Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus doesn't wanna start! [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run this fix, as I have now had two others like this and found the culprits

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements


#17
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Again blue screen!


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have a fresh FRST scan please

Are you able to access safe mode ?
  • 0

#19
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Nele (administrator) on NELE-TOSHIBA on 27-06-2015 20:28:59
Running from C:\Users\Nele\Desktop
Loaded Profiles: Nele (Available Profiles: Nele)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DT Soft Ltd) D:\DAEMON Tools\DAEMON Tools Lite\DTLite.exe
(Akamai Technologies, Inc.) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-03-25] (MyHeritage)
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-27] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nele\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Google Update] => "C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\Run: [Dropbox Update] => C:\Users\Nele\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {0a94210f-9d4a-11e2-b948-00266c66fe20} - H:\AutoRun.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {4b88909a-f603-11df-a4cb-0026b6ff7b83} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {a39c4005-bd00-11df-aa9a-00266c66fe20} - F:\Setup.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b97300f0-f657-11e3-8d14-00266c66fe20} - H:\AutoRun.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b97300fd-f657-11e3-8d14-00266c66fe20} - H:\AutoRun.exe
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\...\MountPoints2: {b9730109-f657-11e3-8d14-00266c66fe20} - I:\AutoRun.exe
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010-09-16]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-23]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-23]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2010-12-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-01-13] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nele\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7078A3BF-BF66-4D05-9076-1D5292D7B64D} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {35989FEC-2CFA-40D8-8B67-20772A75C489} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {35989FEC-2CFA-40D8-8B67-20772A75C489} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> DefaultScope {8C836276-BBAB-450B-8CC7-A6C014DC2E1E} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {35989FEC-2CFA-40D8-8B67-20772A75C489} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {7078A3BF-BF66-4D05-9076-1D5292D7B64D} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {8C836276-BBAB-450B-8CC7-A6C014DC2E1E} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {AEFB8FD2-ADF4-4DC8-A24E-730C71DAD4DD} URL = http://www.amazon.co...ed&linkCode=ur2
SearchScopes: HKU\S-1-5-21-3458131516-997301713-3897728758-1000 -> {F32093E8-6444-45D5-AE3D-182B4062554A} URL = http://rover.ebay.co...e={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-26] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-26] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2010-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2010-05-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @autodesk.com/DWF -> C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll [2011-01-24] (Autodesk)
FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3458131516-997301713-3897728758-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nele\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\Adobe Photoshop CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-12-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Floorplanner) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2013-12-09]
CHR Extension: (Learn French - Très Bien) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2013-12-09]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-12-09]
CHR Extension: (Search Papoy) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg [2013-10-05]
CHR Extension: (Intelligence Quiz) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddnmcopphcfjagpabphnpdnoemoapgo [2013-12-09]
CHR Extension: (Ancient Map) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2014-09-11]
CHR Extension: (Crazy4Jigsaws) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgliemokfgimmfodoeboneoibjklncc [2013-12-09]
CHR Extension: (Kingdom Rush Frontiers) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfibdjbnmndigbklnlllakjbjheiopj [2014-01-26]
CHR Extension: (AdBlock) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-18]
CHR Extension: (Avast Online Security) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-26]
CHR Extension: (Sniper Team) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2013-09-26]
CHR Extension: (Quotes Book) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfjeadhjbcepmknoanimdbemlobmlpe [2013-12-09]
CHR Extension: (Roomstyler 3D planner) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2013-12-09]
CHR Extension: (Autodesk Homestyler) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-12-09]
CHR Extension: (Cargo Bridge) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2013-10-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Webcam Toy) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-09-27]
CHR Extension: (Sketchpad) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2013-12-09]
CHR Extension: (Floor plans and interior design) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-09-27]
CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Meaning of Names) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nninaahoaamcnfhioafhfnaaegmkfmed [2013-12-09]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2014-09-11]
CHR Extension: (Russian LinguaLift) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbeokliillhaggplnppjdanhbajfcej [2013-12-09]
CHR Extension: (BMI Calculator) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbapipcgadndjlpokbcmgohpjpgkbodo [2013-12-09]
CHR Extension: (Cargo Bridge 2) - C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmphjijgcdpmmnfjbemolkdiidinogml [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-26] (Avast Software s.r.o.)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]
S2 AcronisOSSReinstallSvc; "C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [X]
S2 mi-raysat_3dsmax2011_64; "D:\Autodesk 3ds Max\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-26] ()
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-07] (Duplex Secure Ltd.)
U3 anl8s4gv; C:\Windows\System32\Drivers\anl8s4gv.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 SASDIFSV; \??\C:\Users\Nele\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Nele\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-02-28 13:53 - 5131-02-28 13:55 - 00000280 _____ C:\Users\Nele\Documents\acad.err
2015-06-27 15:35 - 2015-06-27 15:35 - 00275256 _____ C:\Windows\Minidump\062715-18002-01.dmp
2015-06-27 15:29 - 2015-06-27 15:29 - 00275256 _____ C:\Windows\Minidump\062715-20077-01.dmp
2015-06-27 15:27 - 2015-06-27 15:27 - 00000380 _____ C:\Users\Nele\Desktop\fixlist.txt.txt
2015-06-27 13:33 - 2015-06-27 13:33 - 01415680 _____ (wj32) C:\Program Files\05HMYW1O.exe
2015-06-27 13:30 - 2015-06-27 13:30 - 00275256 _____ C:\Windows\Minidump\062715-21184-01.dmp
2015-06-27 13:29 - 2015-06-27 13:29 - 00007168 _____ C:\Windows\SysWOW64\Drivers\utewotcx.sys
2015-06-26 19:20 - 2015-06-26 19:35 - 00000000 ____D C:\Users\Nele\Desktop\avz4
2015-06-26 19:19 - 2015-06-26 19:19 - 09370136 _____ C:\Users\Nele\Desktop\avz4.zip
2015-06-26 17:00 - 2015-06-26 17:00 - 00275256 _____ C:\Windows\Minidump\062615-20623-01.dmp
2015-06-26 16:57 - 2015-06-26 16:57 - 01415680 _____ (wj32) C:\Program Files\6GNX58EX.exe
2015-06-26 16:55 - 2015-06-26 16:55 - 00275256 _____ C:\Windows\Minidump\062615-21871-01.dmp
2015-06-26 14:47 - 2015-06-26 14:47 - 00275256 _____ C:\Windows\Minidump\062615-18735-01.dmp
2015-06-26 14:45 - 2015-06-26 16:58 - 00000000 ___SD C:\32788R22FWJFW
2015-06-26 14:45 - 2015-06-26 14:45 - 00000000 ____D C:\Windows\erdnt
2015-06-26 14:38 - 2015-06-26 14:38 - 05631168 ____R (Swearware) C:\Users\Nele\Desktop\ComboFix.exe
2015-06-26 12:50 - 2015-06-26 12:50 - 00000000 ____D C:\Users\Nele\AppData\Roaming\AVAST Software
2015-06-26 12:43 - 2015-06-26 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-26 12:43 - 2015-06-26 12:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-26 12:40 - 2015-06-26 12:44 - 00002082 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-26 12:40 - 2015-06-26 12:43 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-26 12:39 - 2015-06-27 12:43 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-26 12:39 - 2015-06-26 12:39 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-26 12:39 - 2015-06-26 12:39 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-26 12:39 - 2015-06-26 12:39 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-26 12:39 - 2015-06-26 12:39 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-26 12:39 - 2015-06-26 12:39 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-26 12:39 - 2015-06-26 12:39 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-26 12:39 - 2015-06-26 12:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-26 12:39 - 2015-06-26 12:39 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-26 12:37 - 2015-06-26 12:38 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-26 12:35 - 2015-06-26 12:35 - 01415680 _____ (wj32) C:\Program Files\HLPTX137.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 01415680 _____ (wj32) C:\Program Files\59DHLPTD.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 01415680 _____ (wj32) C:\Program Files\59DHLP2V.exe
2015-06-26 12:33 - 2015-06-26 12:39 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-26 12:25 - 2015-06-26 12:25 - 05684904 _____ (Avast Software s.r.o.) C:\Users\Nele\Desktop\avastclear.exe
2015-06-26 00:30 - 2015-06-26 00:32 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Nele\Desktop\avast_free_antivirus_setup.exe
2015-06-26 00:28 - 2015-06-26 00:28 - 01415680 _____ (wj32) C:\Program Files\IWAO6K4A.exe
2015-06-25 17:43 - 2015-06-25 17:43 - 01415680 _____ (wj32) C:\Program Files\6789ABC6.exe
2015-06-25 17:39 - 2015-06-25 17:39 - 00275200 _____ C:\Windows\Minidump\062515-19671-01.dmp
2015-06-25 17:33 - 2015-06-25 17:33 - 02244096 _____ C:\Users\Nele\Desktop\AdwCleaner.exe
2015-06-25 16:55 - 2015-06-25 16:56 - 00070142 _____ C:\Users\Nele\Desktop\Addition.txt
2015-06-25 16:53 - 2015-06-27 20:29 - 00000000 ____D C:\FRST
2015-06-25 16:53 - 2015-06-27 20:28 - 00036063 _____ C:\Users\Nele\Desktop\FRST.txt
2015-06-25 16:52 - 2015-06-25 16:52 - 02112512 _____ (Farbar) C:\Users\Nele\Desktop\FRST64.exe
2015-06-25 13:05 - 2015-06-25 17:36 - 00000000 ____D C:\AdwCleaner
2015-06-25 11:57 - 2015-06-25 12:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-25 11:57 - 2015-06-25 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-25 11:34 - 2010-05-06 22:59 - 00165032 _____ (ALWIL Software) C:\Windows\SysWOW64\aswBoot.exe
2015-06-25 11:34 - 2010-05-06 22:59 - 00038848 _____ (ALWIL Software) C:\Windows\SysWOW64\avastSS.scr
2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\Users\Nele\AppData\Roaming\SUPERAntiSpyware.com
2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-06-24 22:46 - 2015-06-25 11:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-24 22:46 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-24 22:46 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-24 00:31 - 2015-06-24 00:31 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-22 12:15 - 2015-06-22 12:15 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-22 12:14 - 2015-06-22 12:14 - 00003886 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA
2015-06-22 12:13 - 2015-06-27 20:18 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job
2015-06-22 12:13 - 2015-06-27 12:47 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job
2015-06-22 12:13 - 2015-06-22 12:13 - 00003490 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core
2015-06-22 12:13 - 2015-06-22 12:13 - 00000000 ____D C:\Users\Nele\AppData\Local\Dropbox
2015-06-22 12:13 - 2015-06-22 12:13 - 00000000 ____D C:\ProgramData\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 20:24 - 2010-09-08 10:25 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Skype
2015-06-27 20:17 - 2010-09-08 10:05 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E5ADB49E-A812-4FCB-BDC1-A2275DC1A6AD}
2015-06-27 20:02 - 2010-10-30 11:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 20:01 - 2013-06-01 16:06 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000UA.job
2015-06-27 20:01 - 2013-06-01 16:06 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458131516-997301713-3897728758-1000Core.job
2015-06-27 20:01 - 2012-12-18 17:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-27 20:01 - 2009-07-14 06:51 - 00534523 _____ C:\Windows\setupact.log
2015-06-27 15:44 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-27 15:44 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-27 15:40 - 2010-05-22 19:38 - 01115212 _____ C:\Windows\WindowsUpdate.log
2015-06-27 15:38 - 2010-12-08 01:36 - 00000000 ___RD C:\Users\Nele\Documents\My Dropbox
2015-06-27 15:38 - 2010-12-08 01:34 - 00000000 ____D C:\Users\Nele\AppData\Roaming\Dropbox
2015-06-27 15:36 - 2014-06-25 21:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf90ad789c0738.job
2015-06-27 15:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 15:35 - 2010-09-11 02:45 - 00000000 ____D C:\Windows\Minidump
2015-06-27 13:30 - 2010-09-08 11:20 - 01144692 _____ C:\Windows\PFRO.log
2015-06-25 17:24 - 2014-07-30 17:39 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-25 17:20 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-25 17:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-06-25 11:45 - 2009-07-14 07:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-25 11:34 - 2010-09-08 11:09 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2015-06-24 22:10 - 2014-06-02 14:37 - 00000000 ____D C:\The KMPlayer
2015-06-24 19:40 - 2015-05-08 00:31 - 00000445 _____ C:\Users\Nele\Desktop\www.txt
2015-06-24 00:31 - 2012-12-18 17:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 00:31 - 2012-06-09 10:56 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 00:31 - 2011-09-22 14:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 12:14 - 2010-04-23 08:04 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2015-06-27 13:33 - 2015-06-27 13:33 - 1415680 _____ (wj32) C:\Program Files\05HMYW1O.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLP2V.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLPTD.exe
2015-06-25 17:43 - 2015-06-25 17:43 - 1415680 _____ (wj32) C:\Program Files\6789ABC6.exe
2015-06-26 16:57 - 2015-06-26 16:57 - 1415680 _____ (wj32) C:\Program Files\6GNX58EX.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\HLPTX137.exe
2015-06-26 00:28 - 2015-06-26 00:28 - 1415680 _____ (wj32) C:\Program Files\IWAO6K4A.exe
2012-11-03 03:02 - 2012-11-03 03:02 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-10-05 17:32 - 2013-10-05 21:31 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-12-23 21:35 - 2010-12-23 22:11 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2010-12-23 21:36 - 2014-10-21 14:48 - 0000132 _____ () C:\Users\Nele\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-02-06 02:16 - 2012-02-06 02:16 - 0001456 _____ () C:\Users\Nele\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-09-11 11:33 - 2013-04-09 13:31 - 0004608 _____ () C:\Users\Nele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-03 16:26 - 2011-06-03 16:26 - 0000000 _____ () C:\Users\Nele\AppData\Local\{3592846F-A0DA-4DBE-AB3C-11CD07981BA6}
2010-10-08 20:57 - 2010-10-27 16:57 - 0000088 __RSH () C:\ProgramData\803487E580.sys
2010-09-08 10:26 - 2010-09-08 10:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-08 20:57 - 2010-10-27 16:57 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\Nele\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpima7gz.dll
C:\Users\Nele\AppData\Local\Temp\Quarantine.exe
C:\Users\Nele\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 21:23
 
==================== End of log ============================

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run this from safe mode please
Reboot the computer and immediately press and hold F8 select safe mode with networking

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-06-27 13:33 - 2015-06-27 13:33 - 1415680 _____ (wj32) C:\Program Files\05HMYW1O.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLP2V.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLPTD.exe
2015-06-25 17:43 - 2015-06-25 17:43 - 1415680 _____ (wj32) C:\Program Files\6789ABC6.exe
2015-06-26 16:57 - 2015-06-26 16:57 - 1415680 _____ (wj32) C:\Program Files\6GNX58EX.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\HLPTX137.exe
2015-06-26 00:28 - 2015-06-26 00:28 - 1415680 _____ (wj32) C:\Program Files\IWAO6K4A.exe
C:\Program Files\kprocesshacker.sys
C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#21
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Nele at 2015-06-28 17:02:17 Run:1
Running from C:\Users\Nele\Desktop
Loaded Profiles: Nele (Available Profiles: Nele)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
R2 VSSS; C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103669504 2015-06-23] (Microsoft Corporation) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-06-27 13:33 - 2015-06-27 13:33 - 1415680 _____ (wj32) C:\Program Files\05HMYW1O.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLP2V.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\59DHLPTD.exe
2015-06-25 17:43 - 2015-06-25 17:43 - 1415680 _____ (wj32) C:\Program Files\6789ABC6.exe
2015-06-26 16:57 - 2015-06-26 16:57 - 1415680 _____ (wj32) C:\Program Files\6GNX58EX.exe
2015-06-26 12:35 - 2015-06-26 12:35 - 1415680 _____ (wj32) C:\Program Files\HLPTX137.exe
2015-06-26 00:28 - 2015-06-26 00:28 - 1415680 _____ (wj32) C:\Program Files\IWAO6K4A.exe
C:\Program Files\kprocesshacker.sys
C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
VSSS => Service removed successfully
KProcessHacker2 => Service not found.
C:\Program Files\05HMYW1O.exe => moved successfully.
C:\Program Files\59DHLP2V.exe => moved successfully.
C:\Program Files\59DHLPTD.exe => moved successfully.
C:\Program Files\6789ABC6.exe => moved successfully.
C:\Program Files\6GNX58EX.exe => moved successfully.
C:\Program Files\HLPTX137.exe => moved successfully.
C:\Program Files\IWAO6K4A.exe => moved successfully.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
C:\Users\Nele\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3458131516-997301713-3897728758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.
 
 
 
========= End of CMD: =========
 
EmptyTemp: => 357.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 17:02:57 ====

  • 0

#22
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I'm not sure yet, but I think everything is working well now! :)


  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should be OK now, your AV may need to be repaired as this appears to do some damage to the scanning mechanism

If you could run a quick scan to ensure that it is OK and let me know
  • 0

#24
Nele_90

Nele_90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I scanned it and it found one threat (internet explorer).

I think now everything is all right.

 

Thank you a lot! / Хвала!
 


  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP