Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antivirus doesn't wanna start! [Solved]

Started by Nele_90 , Jun 25 2015 06:15 AM

This topic is locked

#16
Essexboy

Posted 27 June 2015 - 06:43 AM

GeekU Moderator

Retired Staff
69,964 posts

OK could you run this fix, as I have now had two others like this and found the culprits

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#17
Nele_90

Posted 27 June 2015 - 07:45 AM

Member

Topic Starter
Member
19 posts

Again blue screen!

#18
Essexboy

Posted 27 June 2015 - 09:57 AM

GeekU Moderator

Retired Staff
69,964 posts

Could I have a fresh FRST scan please

Are you able to access safe mode ?

#19
Nele_90

Posted 27 June 2015 - 12:33 PM

Member

Topic Starter
Member
19 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015

Ran by Nele (administrator) on NELE-TOSHIBA on 27-06-2015 20:28:59

Running from C:\Users\Nele\Desktop

Loaded Profiles: Nele (Available Profiles: Nele)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Microsoft Corporation) C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(DT Soft Ltd) D:\DAEMON Tools\DAEMON Tools Lite\DTLite.exe

(Akamai Technologies, Inc.) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe

(Dropbox, Inc.) C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Akamai Technologies, Inc.) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe

(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe

(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)

HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)

HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)

HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)

HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-03-25] (MyHeritage)

HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-27] (Avast Software s.r.o.)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Google Update] => "C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Dropbox Update] => C:\Users\Nele\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {0a94210f-9d4a-11e2-b948-00266c66fe20} - H:\AutoRun.exe

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {4b88909a-f603-11df-a4cb-0026b6ff7b83} - H:\LaunchU3.exe -a

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {a39c4005-bd00-11df-aa9a-00266c66fe20} - F:\Setup.exe

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b97300f0-f657-11e3-8d14-00266c66fe20} - H:\AutoRun.exe

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b97300fd-f657-11e3-8d14-00266c66fe20} - H:\AutoRun.exe

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b9730109-f657-11e3-8d14-00266c66fe20} - I:\AutoRun.exe

HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010-09-16]

ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-23]

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-23]

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2010-12-08]

ShortcutTarget: Dropbox.lnk -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-26] (Avast Software s.r.o.)

ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-01-13] (Autodesk, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-3458131516-997301713-3897728758-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {7078A3BF-BF66-4D05-9076-1D5292D7B64D} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {35989FEC-2CFA-40D8-8B67-20772A75C489} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {35989FEC-2CFA-40D8-8B67-20772A75C489} URL =

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> DefaultScope {8C836276-BBAB-450B-8CC7-A6C014DC2E1E} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {35989FEC-2CFA-40D8-8B67-20772A75C489} URL =

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {7078A3BF-BF66-4D05-9076-1D5292D7B64D} URL =

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {8C836276-BBAB-450B-8CC7-A6C014DC2E1E} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL =

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {AEFB8FD2-ADF4-4DC8-A24E-730C71DAD4DD} URL = http://www.amazon.co...ed&linkCode=ur2

SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {F32093E8-6444-45D5-AE3D-182B4062554A} URL = http://rover.ebay.co...e={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-26] (Avast Software s.r.o.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-26] (Avast Software s.r.o.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)

Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)

DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2010-05-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2010-05-14] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @autodesk.com/DWF -> C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll [2011-01-24] (Autodesk)

FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-03-24]

FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-29]

FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-12-18]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-26]

Chrome:

=======

CHR Profile: C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Floorplanner) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2013-12-09]

CHR Extension: (Learn French - Très Bien) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2013-12-09]

CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-12-09]

CHR Extension: (Search Papoy) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg [2013-10-05]

CHR Extension: (Intelligence Quiz) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddnmcopphcfjagpabphnpdnoemoapgo [2013-12-09]

CHR Extension: (Ancient Map) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2014-09-11]

CHR Extension: (Crazy4Jigsaws) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgliemokfgimmfodoeboneoibjklncc [2013-12-09]

CHR Extension: (Kingdom Rush Frontiers) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfibdjbnmndigbklnlllakjbjheiopj [2014-01-26]

CHR Extension: (AdBlock) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-18]

CHR Extension: (Avast Online Security) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-26]

CHR Extension: (Sniper Team) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2013-09-26]

CHR Extension: (Quotes Book) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfjeadhjbcepmknoanimdbemlobmlpe [2013-12-09]

CHR Extension: (Roomstyler 3D planner) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2013-12-09]

CHR Extension: (Autodesk Homestyler) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-12-09]

CHR Extension: (Cargo Bridge) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2013-10-05]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]

CHR Extension: (Webcam Toy) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-09-27]

CHR Extension: (Sketchpad) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2013-12-09]

CHR Extension: (Floor plans and interior design) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-09-27]

CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2013-10-09]

CHR Extension: (Google Wallet) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Meaning of Names) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nninaahoaamcnfhioafhfnaaegmkfmed [2013-12-09]

CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2014-09-11]

CHR Extension: (Russian LinguaLift) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbeokliillhaggplnppjdanhbajfcej [2013-12-09]

CHR Extension: (BMI Calculator) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbapipcgadndjlpokbcmgohpjpgkbodo [2013-12-09]

CHR Extension: (Cargo Bridge 2) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmphjijgcdpmmnfjbemolkdiidinogml [2013-10-09]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-26] (Avast Software s.r.o.)

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)

R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]

S2 AcronisOSSReinstallSvc; "C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [X]

S2 mi-raysat_3dsmax2011_64; "D:\Autodesk 3ds Max\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-26] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-26] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-26] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-26] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-26] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-26] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-26] ()

R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]

S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]

S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-07] (Duplex Secure Ltd.)

U3 anl8s4gv; C:\Windows\System32\Drivers\anl8s4gv.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]

S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]

S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S1 SASDIFSV; \??\C:\Users\Nele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]

S1 SASKUTIL; \??\C:\Users\Nele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-02-28 13:53 - 5131-02-28 13:55 - 00000280 _____ C:\Users\Nele\Documents\acad.err

2015-06-27 15:35 - 2015-06-27 15:35 - 00275256 _____ C:\Windows\Minidump\062715-18002-01.dmp

2015-06-27 15:29 - 2015-06-27 15:29 - 00275256 _____ C:\Windows\Minidump\062715-20077-01.dmp

2015-06-27 15:27 - 2015-06-27 15:27 - 00000380 _____ C:\Users\Nele\Desktop\fixlist.txt.txt

2015-06-27 13:33 - 2015-06-27 13:33 - 01415680 _____ (wj32) C:\Program Files\05HMYW1O.exe

2015-06-27 13:30 - 2015-06-27 13:30 - 00275256 _____ C:\Windows\Minidump\062715-21184-01.dmp

2015-06-27 13:29 - 2015-06-27 13:29 - 00007168 _____ C:\Windows\SysWOW64\Drivers\utewotcx.sys

2015-06-26 19:20 - 2015-06-26 19:35 - 00000000 ____D C:\Users\Nele\Desktop\avz4

2015-06-26 19:19 - 2015-06-26 19:19 - 09370136 _____ C:\Users\Nele\Desktop\avz4.zip

2015-06-26 17:00 - 2015-06-26 17:00 - 00275256 _____ C:\Windows\Minidump\062615-20623-01.dmp

2015-06-26 16:57 - 2015-06-26 16:57 - 01415680 _____ (wj32) C:\Program Files\6GNX58EX.exe

2015-06-26 16:55 - 2015-06-26 16:55 - 00275256 _____ C:\Windows\Minidump\062615-21871-01.dmp

2015-06-26 14:47 - 2015-06-26 14:47 - 00275256 _____ C:\Windows\Minidump\062615-18735-01.dmp

2015-06-26 14:45 - 2015-06-26 16:58 - 00000000 ___SD C:\32788R22FWJFW

2015-06-26 14:45 - 2015-06-26 14:45 - 00000000 ____D C:\Windows\erdnt

2015-06-26 14:38 - 2015-06-26 14:38 - 05631168 ____R (Swearware) C:\Users\Nele\Desktop\ComboFix.exe

2015-06-26 12:50 - 2015-06-26 12:50 - 00000000 ____D C:\Users\Nele\AppData\Roaming\AVAST Software

2015-06-26 12:43 - 2015-06-26 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-06-26 12:43 - 2015-06-26 12:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe

2015-06-26 12:40 - 2015-06-26 12:44 - 00002082 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-06-26 12:40 - 2015-06-26 12:43 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2015-06-26 12:39 - 2015-06-27 12:43 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys

2015-06-26 12:39 - 2015-06-26 12:39 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys

2015-06-26 12:39 - 2015-06-26 12:39 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys

2015-06-26 12:39 - 2015-06-26 12:39 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys

2015-06-26 12:39 - 2015-06-26 12:39 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys

2015-06-26 12:39 - 2015-06-26 12:39 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-06-26 12:39 - 2015-06-26 12:39 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2015-06-26 12:39 - 2015-06-26 12:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

2015-06-26 12:39 - 2015-06-26 12:39 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys

2015-06-26 12:37 - 2015-06-26 12:38 - 00000000 ____D C:\ProgramData\AVAST Software

2015-06-26 12:35 - 2015-06-26 12:35 - 01415680 _____ (wj32) C:\Program Files\HLPTX137.exe

2015-06-26 12:35 - 2015-06-26 12:35 - 01415680 _____ (wj32) C:\Program Files\59DHLPTD.exe

2015-06-26 12:35 - 2015-06-26 12:35 - 01415680 _____ (wj32) C:\Program Files\59DHLP2V.exe

2015-06-26 12:33 - 2015-06-26 12:39 - 00000000 ____D C:\Program Files\AVAST Software

2015-06-26 12:25 - 2015-06-26 12:25 - 05684904 _____ (Avast Software s.r.o.) C:\Users\Nele\Desktop\avastclear.exe

2015-06-26 00:30 - 2015-06-26 00:32 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Nele\Desktop\avast_free_antivirus_setup.exe

2015-06-26 00:28 - 2015-06-26 00:28 - 01415680 _____ (wj32) C:\Program Files\IWAO6K4A.exe

2015-06-25 17:43 - 2015-06-25 17:43 - 01415680 _____ (wj32) C:\Program Files\6789ABC6.exe

2015-06-25 17:39 - 2015-06-25 17:39 - 00275200 _____ C:\Windows\Minidump\062515-19671-01.dmp

2015-06-25 17:33 - 2015-06-25 17:33 - 02244096 _____ C:\Users\Nele\Desktop\AdwCleaner.exe

2015-06-25 16:55 - 2015-06-25 16:56 - 00070142 _____ C:\Users\Nele\Desktop\Addition.txt

2015-06-25 16:53 - 2015-06-27 20:29 - 00000000 ____D C:\FRST

2015-06-25 16:53 - 2015-06-27 20:28 - 00036063 _____ C:\Users\Nele\Desktop\FRST.txt

2015-06-25 16:52 - 2015-06-25 16:52 - 02112512 _____ (Farbar) C:\Users\Nele\Desktop\FRST64.exe

2015-06-25 13:05 - 2015-06-25 17:36 - 00000000 ____D C:\AdwCleaner

2015-06-25 11:57 - 2015-06-25 12:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-06-25 11:57 - 2015-06-25 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-06-25 11:34 - 2010-05-06 22:59 - 00165032 _____ (ALWIL Software) C:\Windows\SysWOW64\aswBoot.exe

2015-06-25 11:34 - 2010-05-06 22:59 - 00038848 _____ (ALWIL Software) C:\Windows\SysWOW64\avastSS.scr

2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\Users\Nele\AppData\Roaming\SUPERAntiSpyware.com

2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2015-06-24 22:46 - 2015-06-25 11:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-06-24 22:46 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-24 22:46 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-24 00:31 - 2015-06-24 00:31 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-06-22 12:15 - 2015-06-22 12:15 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-06-22 12:14 - 2015-06-22 12:14 - 00003886 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA

2015-06-22 12:13 - 2015-06-27 20:18 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job

2015-06-22 12:13 - 2015-06-27 12:47 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job

2015-06-22 12:13 - 2015-06-22 12:13 - 00003490 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core

2015-06-22 12:13 - 2015-06-22 12:13 - 00000000 ____D C:\Users\Nele\AppData\Local\Dropbox

2015-06-22 12:13 - 2015-06-22 12:13 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 20:24 - 2010-09-08 10:25 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Skype

2015-06-27 20:17 - 2010-09-08 10:05 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E5ADB49E-A812-4FCB-BDC1-A2275DC1A6AD}

2015-06-27 20:02 - 2010-10-30 11:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-27 20:01 - 2013-06-01 16:06 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job

2015-06-27 20:01 - 2013-06-01 16:06 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job

2015-06-27 20:01 - 2012-12-18 17:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-27 20:01 - 2009-07-14 06:51 - 00534523 _____ C:\Windows\setupact.log

2015-06-27 15:44 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-27 15:44 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-27 15:40 - 2010-05-22 19:38 - 01115212 _____ C:\Windows\WindowsUpdate.log

2015-06-27 15:38 - 2010-12-08 01:36 - 00000000 ___RD C:\Users\Nele\Documents\My Dropbox

2015-06-27 15:38 - 2010-12-08 01:34 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Dropbox

2015-06-27 15:36 - 2014-06-25 21:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf90ad789c0738.job

2015-06-27 15:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-27 15:35 - 2010-09-11 02:45 - 00000000 ____D C:\Windows\Minidump

2015-06-27 13:30 - 2010-09-08 11:20 - 01144692 _____ C:\Windows\PFRO.log

2015-06-25 17:24 - 2014-07-30 17:39 - 00000008 __RSH C:\ProgramData\ntuser.pol

2015-06-25 17:20 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2015-06-25 17:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2015-06-25 11:45 - 2009-07-14 07:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-25 11:34 - 2010-09-08 11:09 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2015-06-24 22:10 - 2014-06-02 14:37 - 00000000 ____D C:\The KMPlayer

2015-06-24 19:40 - 2015-05-08 00:31 - 00000445 _____ C:\Users\Nele\Desktop\www.txt

2015-06-24 00:31 - 2012-12-18 17:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-06-24 00:31 - 2012-06-09 10:56 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-24 00:31 - 2011-09-22 14:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-01 12:14 - 2010-04-23 08:04 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-06-27 13:33 - 2015-06-27 13:33 - 1415680 _____ (wj32) C:\Program Files\05HMYW1O.exe

2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLP2V.exe

2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLPTD.exe

2015-06-25 17:43 - 2015-06-25 17:43 - 1415680 _____ (wj32) C:\Program Files\6789ABC6.exe

2015-06-26 16:57 - 2015-06-26 16:57 - 1415680 _____ (wj32) C:\Program Files\6GNX58EX.exe

2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\HLPTX137.exe

2015-06-26 00:28 - 2015-06-26 00:28 - 1415680 _____ (wj32) C:\Program Files\IWAO6K4A.exe

2012-11-03 03:02 - 2012-11-03 03:02 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe AIFF Format CS5 Prefs

2013-10-05 17:32 - 2013-10-05 21:31 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe BMP Format CS5 Prefs

2010-12-23 21:35 - 2010-12-23 22:11 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe IllExport Filter CS5 Prefs

2010-12-23 21:36 - 2014-10-21 14:48 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe PNG Format CS5 Prefs

2012-02-06 02:16 - 2012-02-06 02:16 - 0001456 _____ () C:\Users\Nele\AppData\Local\Adobe Save for Web 12.0 Prefs

2010-09-11 11:33 - 2013-04-09 13:31 - 0004608 _____ () C:\Users\Nele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2011-06-03 16:26 - 2011-06-03 16:26 - 0000000 _____ () C:\Users\Nele\AppData\Local\{3592846F-A0DA-4DBE-AB3C-11CD07981BA6}

2010-10-08 20:57 - 2010-10-27 16:57 - 0000088 __RSH () C:\ProgramData\803487E580.sys

2010-09-08 10:26 - 2010-09-08 10:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

2010-10-08 20:57 - 2010-10-27 16:57 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:

====================

C:\Users\Nele\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpima7gz.dll

C:\Users\Nele\AppData\Local\Temp\Quarantine.exe

C:\Users\Nele\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-23 21:23

==================== End of log ============================

#20
Essexboy

Posted 27 June 2015 - 12:46 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you run this from safe mode please
Reboot the computer and immediately press and hold F8 select safe mode with networking

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-06-27 13:33 - 2015-06-27 13:33 - 1415680 _____ (wj32) C:\Program Files\05HMYW1O.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLP2V.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLPTD.exe
2015-06-25 17:43 - 2015-06-25 17:43 - 1415680 _____ (wj32) C:\Program Files\6789ABC6.exe
2015-06-26 16:57 - 2015-06-26 16:57 - 1415680 _____ (wj32) C:\Program Files\6GNX58EX.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\HLPTX137.exe
2015-06-26 00:28 - 2015-06-26 00:28 - 1415680 _____ (wj32) C:\Program Files\IWAO6K4A.exe
C:\Program Files\kprocesshacker.sys
C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#21
Nele_90

Posted 28 June 2015 - 09:10 AM

Member

Topic Starter
Member
19 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Nele at 2015-06-28 17:02:17 Run:1

Running from C:\Users\Nele\Desktop

Loaded Profiles: Nele (Available Profiles: Nele)

Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:

*****************