11.0.683 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.54 - NCH Software)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
V-Ray for 3dsmax 2011 for x64 (HKLM\...\V-Ray for 3dsmax 2011 for x64) (Version: 1.50.SP5 - Chaos Software Ltd)
V-Ray for Rhinoceros (x32 Version: 01.05.29 - ASGvis, LLC) Hidden
V-Ray for SketchUp (HKLM-x32\...\V-Ray for SketchUp 1.48.93) (Version: 1.48.93 - ASGVIS)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.90 - NCH Software)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Wincore MediaBar (HKLM-x32\...\Wincore MediaBar) (Version: 3.0.0.122068 - Musiclab, LLC) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{083C82AE-568E-45dd-A92C-01422CA45760}\InprocServer32 -> D:\Autodesk Revit 2013\Revit Architecture 2013\Program\APIContext.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> D:\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> D:\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3458131516-997301713-3897728758-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2011-12-18 21:37 - 00000611 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       activate.adobe.com
127.0.0.1       activate.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       hl2rcv.adobe.com
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03FBFA93-9570-4497-868F-5E0801245C07} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {0D02FFE9-83F9-4CFE-B01B-405E7C486D1F} - System32\Tasks\{B863F040-19C3-45D2-B3D9-FB88D481DB97} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {1107042F-6ADD-45E5-989C-98C06267D560} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {11CEE003-EE1F-4506-A928-9C48DF5ADE50} - System32\Tasks\{9C0C9E15-C2F8-41A7-8179-F5050CB98A46} => Chrome.exe http://ui.skype.com/...defaultbrowser2
Task: {190F6B7A-AB3E-409D-AEC1-0D886D858E95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
Task: {268E899A-944C-45F6-A870-1CBE8E839754} - System32\Tasks\GoogleUpdateTaskMachineCore1cf90ad789c0738 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
Task: {4B484F1D-F0C8-4F4F-9B25-5EE9B3A4CD14} - System32\Tasks\AdobeAAMUpdater-1.0-Nele-TOSHIBA-Nele => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {4D4CCEC4-FAA6-4982-A061-1409739099C9} - \EPUpdater No Task File <==== ATTENTION
Task: {69E345CD-2D7D-4C44-98D4-6739F924EEAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA => C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {70C418FE-ED5F-4E44-9E53-14FBAB1D17C8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core => C:\Users\Nele\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {A229E249-061B-4D7C-A92F-7DB02650C1CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core => C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A59F67F3-C23C-4A6A-A83D-97E5C68A0AAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
Task: {BB91C823-4B0C-416F-8205-DF9A5F55FC17} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA => C:\Users\Nele\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {C30E193D-51C4-4CAD-8C1C-E362951F7DF3} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {C61E43E8-34FB-4F98-ADEE-F84A4E5B4F4D} - System32\Tasks\{A8EAE3A9-853A-43AA-AA6B-8E55CD69F7F1} => pcalua.exe -a D:\INSTAL\DAEMONToolsNet4360310-0089.exe -d D:\INSTAL
Task: {DD466044-6DC8-468C-AD1F-0156EB6CE18C} - System32\Tasks\{8DC9882A-DCB2-49C4-994D-6ED61F36DD4C} => Chrome.exe http://ui.skype.com/...defaultbrowser2
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job => C:\Users\Nele\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job => C:\Users\Nele\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf90ad789c0738.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job => C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job => C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-09-16 20:08 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-04-23 07:43 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-13 10:00 - 2009-10-13 10:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-22 19:44 - 2010-05-22 19:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-06-25 13:51 - 2015-06-25 13:51 - 00043008 _____ () c:\users\nele\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplr10ck.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Nele\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Nele\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Nele\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Nele\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-06-22 12:15 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Nele\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Nele\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-22 12:15 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Nele\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-22 22:50 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 22:50 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{15D52189-2664-4A61-AA50-8798BD6B2ED5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{19AA88C2-41B4-4347-AE4B-3076C3F22D3B}] => (Allow) svchost.exe
FirewallRules: [{11C42AB3-65A6-4D17-A045-80ECBF29B931}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{6BB46646-B8FC-4201-83C2-EDE706489C7D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39B6E4AB-4D92-4FE2-A67D-AA489D0DDD00}] => (Allow) LPort=2869
FirewallRules: [{5AF7E24D-B2E9-45D7-90B9-5F2E558EF467}] => (Allow) LPort=1900
FirewallRules: [{801AB420-7256-4E40-B956-27950ED3B422}] => (Allow) D:\Autodesk 3ds Max\Backburner\monitor.exe
FirewallRules: [{078F7449-0C40-45C5-854E-E5011EE9CD3E}] => (Allow) D:\Autodesk 3ds Max\Backburner\monitor.exe
FirewallRules: [{AFBBB8FF-F526-4BF2-B98A-1488F35876B4}] => (Allow) D:\Autodesk 3ds Max\Backburner\manager.exe
FirewallRules: [{6882F59F-F9F0-4833-911D-C7D47241AA25}] => (Allow) D:\Autodesk 3ds Max\Backburner\manager.exe
FirewallRules: [{8067DDD5-4FDC-45CB-8C65-FF1B545DDE66}] => (Allow) D:\Autodesk 3ds Max\Backburner\server.exe
FirewallRules: [{26A3B032-A2C2-4D35-A369-F4AF39FE53F8}] => (Allow) D:\Autodesk 3ds Max\Backburner\server.exe
FirewallRules: [{CA6F62D5-6FD2-4FFA-9B3E-C48257BDD909}] => (Allow) D:\Autodesk 3ds Max\3dsmax.exe
FirewallRules: [{7AE60CB8-D3FB-4F66-B192-09A7BF346048}] => (Allow) D:\Autodesk 3ds Max\3dsmax.exe
FirewallRules: [{E4E48604-FB87-44E5-805D-A29257A3ECD7}] => (Allow) D:\Autodesk 3ds Max\mentalimages\satellite\raysat_3dsmax2011_64.exe
FirewallRules: [{4FF99872-FF28-458A-82D5-4AEEF73625D4}] => (Allow) D:\Autodesk 3ds Max\mentalimages\satellite\raysat_3dsmax2011_64.exe
FirewallRules: [{F6B6C726-8274-4CF2-A3B5-C6F21BB73317}] => (Allow) D:\Autodesk 3ds Max\mentalimages\satellite\raysat_3dsmax2011_64server.exe
FirewallRules: [{57111DB3-B008-4223-B01B-20287500E1AB}] => (Allow) D:\Autodesk 3ds Max\mentalimages\satellite\raysat_3dsmax2011_64server.exe
FirewallRules: [{5A742600-B95A-49D2-8A2C-89B1E6E6C798}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{EC6ADAFA-7E84-43E2-AA8E-C65B40826850}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{337250DF-A546-4E76-81DC-E5F8CCDE3A83}] => (Allow) C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D2E03719-CEF7-495D-B71C-C1BCBC16E43F}] => (Allow) C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5FAA8E09-45B1-4040-AEB9-447370332A3A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{922BF738-2A5C-4244-BAEB-55C3F7745A1D}D:\sketchup pro 8\sketchup.exe] => (Allow) D:\sketchup pro 8\sketchup.exe
FirewallRules: [UDP Query User{AB41874C-1192-43ED-BD8E-0630C556CE5A}D:\sketchup pro 8\sketchup.exe] => (Allow) D:\sketchup pro 8\sketchup.exe
FirewallRules: [{B97C95AD-10C2-4B78-B72B-5EC660651A13}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{25C7F2E9-E9F6-4A79-8FBA-3E8A0BD631B6}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C334F946-A66D-4BF7-A4FC-928A565716B4}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A7D9C1A5-5E0C-464E-B4BC-6F2955D847A3}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{87DDAB01-3C7C-477A-93DA-85460E2D33CE}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{00E03E3F-DDF2-4870-9C6E-2A2E1206EE10}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{F675FF75-D2C0-4145-BE40-BBF48CD16EFA}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{2E183C7E-9B97-452E-A1C5-9AB3D557CFBA}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{1911EE53-C29B-4770-A0FD-5769556269B7}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Block) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
FirewallRules: [UDP Query User{66E2CB52-A782-4FE8-A33A-49007A5FDFE5}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Block) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
FirewallRules: [TCP Query User{666AA78B-1C8B-4ABE-BC8B-2AEEC2C829EA}C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0D1FF288-9083-4050-89D5-9AFFD980F737}C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nele\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{E80EEE27-3749-4F56-A750-6BC9D2D5E6B9}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{D64BD2B4-4F0D-4019-9633-6D042A515A90}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{E1E55BB6-7FD5-4275-92D1-FA3D73AC3B24}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{77D897F9-E683-49F4-A554-8FC9B0D4235B}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{828A4962-DB9C-4B86-8BF1-9D2F81A49543}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{0D2573D3-2DA4-4DCA-9F3D-9727142B4EDC}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{628EA340-69C4-43F9-B045-B14E149C11B9}D:\pes 2012\pes2012.exe] => (Block) D:\pes 2012\pes2012.exe
FirewallRules: [UDP Query User{864AB171-04CB-4668-93E8-98CF02985972}D:\pes 2012\pes2012.exe] => (Block) D:\pes 2012\pes2012.exe
FirewallRules: [{7EB2656D-A183-45E1-BE69-C292E551B8D8}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{F8606918-147E-49D0-B073-B9D2462C12DC}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{BFCBA2D3-A526-4F60-B2C4-89929AFE2C63}] => (Allow) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{4D7900E6-EC87-4777-BA5B-43F51821132E}] => (Allow) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{1C2CADFC-4792-42FC-92F3-97335AF2593F}D:\rhinoceros 4.0\system\rhino4.exe] => (Allow) D:\rhinoceros 4.0\system\rhino4.exe
FirewallRules: [UDP Query User{B10D9F58-3BA4-4DC3-910B-119F13A276FA}D:\rhinoceros 4.0\system\rhino4.exe] => (Allow) D:\rhinoceros 4.0\system\rhino4.exe
FirewallRules: [TCP Query User{CE605735-5274-4AF2-BDFA-BCDD67A21A48}C:\programdata\asgvis\drspawner\drspawner.exe] => (Allow) C:\programdata\asgvis\drspawner\drspawner.exe
FirewallRules: [UDP Query User{D7ADFCB2-D5E1-4919-BEF6-8BDDD830FFB9}C:\programdata\asgvis\drspawner\drspawner.exe] => (Allow) C:\programdata\asgvis\drspawner\drspawner.exe
FirewallRules: [TCP Query User{D7C3F861-E54A-41BC-AC65-9E1E7F0D6DCF}D:\rhinoceros 4.0\system\rhino4.exe] => (Allow) D:\rhinoceros 4.0\system\rhino4.exe
FirewallRules: [UDP Query User{74E435C7-AB20-4A5C-B353-27F306E83C7B}D:\rhinoceros 4.0\system\rhino4.exe] => (Allow) D:\rhinoceros 4.0\system\rhino4.exe
FirewallRules: [TCP Query User{043A3808-14DA-4A2D-8676-2A88F13EAB6A}C:\programdata\asgvis\drspawner\drspawner.exe] => (Block) C:\programdata\asgvis\drspawner\drspawner.exe
FirewallRules: [UDP Query User{5DBEF7B4-06BD-4C8F-B518-2EAADC1DDFF1}C:\programdata\asgvis\drspawner\drspawner.exe] => (Block) C:\programdata\asgvis\drspawner\drspawner.exe
FirewallRules: [TCP Query User{87EDB21E-277A-4FC5-903C-E17FC329F8CF}C:\users\nele\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nele\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{562D92D7-A0E7-46B6-920E-A4228651CE62}C:\users\nele\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nele\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FB1AD1F5-0415-4DDD-877D-DC6E75D19C77}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{75D95032-964F-471C-8FCD-3E471BBD8F63}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{14EC47C5-1C2C-4612-9E49-9C85051F4ACA}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{940B2D6B-947E-41B5-A2C8-CED137CCA740}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{5DF9ABDA-7C39-409E-8520-B620D66F8934}] => (Allow) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{5AF7200C-CA48-4C04-B773-7E4BE29A601B}] => (Allow) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{05438B02-0459-4FE0-9169-2D8182849197}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{17983DD6-DD28-4690-9C29-650D6216BFE7}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{3B9A34F6-91F5-48A1-9A02-CFB63542DEBE}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{A86DC6D0-9093-44A3-AD0A-40BA04CADF9B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [TCP Query User{A26263FB-B89A-4FD7-803B-D0151CBD2F19}C:\users\nele\desktop\heroes of might and magic iii complete\heroes3.exe] => (Allow) C:\users\nele\desktop\heroes of might and magic iii complete\heroes3.exe
FirewallRules: [UDP Query User{3543CF8E-1FF8-4DFA-936C-57212131AC12}C:\users\nele\desktop\heroes of might and magic iii complete\heroes3.exe] => (Allow) C:\users\nele\desktop\heroes of might and magic iii complete\heroes3.exe
FirewallRules: [TCP Query User{EBD54AD7-E0E7-49E9-94EE-F80D044D283C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{D80787EA-7BAA-48CD-853D-45C4010EA48D}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{CC549B99-AA6C-4A2A-9331-426AC7EEB4EC}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{68D73C88-61CC-4617-8C44-CBD3E7C7510D}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{985909D9-AADE-4EFD-990D-BFCDA300D8EB}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{F30C2E42-FB50-4ABB-89A9-2678DAABF969}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [TCP Query User{0407D69D-5702-4ED9-9802-E32D2FB4F9D7}D:\pes 2013\pes2013.exe] => (Block) D:\pes 2013\pes2013.exe
FirewallRules: [UDP Query User{625735F8-8CA9-43D2-9E10-375AB7BBE992}D:\pes 2013\pes2013.exe] => (Block) D:\pes 2013\pes2013.exe
FirewallRules: [TCP Query User{409FE06C-3642-4686-B993-BF0AE0B58539}D:\autodesk 3ds max\3dsmax.exe] => (Allow) D:\autodesk 3ds max\3dsmax.exe
FirewallRules: [UDP Query User{3FEC6169-65DF-4327-8430-534C821F8CAE}D:\autodesk 3ds max\3dsmax.exe] => (Allow) D:\autodesk 3ds max\3dsmax.exe
FirewallRules: [TCP Query User{7A30987C-50E4-4F60-B668-D8B9DC8BEBEB}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{105F6567-EAC8-46CF-BD0C-FAC938364C89}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{7FCB014C-DDE1-4F7A-A67F-D9FB8194E827}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{F07DABEC-B3CC-47E6-9CCC-D42A55BBEE3E}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [TCP Query User{79DBF233-DA71-4069-9D22-A3C14EEAE140}D:\cs 1.6\hl.exe] => (Block) D:\cs 1.6\hl.exe
FirewallRules: [UDP Query User{F675F63B-B83B-4A03-9E1F-2B9BF7C38B33}D:\cs 1.6\hl.exe] => (Block) D:\cs 1.6\hl.exe
FirewallRules: [TCP Query User{52421337-B2B0-4260-A1AA-3EE431A46583}D:\cs 1.6\hlds.exe] => (Allow) D:\cs 1.6\hlds.exe
FirewallRules: [UDP Query User{8F9410C0-FC67-482B-B491-7523B26F2795}D:\cs 1.6\hlds.exe] => (Allow) D:\cs 1.6\hlds.exe
FirewallRules: [TCP Query User{00E6C6A4-6B7E-4B5D-AA25-C88275E090F2}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8B9139B2-6E5A-42C2-ABDA-AFEEC63B72C9}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{E5DFCE63-E49F-489D-BB3B-FAC020E9A81F}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{70E60EEE-C9D6-46A7-85D3-E60456D59025}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{AB10CB0D-1B1C-486E-8A89-132D30BCA981}D:\cs 1.6\hl.exe] => (Allow) D:\cs 1.6\hl.exe
FirewallRules: [UDP Query User{6B88C13A-3C49-4979-A656-2A09608D5C64}D:\cs 1.6\hl.exe] => (Allow) D:\cs 1.6\hl.exe
FirewallRules: [{7F2A4839-BBC7-4D83-9FE0-FE17AAFB8C5D}] => (Allow) C:\Users\Nele\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22F144E6-9C7C-4840-9B82-597A7364ED01}] => (Allow) C:\Users\Nele\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FDDAA0B5-E722-42D1-AEA1-44C1BDB9A256}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9397AF63-8EF7-4360-8A93-625F0A20F943}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C2DA556B-2BDC-42E4-81AE-A41747BD4795}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{52D1C244-7577-4741-B6FD-666A6AF26756}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{BAA7DD13-9B29-4039-8152-2F075AAEACBA}] => (Allow) C:\Users\Nele\AppData\Local\Torch\Application\torch.exe
FirewallRules: [TCP Query User{D58DC858-947E-43C9-BF00-E5270861AAD4}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{67B7CBB4-E2C2-4795-9859-72BEAD3C41ED}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{606DD336-A426-4018-A396-7A6E93D8F46B}] => (Allow) C:\Users\Nele\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{64DF50DC-ABC5-4BD2-9E89-48410316939E}] => (Allow) C:\Users\Nele\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{15477C4A-CE77-4B19-8E1C-71065A3D0198}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{124E6AE3-3755-4E49-9BF2-829A79CF7DB7}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [TCP Query User{C4AFB163-12B1-4D03-8BEA-5A6CFA717FC9}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe
FirewallRules: [UDP Query User{8F09F1E2-E003-42EC-9209-455D6B76F7D1}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe
FirewallRules: [{758B8C9F-3B57-418A-A791-4FFB78D79C59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E9E32F38-54CD-4F00-83C3-91D75BCE9E41}] => (Allow) LPort=49162
FirewallRules: [{0AF3E226-54F8-44E7-91F3-88B1AF111114}] => (Allow) LPort=5000
FirewallRules: [{6D9F36F1-04DA-42A8-A31C-2F6D6E268ABB}] => (Allow) LPort=49171
FirewallRules: [{B6E21679-E702-4E06-90FE-DBA7EBF1109E}] => (Allow) LPort=5000
 
==================== Faulty Device Manager Devices =============
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/25/2015 02:11:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/24/2015 01:49:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/23/2015 09:25:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/23/2015 00:10:48 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (06/22/2015 04:05:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/22/2015 02:02:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/20/2015 10:33:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/18/2015 03:49:23 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.124;lang=;guid=3592ECF5B87D4625A29CCED6F40E7DF5;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d173573-e4e9-4484-9296-322f31c8e69e.dmp
 
Error: (06/18/2015 10:23:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/17/2015 03:50:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (06/25/2015 02:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
Error: (06/25/2015 02:28:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
 
Error: (06/25/2015 01:50:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Network Inspection service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/25/2015 01:50:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (06/25/2015 01:50:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Network Inspection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
 
Error: (06/25/2015 01:50:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
 
Error: (06/25/2015 01:50:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The avast! Web Scanner service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/25/2015 01:50:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The avast! Mail Scanner service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/25/2015 01:50:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/25/2015 01:50:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Network Inspection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (06/25/2015 02:11:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/24/2015 01:49:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/23/2015 09:25:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/23/2015 00:10:48 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall
 
Error: (06/22/2015 04:05:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/22/2015 02:02:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/20/2015 10:33:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/18/2015 03:49:23 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.124;lang=;guid=3592ECF5B87D4625A29CCED6F40E7DF5;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d173573-e4e9-4484-9296-322f31c8e69e.dmp
 
Error: (06/18/2015 10:23:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
Error: (06/17/2015 03:50:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 76%
Total physical RAM: 3958.85 MB
Available physical RAM: 938.48 MB
Total Pagefile: 7915.88 MB
Available Pagefile: 3772.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:92.95 GB) (Free:14.14 GB) NTFS
Drive d: (Programs) (Fixed) (Total:139.7 GB) (Free:22.67 GB) NTFS
Drive e: (Documents) (Fixed) (Total:232.72 GB) (Free:23.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DFBFE8A1)
Partition 1: (Not Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=93 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=232.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=139.7 GB) - (Type=OF Extended)
 
==================== End of log ============================

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One of your Avast drivers is corrupted so the easy way to fix that will be to re-install

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [iLivid] => "C:\Users\Nele\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File not found
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File not found
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File not found
Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2015-06-13]
ShortcutTarget: v.lnk -> C:\Users\Nele\AppData\Roaming\obiykymgmv.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://www.istartsur...EFVXXXX5VE7AEFV
2015-06-25 13:50 - 2015-06-25 13:50 - 01415680 _____ (wj32) C:\Program Files\JKLMNOM1.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 01415680 _____ (wj32) C:\Program Files\YZ01238K.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 01415680 _____ (wj32) C:\Program Files\9N1JXBZF.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 01415680 _____ (wj32) C:\Program Files\MKUY23KC.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 01415680 _____ (wj32) C:\Program Files\048CGKXW.exe
2015-06-23 10:12 - 2015-06-23 10:12 - 01415680 _____ (wj32) C:\Program Files\8M0ESAO4.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\Z7RP97AF.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\WW4008SS.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\M2AIA2II.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\KOH6ZK9H.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\DDHHHH1X.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\CKKSYMS2.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\AZD2UMLZ.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\3WKJTIM0.exe
2015-06-13 13:51 - 2015-06-13 13:51 - 86781952 __RSH C:\Users\Nele\AppData\Roaming\obiykymgmv.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 1415680 _____ (wj32) C:\Program Files\048CGKXW.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\3WKJTIM0.exe
2010-01-02 00:01 - 2010-01-02 00:01 - 1415680 _____ (wj32) C:\Program Files\6AEIMKUE.exe
2015-06-23 10:12 - 2015-06-23 10:12 - 1415680 _____ (wj32) C:\Program Files\8M0ESAO4.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 1415680 _____ (wj32) C:\Program Files\9N1JXBZF.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\AZD2UMLZ.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\CKKSYMS2.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\DDHHHH1X.exe
2010-01-02 00:03 - 2010-01-02 00:03 - 1415680 _____ (wj32) C:\Program Files\E86G4824.exe
2010-01-02 00:03 - 2010-01-02 00:03 - 1415680 _____ (wj32) C:\Program Files\G7TUGC52.exe
2015-06-25 13:50 - 2015-06-25 13:50 - 1415680 _____ (wj32) C:\Program Files\JKLMNOM1.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\KOH6ZK9H.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\M2AIA2II.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 1415680 _____ (wj32) C:\Program Files\MKUY23KC.exe
2015-05-01 23:03 - 2015-05-01 23:03 - 1415680 _____ (wj32) C:\Program Files\MY6CIKEI.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\WW4008SS.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 1415680 _____ (wj32) C:\Program Files\YZ01238K.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\Z7RP97AF.exe
2015-06-13 13:51 - 2015-06-13 13:51 - 86781952 __RSH () C:\Users\Nele\AppData\Roaming\obiykymgmv.exe
Task: {4D4CCEC4-FAA6-4982-A061-1409739099C9} - \EPUpdater No Task File <==== ATTENTION
Task: {C30E193D-51C4-4CAD-8C1C-E362951F7DF3} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
C:\PROGRA~3\Wincert
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel
  • Run the uninstall tool and accept the reboot to safe mode
  • Once complete reboot your system
  • Reinstall Avast
----------
  • 0

#6
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Nele at 2015-06-25 17:20:20 Run:1
Running from C:\Users\Nele\Desktop
Loaded Profiles: Nele (Available Profiles: Nele)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [iLivid] => "C:\Users\Nele\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File not found
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File not found
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File not found
Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2015-06-13]
ShortcutTarget: v.lnk -> C:\Users\Nele\AppData\Roaming\obiykymgmv.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://www.istartsur...EFVXXXX5VE7AEFV
2015-06-25 13:50 - 2015-06-25 13:50 - 01415680 _____ (wj32) C:\Program Files\JKLMNOM1.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 01415680 _____ (wj32) C:\Program Files\YZ01238K.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 01415680 _____ (wj32) C:\Program Files\9N1JXBZF.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 01415680 _____ (wj32) C:\Program Files\MKUY23KC.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 01415680 _____ (wj32) C:\Program Files\048CGKXW.exe
2015-06-23 10:12 - 2015-06-23 10:12 - 01415680 _____ (wj32) C:\Program Files\8M0ESAO4.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\Z7RP97AF.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\WW4008SS.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\M2AIA2II.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\KOH6ZK9H.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\DDHHHH1X.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\CKKSYMS2.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\AZD2UMLZ.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 01415680 _____ (wj32) C:\Program Files\3WKJTIM0.exe
2015-06-13 13:51 - 2015-06-13 13:51 - 86781952 __RSH C:\Users\Nele\AppData\Roaming\obiykymgmv.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 1415680 _____ (wj32) C:\Program Files\048CGKXW.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\3WKJTIM0.exe
2010-01-02 00:01 - 2010-01-02 00:01 - 1415680 _____ (wj32) C:\Program Files\6AEIMKUE.exe
2015-06-23 10:12 - 2015-06-23 10:12 - 1415680 _____ (wj32) C:\Program Files\8M0ESAO4.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 1415680 _____ (wj32) C:\Program Files\9N1JXBZF.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\AZD2UMLZ.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\CKKSYMS2.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\DDHHHH1X.exe
2010-01-02 00:03 - 2010-01-02 00:03 - 1415680 _____ (wj32) C:\Program Files\E86G4824.exe
2010-01-02 00:03 - 2010-01-02 00:03 - 1415680 _____ (wj32) C:\Program Files\G7TUGC52.exe
2015-06-25 13:50 - 2015-06-25 13:50 - 1415680 _____ (wj32) C:\Program Files\JKLMNOM1.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\KOH6ZK9H.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\M2AIA2II.exe
2015-06-25 11:09 - 2015-06-25 11:09 - 1415680 _____ (wj32) C:\Program Files\MKUY23KC.exe
2015-05-01 23:03 - 2015-05-01 23:03 - 1415680 _____ (wj32) C:\Program Files\MY6CIKEI.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\WW4008SS.exe
2015-06-25 11:15 - 2015-06-25 11:15 - 1415680 _____ (wj32) C:\Program Files\YZ01238K.exe
2015-06-23 10:09 - 2015-06-23 10:09 - 1415680 _____ (wj32) C:\Program Files\Z7RP97AF.exe
2015-06-13 13:51 - 2015-06-13 13:51 - 86781952 __RSH () C:\Users\Nele\AppData\Roaming\obiykymgmv.exe
Task: {4D4CCEC4-FAA6-4982-A061-1409739099C9} - \EPUpdater No Task File <==== ATTENTION
Task: {C30E193D-51C4-4CAD-8C1C-E362951F7DF3} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
C:\PROGRA~3\Wincert
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value removed successfully
"C:\PROGRA~3\Wincert\WIN64C~1.DLL" => value data removed successfully.
"c:\progra~2\movies~1\datamngr\x64\mgrldr.dll" => value data removed successfully.
"c:\progra~3\wincert\win32c~1.dll" => value data removed successfully.
C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk => moved successfully.
C:\Users\Nele\AppData\Roaming\obiykymgmv.exe => moved successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
C:\Program Files\JKLMNOM1.exe => moved successfully.
C:\Program Files\YZ01238K.exe => moved successfully.
C:\Program Files\9N1JXBZF.exe => moved successfully.
C:\Program Files\MKUY23KC.exe => moved successfully.
C:\Program Files\048CGKXW.exe => moved successfully.
C:\Program Files\8M0ESAO4.exe => moved successfully.
C:\Program Files\Z7RP97AF.exe => moved successfully.
C:\Program Files\WW4008SS.exe => moved successfully.
C:\Program Files\M2AIA2II.exe => moved successfully.
C:\Program Files\KOH6ZK9H.exe => moved successfully.
C:\Program Files\DDHHHH1X.exe => moved successfully.
C:\Program Files\CKKSYMS2.exe => moved successfully.
C:\Program Files\AZD2UMLZ.exe => moved successfully.
C:\Program Files\3WKJTIM0.exe => moved successfully.
"C:\Users\Nele\AppData\Roaming\obiykymgmv.exe" => File/Folder not found.
"C:\Program Files\048CGKXW.exe" => File/Folder not found.
"C:\Program Files\3WKJTIM0.exe" => File/Folder not found.
C:\Program Files\6AEIMKUE.exe => moved successfully.
"C:\Program Files\8M0ESAO4.exe" => File/Folder not found.
"C:\Program Files\9N1JXBZF.exe" => File/Folder not found.
"C:\Program Files\AZD2UMLZ.exe" => File/Folder not found.
"C:\Program Files\CKKSYMS2.exe" => File/Folder not found.
"C:\Program Files\DDHHHH1X.exe" => File/Folder not found.
C:\Program Files\E86G4824.exe => moved successfully.
C:\Program Files\G7TUGC52.exe => moved successfully.
"C:\Program Files\JKLMNOM1.exe" => File/Folder not found.
"C:\Program Files\KOH6ZK9H.exe" => File/Folder not found.
"C:\Program Files\M2AIA2II.exe" => File/Folder not found.
"C:\Program Files\MKUY23KC.exe" => File/Folder not found.
C:\Program Files\MY6CIKEI.exe => moved successfully.
"C:\Program Files\WW4008SS.exe" => File/Folder not found.
"C:\Program Files\YZ01238K.exe" => File/Folder not found.
"C:\Program Files\Z7RP97AF.exe" => File/Folder not found.
"C:\Users\Nele\AppData\Roaming\obiykymgmv.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D4CCEC4-FAA6-4982-A061-1409739099C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D4CCEC4-FAA6-4982-A061-1409739099C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C30E193D-51C4-4CAD-8C1C-E362951F7DF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C30E193D-51C4-4CAD-8C1C-E362951F7DF3}" => key removed successfully
C:\Windows\System32\Tasks\Your File Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Your File Updater" => key removed successfully
C:\Program Files (x86)\YourFileDownloader => moved successfully.
C:\PROGRA~3\Wincert => moved successfully.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{B5C71E24-A832-447B-8225-0A1DAE8C591A} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 2.4 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 17:21:43 ====

  • 0

#7
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
# AdwCleaner v4.207 - Logfile created 25/06/2015 at 13:05:19
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Nele - NELE-TOSHIBA
# Running from : C:\Users\Nele\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage-journal
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.getwebcake.com_0.localstorage
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.getwebcake.com_0.localstorage-journal
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage
File Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage-journal
File Found : C:\Users\Nele\AppData\Roaming\Adobe AIFF Format CS5 Prefs
Folder Found : C:\ext
Folder Found : C:\Program Files (x86)\adblocker
Folder Found : C:\Program Files (x86)\BearShare Applications
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\Program Files (x86)\MagniPic
Folder Found : C:\Program Files (x86)\MagniPic
Folder Found : C:\Program Files (x86)\Maxiget
Folder Found : C:\Program Files (x86)\Movies Toolbar
Folder Found : C:\Program Files (x86)\YourFileDownloader
Folder Found : C:\Program Files (x86)\YourFileDownloader
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\clsoft ltd
Folder Found : C:\ProgramData\e93bee0d9230deb9
Folder Found : C:\ProgramData\glfmacnhdgmdneniciepkckpehhokhmj
Folder Found : C:\ProgramData\glfmacnhdgmdneniciepkckpehhokhmj
Folder Found : C:\ProgramData\JoniCoupone
Folder Found : C:\ProgramData\MaganiPic
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaganiPic
Folder Found : C:\ProgramData\periceacihop
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\RaNdaomPrrice
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Nele\AppData\Local\Bundled software uninstaller
Folder Found : C:\Users\Nele\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg
Folder Found : C:\Users\Nele\AppData\Local\Maxiget
Folder Found : C:\Users\Nele\AppData\Local\PackageAware
Folder Found : C:\Users\Nele\AppData\Local\torch
Folder Found : C:\Users\Nele\AppData\LocalLow\Conduit
Folder Found : C:\Users\Nele\AppData\LocalLow\Delta
Folder Found : C:\Users\Nele\AppData\LocalLow\MaganiPic
Folder Found : C:\Users\Nele\AppData\LocalLow\wincorebsband
Folder Found : C:\Users\Nele\AppData\Roaming\DriverCure
Folder Found : C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found : C:\Users\Nele\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Nele\AppData\Roaming\Systweak
Folder Found : C:\Users\Nele\AppData\Roaming\YourFileDownloader
Folder Found : C:\Users\Nele\AppData\Roaming\YourFileDownloader
 
***** [ Scheduled tasks ] *****
 
Task Found : EPUpdater
Task Found : Your File Updater
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Infected : C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Infected : C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Infected : C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win32c~1.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Key Found : HKCU\Software\5253dddab169ed47
Key Found : HKCU\Software\APNDTX
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\mediabarbs
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\MaxiGet
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchiu.com
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\UpToDown
Key Found : HKCU\Software\Webplayer
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\YourFileDownloader
Key Found : [x64] HKCU\Software\APNDTX
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\MaxiGet
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\PrivitizeVPNInstallDates
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\UpToDown
Key Found : [x64] HKCU\Software\Webplayer
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\5253dddab169ed47
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\bearsharemediabartb
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0207057-3461-4F7F-B689-D016B7A03964}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A75ACCCD-3CC9-4865-8BE3-F523FDA2164F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SDP
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
Key Found : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\MaxiGet
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A0207057-3461-4F7F-B689-D016B7A03964}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A75ACCCD-3CC9-4865-8BE3-F523FDA2164F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MagniPic
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v43.0.2357.130
 
[C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.google.com/","homepage_is_newtabpage":false,"pinned_tabs":[],"prefs":{"preference_reset_time":"13067980200724926"},"protection":{"macs":{"browser":{"show_home_button":"F625AF1D2FC6F4469D7C4B75A2B40DA11C248FB0061CE882B4AFDA8775A3D580"},"default_search_provider":{"keyword":"320586DAF14517B2D989004A9ECC9B1E46B953081A313FFF342F4BC994FE955D","name":"75B0A6EB0FDBE98A4647C302A2CB6DC0DB4B4505AB84C8BFED2CA5764D49E0D6","search_url":"BABA7737CA1C7FD3975126D5E6AB49B7B1B34E2B417855AA0038DF99C47B7535"},"default_search_provider_data":{"template_url_data":"33CF8A5DA8E7435DDDD1B8BE4441913CCE27262FD830C8A7657C08268B314635"},"extensions":{"settings":{"aaaaabcbmongicmdegkmmfgdickgnnob":"963760D90044F2DFA37DF11ED9A47BEA7B8DABFF32261A290FA3FB9E981FFE87","abopacaefhbognnmeigicfpgnmpideag":"7DB64733AE229BBDA622A49578CE8A2D4F43ACACC39B976B562F4ACE8B001264","aeifanonhefcaphaeeknpklkfnjjmpec":"196C7FFCCEB2C07C9970C1F7B8482A0B232FA68578E688F94AC91925698AB7C6","agoenciogemlojlhccbcpcfflicgnaak":"2DC91D94D19EEFD980A64447C3668A14B0F67328253CB9214A4B8D3AA6B317A1","ahfgeienlihckogmohjhadlkjgocpleb":"9BF11B5DCEA45E310A31FEBD0FB843457576DA6A66D968A66FD86630EBD3006A","ahjaciijnoiaklcomgnblndopackapon":"93DB2522A8E75F23D317A6A7AD6D29CC68825957336B3D394F1929E43DE61E29","ajkgkhepjponelmnplpciplmhagpknbg":"A833835978561290CA2AEE6F059EFF2B08841623DCAA59035C131E0D832F8AF9","anelkojiepicmcldgnmkplocifmegpfj":"8E302773181062783E6B6714E1278FA6475F06ED2EEA3CD4E5FFD535AE4CA0D8","bddnmcopphcfjagpabphnpdnoemoapgo":"1878BC432ECDAA9D06D45E8B92A4335F6C42E287C47EFA0B6B40F90EF476BEB7","bepbmhgboaologfdajaanbcjmnhjmhfn":"E8530A9619A1BF91FB8C9151E4E74E2B4E6507FD62EF6AD82E4E5A15C8880DFE","bjcjaemihddenoopkkhaamlcoliiiain":"9128F87889F9394D885FA8EBE9B08F894D8ECC1E7E338A70A795BA60D2ACE93D","cbnlbdcceojfankljogialbafhebmamc":"DB3C904157A50D017FAA860CFBFDB30973B7F72E56F0B40EFA8E00FBD30D268F","clgliemokfgimmfodoeboneoibjklncc":"6AB400F1F2344F6E7F47384913899A0FCFD0DCEC27687DA3995FD54A48B99172","cljncilidfbinjgmdfdcanigoafngbph":"BCA12A3A189EA640FA7658F04C487440DD6ED31F41B3633FD468FA6582DCBF18","dnhpdliibojhegemfjheidglijccjfmc":"B8AFD46E43647F1B8D765398DFAF1575CAAA403663935895892394F3F1A98526","edfohacdfdemjkeejihknkmjkabndgkg":"2FEEE0809770DAA08FB78428C760D2ED64F52CFE0A3A9D72B306633F57B8461E","eemcgdkfndhakfknompkggombfjjjeno":"A6DDF2401441A9DDF29297EFF51BE26DB475CD8BFD662D9DAAB3EBA6BC753A4D","ennkphjdgehloodpbhlhldgbnhmacadg":"A45139FA6C836ABC74BCAD2A3335D2769E92886FCB5C6A2E5256F0C4716922C5","eooncjejnppfjjklapaamhcdmjbilmde":"05E940B18D710E702B8237A4FDC9864E31CE8AC7CFFE0DBB65C8F2010F1EC8C2","fjoijdanhaiflhibkljeklcghcmmfffh":"0A977EB2E1307CFAED5CF870339268763A6A661BFEE4109877C99B5F12DBA5E5","fmfibdjbnmndigbklnlllakjbjheiopj":"8FA0056EA801A0E114772FCA5ECEFC0B89C141EB9F0F15650361AF1104F70F6E","gajlaijicbmdnbpdficpdlkhgajhgkkd":"EDE62B8F712E621254DA7F757920630DA9B617D1EDA371C303D91821C05A2393","gdmmodjlfegeieihcdcgcalkgmhgmiae":"55E6EBEB85F109775F7637A67D66007601C29A3B22E0C60A0F3E194CF57143D4","gfdkimpbcpahaombhbimeihdjnejgicl":"E74BB1FD752D1C50215BB4878CC472312769AEB45920E0BCC295192F0C0C141F","gighmmpiobklfepjocnamgkkbiglidom":"45FD143BC2C3CAD5B8D263DBB9EB2101E4A49E3809E31341D316EB13902024F8","glfmacnhdgmdneniciepkckpehhokhmj":"CCFB025AF273012090072594F81394258B5785B0A663BFE13805CCEC4434990B","hclgbbaloijjnkpigapgmocdpoblnlec":"C855113353C24A4C8277DD954411796ED444753DF1B1A2F4BE4ABB409248EB0A","hfpeacgpdnhofhebmincihdelcemhagd":"CAFA9AF85D803A3F740768114824885FE8D95977BEA3F3C5FDEF5B30DC34BD99","hibnimblojplfbdgeebipbioedefogoi":"DB13D8C6542A250E40819F8F270F98C44D1FD68FFC736343041CD15F8D76545F","ibfjeadhjbcepmknoanimdbemlobmlpe":"D36730B57BDB2302B6B069BCF24BE0C831048005C5E7280BD3A3B9D98EDCE8D8","jddbfonfhbjoljahbanhflbomdelnohb":"513D18060CED5801F2540FA6CF888459E89974AC4EACACF8B1BFE0333ED60E2F","jdheeblenjmceeppomdgokgilmkonced":"F5620B052DD94A45A4ECAA2CEC7D83C08A6D9B7DB4C2966A39E0ADDDC63C058C","jfnniehafojoidolddmhfnpnbiolbppi":"12E79B4A145A5CEA01DBEA1D4B08BA8541AD28B525CFE4BF7CFFF51A9EEE1A78","jgaeopgjojikeoiidmfaejkifhgjoooe":"F561D1F9B893A1FC188C4580BAE2E3F3B265DDED3136F6CD8FCCCED05922D44A","jlgdloilieclkegafohackmhffbmdpko":"68A42A86CB54FE23CC6A2DBA8715E51C394D2E6F74DC73B4A4FEA31750A12C75","kdmmkfaghgcicheaimnpffeeekheafkb":"28ED30EB41FD3E8C3EA17642921AD44621731A5477923D97B3E45D5962386BEB","keembkgclppcbilkekfgpobhldjjhpmn":"EFF5CB358B0771A6E3B6BFFC5752DF5C4E859E233579D721D6B030A485E78F6B","kmendfapggjehodndflmmgagdbamhnfd":"EFA0A156A2F1373ECDBDD9381E01463A4BBE2C21BB28266A1A856489E7A6D14D","lccekmodgklaepjeofjdjpbminllajkg":"CBE2E962962ADDF6CCCDF9FEC120A3D9216A378AE7D9869017F93D6638251E96","lfbgimoladefibpklnfmkpknadbklade":"89E4C925714BEBC1142A543C85338E685473B67661EBF9095C980ACFC9E4A682","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"76575E622CA53D6F34230DA06ED0E6ED9829E924D4286501C92E871ADDDC2641","liihamdfalaafmojcdakajejmcbnjkce":"51E41C862ABB63AFAA8D38815C5D6C6E54A4B713A4C3B8B8CC8AFDB776E6E127","lkllajgbhondgjjnhmmgbjndmogapinp":"4B425B436E95BF8C0C48817FCA8CCD820A8CBFA14A57A0313B7AB72EA51D5003","mcafejemebbngbglfoinpoaannbihjna":"0C8CD461CF2B210E730C20C3B773041BB05FCF0C799A823353185240AF44CF09","mfehgcgbbipciphmccgaenjidiccnmng":"89F07EECBB3034A404659108A3C902754A5F341335EEC820806E0624FE61A3BC","mfffpogegjflfpflabcdkioaeobkgjik":"EDF846102AEA38199C0512CC43B9F3E22C5BFCA07DD0907EEE92E1CFA4531F92","mgndgikekgjfcpckkfioiadnlibdjbkf":"CC8C3098CA6C3E591C80E7D42F64B5E8F044612AE0150870831ACE5C686F0CAE","mhjfbmdgcfjbbpaeojofohoefgiehjai":"21C93812C3FCDD9271500A85E3EA87602F6794F5715C7A36DFB4913E37E73E11","mpcknfcdcgpffjddjeceioobdelceffo":"2D923FF4AC00E7DA839018A4862D00E83CEDC70BEFCA682327E8073928920D4F","nbpagnldghgfoolbancepceaanlmhfmd":"C05ED716AF2C202FC9EBAD95B48BB0B9D08B6856209EAF847C70CDC1B70AB903","ncdcclndkdgngndhjfccoabooegcgamk":"DF1FE2C0C3B803557E8F1A5403F65D95770460DADEA47F3B66152A14E86634AC","neajdppkdcdipfabeoofebfddakdcjhd":"184E75172AC18FAD1D3D610F3EAB0995DD2AB312D5C75AA9A9F292A681F34201","nkeimhogjdpnpccoofpliimaahmaaome":"9846798A4C53F65E61A7325A96FDEA660A19BDE01B219199800428EE59DA5C49","nmmhkkegccagdldgiimedpiccmgmieda":"298ED6461AAE6A69F95D2DF1438CCFEED00581CE5C8D983900893107BFE79757","nninaahoaamcnfhioafhfnaaegmkfmed":"54CF838E6D6B927ACBF51EC4774EC20C5BD0A84AB98B03B9DBBB538F1ECD1C7B","ohmmkhmmmpcnpikjeljgnaoabkaalbgc":"079FBE825D283A07A7AFC40A1182C9F384270CE77B819AD68EE8163100CE3150","oiokahphinmbmakkehgelkmpolmnbkdh":"3D15DFAAC6004B370CE7FDF5647891FE932FEE219085C86921D73964D62DC787","onbeokliillhaggplnppjdanhbajfcej":"5CCC17A2B72D119E634B40D441A173E46A19D197589B177A135B6976936C0272","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"FFA8EE544F47834FE5E5553B582E9D5EF6BC5C40897EE0E15149A9487F2804A1","pbapipcgadndjlpokbcmgohpjpgkbodo":"56C361D6819D98E0384C9D9E382227F4551D5583DF86982E90781C95084D7C47","pmphjijgcdpmmnfjbemolkdiidinogml":"3C0EFC8FDA1469D0FECDA5707EC75552C0418CA31E9C1168712CA579DC962DC8","ppnkdiaelidjhcebhmgemlpnghbdgjhk":"F4E6F31C5FBA9BD3132514A03E4E7333F0C3BA2F3DB2BEC66F3D6E42F7CDEAA8"}},"google":{"services":{"last_username":"8BE35E8BBE615780CF201D0127360A6063758F26D162D5528DD3F5E5DA70CCF5","username":"1EDA746A1D0EA9095EC3DF65FB1E7859AFDE26424A66AD0A6FDC2E085448694C"}},"homepage":"AF58D95BFC82F621D338125EEBE49DACD42A1D172C6438B1D7039B1DAC32F3C3","homepage_is_newtabpage":"0AC0017003A62E22751BDB6D2BC6BC24E40820A3A43AF94EEC2368FA75ED3C84","pinned_tabs":"49F74495EE4CF6CA42E5ED7EB4651F931D5940A407A0E4B63AC0B633512DCDEF","prefs":{"preference_reset_time":"3B51601C042D56574A7E4CBB9306998EDF39F8C22220A01B34BE5003C2573F5A"},"profile":{"reset_prompt_memento":"274374BABE00232B1749F76130B3C8972BAD3AE31F15C9313035FC27B11E5643"},"safebrowsing":{"incidents_sent":"D7AB3EAC4F751529F2254AD35404D9C0170BB5DCA861871F8E447F4B511BE00A"},"search_provider_overrides":"509F957D635DF806DF30F30B357D29E298285505BC11692843830F83CD39BA34","session":{"restore_on_startup":"5FB928178D71FCA59C85FBEBCC8821807458484CBC6F7B1EAA88A3EA9AE209C9","startup_urls":"A6C9C4299C8F99C5F78B4471AEBB0E24B3F75D97EEF81D9E48D31D5718B960A8"},"software_reporter":{"prompt_reason":"C161BBC4CCD1B7947315432AC82CF0C44E4C584320ED37906C18822B78C4866B","prompt_seed":"66688AE68DC9AF71220FD5AFA4AE9FE1F3518D8175CD2D89A8E3EA60C36E25BD","prompt_version":"F816C6D339F08188BDA36EDD458E4BFC959EBD06CC29EAD1F01D17E8C77284EF"},"sync":{"remaining_rollback_tries":"4A0077E0B7687C68DA213D876E623E1BE087836FDAD1091C2D426481B7DCAAEB"}},"super_mac":"D8375E3876FE71581541EBECEB04C9C47CDF64FE1A014A644775B26447A64698"},"session":{"restore_on_startup":5,"startup_urls":["","hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=9E330026B6FF7B83&affID=119776&tsp=4922
[C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : A6C9C4299C8F99C5F78B4471AEBB0E24B3F75D97EEF81D9E48D31D5718B960A8"},"software_reporter":{"prompt_reason":"C161BBC4CCD1B7947315432AC82CF0C44E4C584320ED37906C18822B78C4866B","prompt_seed":"66688AE68DC9AF71220FD5AFA4AE9FE1F3518D8175CD2D89A8E3EA60C36E25BD","prompt_version":"F816C6D339F08188BDA36EDD458E4BFC959EBD06CC29EAD1F01D17E8C77284EF"},"sync":{"remaining_rollback_tries":"4A0077E0B7687C68DA213D876E623E1BE087836FDAD1091C2D426481B7DCAAEB"}},"super_mac":"D8375E3876FE71581541EBECEB04C9C47CDF64FE1A014A644775B26447A64698"},"session":{"restore_on_startup":5,"startup_urls":["","hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=9E330026B6FF7B83&affID=119776&tsp=4922
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [26641 bytes] - [25/06/2015 13:05:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26701 bytes] ##########

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you have re-installed Avast can you let me know if it is working
  • 0

#9
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

No still doesn't wanna start. :\


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does it give any warning or alert ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

Advertisements


#11
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I didn't get any log from combofix, only 'blue screen' happened, so I restarted it.
What should I do now ?


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix gave a blue screen is that correct ?

Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :


5. Update signature database

Then press "Execute selected scripts"
avz2.JPG

Once that has execute then
select "File" > "Standards scripts"
Place a tick in :

3. Advanced System Analysis with malware removal mode enabled


When finished look in the folder AVZ4 on your desktop
Open the LOG folder
Attach virusinfo_syscure to your next post
vz3.JPG
  • 0

#13
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Yeah, it gave me blue screen and than I turned it off and on.

 

I'm posting zip file from LOG folder here now.

Attached Files


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try to run your AV after this please

FIX

Open AVZ as before
Click "File" > "Custom scripts"
avzfix1.png

A dialogue will open
Copy and paste the following script into the marked space then press run
avzfix2.JPG

Script for insertion :

 
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteService('VSSS');
 SetServiceStart('VSSS', 4);
 StopService('VSSS');
 TerminateProcessByName('c:\users\nele\appdata\roaming\microsoft\systemcertificates\vssvc.exe');
 DeleteFile('c:\users\nele\appdata\roaming\microsoft\systemcertificates\vssvc.exe','32');
 BC_DeleteFile('c:\users\nele\appdata\roaming\microsoft\systemcertificates\vssvc.exe');
 DeleteFile('C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_elf.dll','32');
 BC_DeleteFile('C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_elf.dll');
 DeleteFile('C:\Program Files\kprocesshacker.sys','32');
 BC_DeleteFile('C:\Program Files\kprocesshacker.sys');
 BC_DeleteSvc('VSSS');
 DeleteFile('C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1410331261&from=epom2&uid=ST9500325AS_5VE7AEFVXXXX5VE7AEFV','32');
 BC_DeleteFile('C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1410331261&from=epom2&uid=ST9500325AS_5VE7AEFVXXXX5VE7AEFV');
 DeleteFile('c:\users\nele\appdata\local\google\chrome\application\chrome.exe  http://ui.skype.com/ui/0/5.1.0.104/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2','32');
 BC_DeleteFile('c:\users\nele\appdata\local\google\chrome\application\chrome.exe  http://ui.skype.com/ui/0/5.1.0.104/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2');
 DeleteFile('c:\users\nele\appdata\local\google\chrome\application\chrome.exe  http://ui.skype.com/ui/0/5.3.0.111.259/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2','32');
 BC_DeleteFile('c:\users\nele\appdata\local\google\chrome\application\chrome.exe  http://ui.skype.com/ui/0/5.3.0.111.259/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2');
 DeleteFile('c:\users\nele\appdata\local\google\chrome\application\chrome.exe  http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsProgressBar','32');
 BC_DeleteFile('c:\users\nele\appdata\local\google\chrome\application\chrome.exe  http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsProgressBar');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Ensure that you copy from begin to end
  • 0

#15
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

It started and it gave me blue screen again. :\


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP