Solved PUM.DNS and Rogue Killer

J

jcrs1

Posts: 17   +0
Hi,

This is my first ever time posting anything on any forum; and I am a super-duper novice.

Recently, I let someone insert a USB on my laptop; and that infected my computer wherein I was not able to use my Malwarebytes Antimalware.

So, I made attempts to remove the problem; and it appeared that I was successful.

Today, while looking at my web browser, Firefox, I noticed that my home page had a link (login.hhtx.com?). I looked it up and apparently it is a RAT. So, I made attempts to remove it until I decided to uninstall Firefox.

So, I have run Maleware Antimalware and RogueKiller. After completion, Rogue indicates that I have PUM.DNS in the registry (I think there were four of them). So, I deleted them, restarted my computer, ran Rogue again....and I get the same thing without Firefox.

So, I have looked on this website and found a similar problem. But, I do not know.

I did the following steps:
1. Downloaded and ran AdwCleaner with all programs and internet browser closed. All checked items found by the program were cleaned.
2. Downloaded and ran Junkware Removal Tool including disabling my Antivirus and Malware programs. I have attached the file JRT.txt.
3. Downloaded and ran Security Check. I have attached checkup.txt.
4. Downloaded and ran Malwarebytes' Anti-Rootkit. It has indicated that I do not have any malware.

Is there anyone out there who can assist me? I do not want to reformat my computer. I believe this issue is not super major, but I want to get rid of it.

Please see the attached files.

Thank you for your help.
 

Attachments

  • JRT.txt
    1.4 KB · Views: 0
  • checkup.txt
    833 bytes · Views: 0
  • mbar-log-2015-11-14 (17-30-09).txt
    2.1 KB · Views: 0
  • system-log.txt
    24.2 KB · Views: 0
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you.
Here is a copy of FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by TOSHIBA-PC (administrator) on TOSHIBA-PC-PC (14-11-2015 20:36:24)
Running from C:\Users\TOSHIBA-PC\Desktop
Loaded Profiles: TOSHIBA-PC & (Available Profiles: TOSHIBA-PC)
Platform: Microsoft Windows 10 Home (X86) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\Backblaze\bzserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15081.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527880 2015-06-12] (Synaptics Incorporated)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [haozipcd] => C:\Program Files\HaoZip\HaoZipCD.exe [256264 2012-07-26] (瑞创网络)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [Backblaze] => C:\Program Files\Backblaze\bzbui.exe [581800 2015-10-23] ()
HKU\S-1-5-21-477176046-21664723-1367556538-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [haozipcd] => C:\Program Files\HaoZip\HaoZipCD.exe [256264 2012-07-26] (瑞创网络)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Backblaze] => C:\Program Files\Backblaze\bzbui.exe [581800 2015-10-23] ()
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-09-17]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Accurate Times.lnk [2014-09-13]
ShortcutTarget: Accurate Times.lnk -> C:\Accurate Times\alert63.exe (JAS)
Startup: C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-13]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{148f2ba4-8d03-4c77-a463-a5993d6b4e59}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-477176046-21664723-1367556538-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-09-17] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-09-17] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://login.hhtxnet.com/search.php?q=
FF Keyword.URL: hxxp://login.hhtxnet.com/search.php?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-09-17] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-20] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-477176046-21664723-1367556538-1000: @citrixonline.com/appdetectorplugin -> C:\Users\TOSHIBA-PC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\TOSHIBA-PC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-18] (Citrix Online)
FF SearchPlugin: C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\searchplugins\duckduckgo.xml [2014-10-07]
FF SearchPlugin: C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\searchplugins\startpage-ssl.xml [2015-10-23]
FF Extension: LastPass - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\support@lastpass.com [2015-09-27]
FF Extension: WOT - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-10]
FF Extension: Disconnect - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\2.0@disconnect.me.xpi [2015-05-29]
FF Extension: Ghostery - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\firefox@ghostery.com.xpi [2015-11-06]
FF Extension: MEGA - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\firefox@mega.co.nz.xpi [2015-11-13] [not signed]
FF Extension: Lightbeam - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-05-27]
FF Extension: NoScript - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-10-29]
FF Extension: Adblock Plus - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: No Name - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-10-02] [not signed]
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA-PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\TOSHIBA-PC\AppData\Roaming\IDM\idmmzcc5 [2015-10-18] [not signed]
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA-PC\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://searchou.com/?id=54091e3600000000000000ffdeb7792f"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Beautiful landscape) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2015-11-14]
CHR Extension: (WikiTube) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj [2015-05-09]
CHR Extension: (Google Docs) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (Turn Off the Lights) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-09-05]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-05]
CHR Extension: (MEGA) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-11-14]
CHR Extension: (YouTube) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-11-14]
CHR Extension: (Adblock Plus) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-13]
CHR Extension: (Add to Amazon Wish List) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-13]
CHR Extension: (Google Search) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Avira SafeSearch) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-11-13]
CHR Extension: (Google Calendar) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-11-13]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-05-02]
CHR Extension: (PanicButton) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-09-13]
CHR Extension: (Dashlane) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-09-05]
CHR Extension: (WikiMapper) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\feiheebgoilmbkaddngcoocjbogfchlb [2014-09-28]
CHR Extension: (Google Sheets) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Avira Browser Safety) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-11-13]
CHR Extension: (Marvel Comics) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2014-09-13]
CHR Extension: (Disconnect Search) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-02-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-09-13]
CHR Extension: (Tradair Analytics) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfdibgccmdloekfajpdialdmhlacfkb [2015-01-31]
CHR Extension: (Disconnect) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-09-05]
CHR Extension: (StumbleUpon) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-09-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (The Independent) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai [2015-07-13]
CHR Extension: (Google Mail Checker) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-09-13]
CHR Extension: (Google Play Books) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-07-13]
CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-05]
CHR Extension: (Click&Clean App) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-11-13]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-09-13]
CHR Extension: (Gmail) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKU\S-1-5-21-477176046-21664723-1367556538-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [936544 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1105952 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 bzserv; C:\Program Files\Backblaze\bzserv.exe [341672 2015-10-23] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1883320 2015-10-07] (Microsoft Corporation)
S2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [216776 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105352 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [138800 2015-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [55912 2015-09-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [26328 2014-09-19] (Sony Mobile Communications)
R3 HaoZipVirtualCDBus; C:\WINDOWS\System32\drivers\HaoZipVirtualCDBus.sys [115288 2012-07-24] (Shanghai RuiChuang)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [13224 2006-10-20] (Chicony)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [30840 2015-02-09] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-07-10] (Intel Corporation)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-06-12] (Synaptics Incorporated)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [50280 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 20:36 - 2015-11-14 20:37 - 00027662 _____ C:\Users\TOSHIBA-PC\Desktop\FRST.txt
2015-11-14 20:20 - 2015-11-14 20:20 - 00016148 _____ C:\WINDOWS\system32\TOSHIBA-PC-PC_TOSHIBA-PC_HistoryPrediction.bin
2015-11-14 19:11 - 2015-11-14 19:11 - 00000000 ____D C:\Program Files\ESET
2015-11-14 19:10 - 2015-11-14 19:11 - 02870984 _____ (ESET) C:\Users\TOSHIBA-PC\Desktop\esetsmartinstaller_enu.exe
2015-11-14 18:38 - 2015-11-14 18:38 - 00000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2015-11-14 17:21 - 2015-11-14 18:33 - 00000000 ____D C:\Users\TOSHIBA-PC\Desktop\mbar
2015-11-14 17:20 - 2015-11-14 17:20 - 00000833 _____ C:\Users\TOSHIBA-PC\Desktop\checkup.txt
2015-11-14 17:18 - 2015-11-14 17:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\TOSHIBA-PC\Desktop\mbar-1.09.3.1001.exe
2015-11-14 17:10 - 2015-11-14 17:11 - 00852720 _____ C:\Users\TOSHIBA-PC\Desktop\SecurityCheck.exe
2015-11-14 17:09 - 2015-11-14 17:09 - 00001480 _____ C:\Users\TOSHIBA-PC\Desktop\JRT.txt
2015-11-14 16:59 - 2015-11-14 16:59 - 01801288 _____ (Malwarebytes) C:\Users\TOSHIBA-PC\Desktop\JRT.exe
2015-11-14 16:54 - 2015-11-14 16:54 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-14 16:54 - 2015-11-14 16:54 - 00000000 _____ C:\WINDOWS\setupact.log
2015-11-14 16:42 - 2015-11-14 16:45 - 00000000 ____D C:\AdwCleaner
2015-11-14 16:39 - 2015-11-14 16:41 - 01729536 _____ C:\Users\TOSHIBA-PC\Desktop\adwcleaner_5.020.exe
2015-11-14 15:15 - 2015-11-14 15:15 - 00000000 ___HD C:\OneDriveTemp
2015-11-14 11:58 - 2015-11-14 14:25 - 00018662 _____ C:\Users\TOSHIBA-PC\Desktop\Backup of Orientalism and Islamophobia.wbk
2015-11-13 20:44 - 2015-11-13 20:45 - 00120719 _____ C:\Users\TOSHIBA-PC\Desktop\CheckResults.txt
2015-11-13 17:45 - 2015-11-13 17:45 - 01682416 _____ (Malwarebytes Corporation) C:\Users\TOSHIBA-PC\Desktop\mbam-check-2.1.1.1001.exe
2015-11-13 16:44 - 2015-11-14 08:55 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\CrashDumps
2015-11-13 15:05 - 2015-11-13 15:08 - 18979400 _____ C:\Users\TOSHIBA-PC\Desktop\RogueKiller.exe
2015-11-13 08:57 - 2015-11-14 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-13 08:53 - 2015-11-13 13:28 - 00000000 ____D C:\mbar
2015-11-13 07:15 - 2015-11-14 18:40 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-13 07:15 - 2015-11-13 09:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-13 06:46 - 2015-11-14 20:36 - 00000000 ____D C:\FRST
2015-11-13 06:46 - 2015-11-13 06:46 - 01702400 _____ (Farbar) C:\Users\TOSHIBA-PC\Desktop\Find.com
2015-11-13 06:40 - 2015-11-13 06:40 - 01702400 _____ (Farbar) C:\Users\TOSHIBA-PC\Desktop\FRST.exe
2015-11-13 06:24 - 2015-11-13 06:24 - 00002511 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-11-13 06:24 - 2015-11-13 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-11-12 20:37 - 2015-11-12 20:37 - 00001299 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\VS Revo Group
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\Program Files\VS Revo Group
2015-11-12 20:37 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-11-11 18:16 - 2015-11-14 11:05 - 00000000 __SHD C:\[Smad-Cage]
2015-11-11 18:16 - 2015-11-11 19:49 - 00000000 ____D C:\Program Files\SMADAV
2015-11-11 18:16 - 2015-11-11 18:16 - 00001083 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2015-11-11 18:16 - 2015-11-11 18:16 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\Smadav
2015-11-11 18:16 - 2015-11-11 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2015-11-11 06:45 - 2015-11-05 07:34 - 06265696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 06:45 - 2015-11-05 07:34 - 00558944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 06:45 - 2015-11-05 07:34 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 06:45 - 2015-11-05 07:32 - 00479072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 06:45 - 2015-11-05 07:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 06:45 - 2015-11-05 07:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:45 - 2015-11-05 07:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 06:45 - 2015-11-05 07:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 06:45 - 2015-11-05 07:14 - 00923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 06:45 - 2015-11-05 07:14 - 00024256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 06:45 - 2015-11-05 07:13 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 06:45 - 2015-11-05 06:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 06:45 - 2015-11-05 06:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:45 - 2015-11-05 06:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 06:45 - 2015-11-05 06:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 06:45 - 2015-11-05 06:40 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 06:45 - 2015-11-05 06:39 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 06:45 - 2015-11-05 06:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 06:45 - 2015-11-05 06:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 06:45 - 2015-11-05 06:35 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 06:45 - 2015-11-05 06:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 06:45 - 2015-11-05 06:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:45 - 2015-11-05 06:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:45 - 2015-11-05 06:32 - 00738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 06:45 - 2015-11-05 06:30 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 06:45 - 2015-11-05 06:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 06:45 - 2015-11-05 06:30 - 00546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 06:45 - 2015-11-05 06:29 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 06:45 - 2015-11-05 06:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:45 - 2015-11-05 06:27 - 02985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 06:45 - 2015-11-05 06:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 06:45 - 2015-11-05 06:27 - 01135104 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 06:45 - 2015-11-05 06:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 06:45 - 2015-11-05 06:24 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 06:45 - 2015-11-05 06:24 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 06:45 - 2015-11-05 06:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 06:18 - 2015-11-13 09:32 - 00000000 ___HD C:\Users\TOSHIBA-PC\AppData\Roaming\jokwsyc
2015-11-11 06:18 - 2015-11-11 06:18 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-11-08 06:09 - 2015-07-19 15:44 - 00001070 _____ C:\Users\TOSHIBA-PC\Desktop\Important Info 4 the Family.txt
2015-10-26 09:01 - 2008-11-13 10:25 - 00137024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinet.ocx
2015-10-26 09:01 - 2005-06-10 13:22 - 00450560 _____ (Sky Software) C:\WINDOWS\system32\filevw61.ocx
2015-10-26 09:01 - 2005-06-10 13:22 - 00352256 _____ (Sky Software) C:\WINDOWS\system32\shcmb61.ocx
2015-10-26 09:01 - 2005-06-10 13:21 - 00417792 _____ (Sky Software) C:\WINDOWS\system32\fldrvw61.ocx
2015-10-26 09:01 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.ocx
2015-10-26 09:01 - 2005-04-13 03:00 - 00331784 _____ (VBGold Software) C:\WINDOWS\system32\aresize.ocx
2015-10-26 09:01 - 2004-10-02 09:36 - 00212240 _____ (Microsoft Corporation) C:\WINDOWS\system32\richtx32.ocx
2015-10-26 09:01 - 1999-09-28 21:42 - 01050896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet35.dll
2015-10-26 09:01 - 1998-06-18 10:33 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vb5db.dll
2015-10-26 09:01 - 1998-05-18 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbar332.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00407312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl35.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd2x35.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00123664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint35.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjter35.dll
2015-10-26 09:01 - 1997-07-19 19:00 - 00227600 _____ (Microsoft) C:\WINDOWS\system32\msflxgrd.ocx
2015-10-23 07:20 - 2015-10-23 07:20 - 00000000 ___HD C:\.bzvol
2015-10-23 07:20 - 2015-10-23 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze
2015-10-23 07:19 - 2015-10-23 07:20 - 00000000 ____D C:\Program Files\Backblaze
2015-10-23 07:19 - 2015-10-23 07:19 - 00000000 ____D C:\ProgramData\Backblaze
2015-10-18 06:03 - 2015-09-25 06:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-18 06:02 - 2015-10-10 09:44 - 00069312 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-18 06:02 - 2015-10-06 05:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-18 06:02 - 2015-10-01 06:36 - 01034032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-18 06:02 - 2015-10-01 06:36 - 00907992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-18 06:02 - 2015-10-01 06:36 - 00869232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-18 06:02 - 2015-10-01 06:36 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-18 06:02 - 2015-10-01 05:40 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-18 06:02 - 2015-09-25 06:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-18 06:02 - 2015-09-25 06:31 - 00368992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-18 06:02 - 2015-09-25 06:21 - 00851296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-18 06:02 - 2015-09-25 05:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-18 06:02 - 2015-09-25 05:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-18 06:02 - 2015-09-25 05:43 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-18 06:02 - 2015-09-25 05:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-18 06:02 - 2015-09-25 05:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-18 06:02 - 2015-09-25 05:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-18 06:02 - 2015-09-25 05:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-18 06:02 - 2015-09-25 05:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-18 06:02 - 2015-09-25 05:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-18 06:02 - 2015-09-25 05:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-18 06:02 - 2015-09-25 05:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-18 06:02 - 2015-09-25 05:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-16 15:29 - 2015-06-12 05:00 - 00123968 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 20:36 - 2014-09-13 00:57 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\HaoZip
2015-11-14 19:51 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-14 19:43 - 2015-07-18 22:03 - 00000620 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-477176046-21664723-1367556538-1000.job
2015-11-14 19:20 - 2014-09-13 01:24 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 19:18 - 2014-09-13 00:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-14 18:49 - 2015-07-18 22:03 - 00000716 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-477176046-21664723-1367556538-1000.job
2015-11-14 18:37 - 2014-10-05 18:52 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-14 17:22 - 2014-09-13 00:59 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\DMCache
2015-11-14 17:21 - 2014-10-05 18:51 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-14 17:17 - 2014-09-13 00:59 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\IDM
2015-11-14 17:07 - 2014-09-13 00:34 - 00000000 __RDO C:\Users\TOSHIBA-PC\OneDrive
2015-11-14 16:53 - 2015-09-16 21:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-14 16:51 - 2014-09-13 00:59 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\Skype
2015-11-14 16:50 - 2014-09-13 18:33 - 00000000 ___RD C:\Users\TOSHIBA-PC\Google Drive
2015-11-14 16:49 - 2014-12-25 18:24 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\HTC MediaHub
2015-11-14 16:49 - 2014-09-13 01:24 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 16:48 - 2015-07-10 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 15:51 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-11-14 15:12 - 2015-07-10 09:59 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 15:07 - 2014-09-12 23:37 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\vlc
2015-11-14 15:03 - 2015-09-04 22:14 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 14:00 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-14 10:52 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-13 17:44 - 2014-09-13 00:19 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\VirtualStore
2015-11-13 15:00 - 2014-10-09 12:59 - 00000000 ____D C:\Users\TOSHIBA-PC\Documents\Batman Eternal
2015-11-13 15:00 - 2014-09-25 14:50 - 00000000 ____D C:\shamela_arrawdah
2015-11-13 13:33 - 2014-09-15 06:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 13:24 - 2014-09-15 06:11 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-13 11:45 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\rescache
2015-11-13 09:47 - 2014-09-18 21:43 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\uTorrent
2015-11-13 09:44 - 2015-07-10 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-13 08:49 - 2014-09-17 21:28 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\LocalLow\LastPass
2015-11-13 06:56 - 2014-10-05 18:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-13 06:05 - 2014-09-16 10:36 - 00000999 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-11-13 06:05 - 2014-09-16 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-11-13 06:05 - 2014-09-16 10:35 - 00000000 ____D C:\Program Files\Calibre2
2015-11-11 17:49 - 2015-09-04 21:53 - 00000000 ____D C:\Users\TOSHIBA-PC
2015-11-11 17:04 - 2014-09-13 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-11 16:46 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-11-11 16:46 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 16:45 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-11 16:28 - 2014-09-13 01:26 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 06:25 - 2015-09-01 20:33 - 00001165 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-11 06:25 - 2014-09-13 12:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-10 18:28 - 2014-09-06 12:25 - 00000000 ____D C:\Users\TOSHIBA-PC\Downloads\Compressed
2015-11-06 11:45 - 2014-09-06 12:25 - 00000000 ____D C:\Users\TOSHIBA-PC\Downloads\Video
2015-11-05 07:34 - 2015-07-10 12:53 - 00810672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-03 21:20 - 2015-07-10 11:29 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-03 21:20 - 2015-07-10 11:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-31 19:26 - 2015-09-04 22:55 - 00002345 _____ C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-30 08:28 - 2014-09-20 12:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-26 09:01 - 2014-09-29 08:33 - 00001937 _____ C:\Users\TOSHIBA-PC\Desktop\المكتبة الشاملة.lnk
2015-10-26 09:01 - 2014-09-25 15:33 - 00001965 _____ C:\Users\Public\Desktop\المكتبة الشاملة.lnk
2015-10-26 09:01 - 2014-09-25 14:55 - 00000000 ____D C:\Program Files\shamela
2015-10-23 13:32 - 2014-09-15 21:06 - 00000000 ____D C:\Users\TOSHIBA-PC\Documents\Calibre Library
2015-10-18 06:42 - 2014-10-05 18:51 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-18 06:42 - 2014-10-05 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-18 06:04 - 2014-09-13 00:58 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-10-17 17:36 - 2014-09-13 20:47 - 00598395 _____ C:\Users\TOSHIBA-PC\Documents\02. Islam and the Workplace.pptx
2015-10-16 07:48 - 2014-09-13 18:24 - 00002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-10-16 07:48 - 2014-09-13 18:24 - 00002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-16 07:48 - 2014-09-13 18:24 - 00002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-10-16 07:48 - 2014-09-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-15 20:38 - 2014-10-11 12:14 - 00002045 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-10-15 20:38 - 2014-09-19 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-10-15 20:38 - 2014-09-19 16:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

==================== Files in the root of some directories =======

2014-09-17 21:28 - 2014-09-17 21:28 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-09-04 21:49 - 2015-09-04 21:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\TOSHIBA-PC\msvbvm60.dll


Some files in TEMP:
====================
C:\Users\TOSHIBA-PC\AppData\Local\Temp\avgnt.exe
C:\Users\TOSHIBA-PC\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TOSHIBA-PC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TOSHIBA-PC\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-13 10:34

==================== End of FRST.txt ============================
 
Here is Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by TOSHIBA-PC (2015-11-14 20:38:04)
Running from C:\Users\TOSHIBA-PC\Desktop
Microsoft Windows 10 Home (X86) (2015-09-04 19:34:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-477176046-21664723-1367556538-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-477176046-21664723-1367556538-503 - Limited - Disabled)
Guest (S-1-5-21-477176046-21664723-1367556538-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-477176046-21664723-1367556538-1002 - Limited - Enabled)
TOSHIBA-PC (S-1-5-21-477176046-21664723-1367556538-1000 - Administrator - Enabled) => C:\Users\TOSHIBA-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Accurate Times 5.3.8 (HKLM\...\Accurate Times_is1) (Version: - Mohammad Odeh (ICOP))
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Aviator (HKLM\...\{B0E4AA1D-76A7-48B5-AAA1-D68BDBB1FF99}) (Version: 2.3 - WhiteHat Security, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.14.259 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Backblaze (HKLM\...\Backblaze) (Version: - Backblaze, Inc)
calibre (HKLM\...\{00A9870A-DA5A-4825-BEC9-F93FD41DE157}) (Version: 2.43.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDisplayEx 1.10.14 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)
Citrix Online Launcher (HKLM\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Evernote v. 5.9.1 (HKLM\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.4.2.3880 (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\GoToMeeting) (Version: 7.4.2.3880 - CitrixOnline)
GoToMeeting 7.4.2.3880 (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.4.2.3880 - CitrixOnline)
HaoZip (HKLM\...\HaoZip) (Version: v3.0 - Ruichuang Network Technology Co.,Ltd)
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - اسم شركتك)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Juniper Networks Setup Client (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft LifeCam (HKLM\...\{412669E8-86CE-4B15-A2D2-F5B0BA9939EF}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM\...\{90150000-001F-0401-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
PDF-XChange Editor (HKLM\...\{cd8b4917-1251-479d-b096-d52170473bb3}) (Version: 5.5.314.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM\...\{D9E4302E-EB32-4133-BB61-7FF3E19BBCF8}) (Version: 5.5.315.0 - Tracker Software Products (Canada) Ltd.)
Quran In Ms Word version 2.2 (HKLM\...\{132492C5-5EBD-4A88-8686-F4DD15ECFFAE}_is1) (Version: 2.2 - taufiqproduct, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.289 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Telegram Desktop version 0.9.10 (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.10 - Telegram Messenger LLP)
Telegram Desktop version 0.9.10 (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.10 - Telegram Messenger LLP)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
مصحف المدينة النبوية للنشر الحاسوبي (HKLM\...\{B88D349E-0037-4177-B3C7-B368F487CE42}) (Version: 2.0 - مجمع الملك فهد لطباعة المصحف الشريف)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-477176046-21664723-1367556538-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3019\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

12-11-2015 20:38:26 Revo Uninstaller Pro's restore point - Spyhunter
13-11-2015 09:36:19 Malwarebytes Anti-Rootkit Restore Point
14-11-2015 14:17:53 Revo Uninstaller Pro's restore point - Mozilla Firefox 42.0 (x86 en-US)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:13 - 2013-08-22 09:13 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C38F8C1-5240-437B-A0E6-FBCA5332A0EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {0D9EF262-54F0-40A5-8387-A34F72FDE72D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {20AD55B9-4D2E-43D0-BC3F-A8A9963F5D4F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2514DE51-2CA4-4028-A1B0-C5EB1CF14192} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3D900964-E551-4E51-AF93-7F603CB1D953} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {400D6784-8064-4D45-BFBE-9A7C41D161D1} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2015-08-20] (Smadsoft)
Task: {49FA5FBC-490B-428C-9CCC-14B3B0EF67DC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {4E7D3A85-DAE2-4C36-ACA9-8C157A28C027} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {61A2AAB6-75BE-4A8D-A66C-52FAFED01A76} - System32\Tasks\G2MUploadTask-S-1-5-21-477176046-21664723-1367556538-1000 => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe [2015-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6293D739-21E9-4157-8AF6-ABED546DD267} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {758F9F29-7D3E-40AA-98B5-9397DB9F8C31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {7F0B8545-48FF-4116-990A-990A554D5924} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {893317E4-367D-4560-AA4A-F507988B74A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {91DF6EBA-715B-4AAC-9C60-6BB1511EE0BE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {9F56491E-822B-44DD-AB6F-BE881D058FB5} - System32\Tasks\herdProtectScan => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe [2014-09-14] (Reason Software Company Inc.)
Task: {A38BF979-1A49-4DA4-B777-09528C4EC91B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {A6B5CB13-01E7-432A-89BE-79DEA26C835F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B40F95E7-F2A6-41EA-B51A-AA17C362BA2E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B45BD429-8C59-4656-BB08-71477FA8B9B6} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkID=130644
Task: {B9705818-FBC3-40C4-9067-3E424C22772E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BA4ADFBB-CF9A-4D21-812B-DBFFABB7B6F4} - System32\Tasks\G2MUpdateTask-S-1-5-21-477176046-21664723-1367556538-1000 => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe [2015-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C8465238-624F-4255-892D-38B3B9B2B979} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CCF2F1EA-F04F-4E11-9354-2FA3E496F902} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-13] (Microsoft Corporation)
Task: {D57F2402-97F3-4309-871A-11F5250F69B5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DB2E9812-45CF-428C-8835-63612C8C4014} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {F52A54CC-265F-4B56-99A0-59AA65A6BA45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F7A5ED4B-D246-4AB7-81EE-E4978DB66806} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FBB6732F-27F8-4CAB-98E7-ED0C600613C0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {FECEF4B5-AC65-4D4B-859E-2D1FE4766B32} - System32\Tasks\AviatorUpdateTask => Wscript.exe "C:\Program Files\WhiteHat\Aviator\Update\BatchLauncher.vbs" "C:\Program Files\WhiteHat\Aviator\Update\AviatorAutoUpdate.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-477176046-21664723-1367556538-1000.job => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-477176046-21664723-1367556538-1000.job => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-05 00:37 - 2015-09-05 00:37 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-05 00:37 - 2015-09-05 00:37 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 20:37 - 2015-09-17 09:27 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 20:37 - 2015-09-17 09:27 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-23 07:20 - 2015-10-23 07:20 - 00341672 _____ () C:\Program Files\Backblaze\bzserv.exe
2014-09-20 12:22 - 2015-10-07 18:01 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2015-07-10 11:24 - 2015-07-10 11:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 20:37 - 2015-09-17 08:28 - 04317696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 20:36 - 2015-09-17 08:25 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 20:36 - 2015-09-17 08:25 - 01183232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 20:37 - 2015-09-17 08:26 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-11 16:28 - 2015-11-07 07:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 16:28 - 2015-11-07 07:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Accurate Times:Win32App
AlternateDataStreams: C:\Program Files\Al Madinah Mushaf:Win32App
AlternateDataStreams: C:\Program Files\Calibre2:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\CDisplayEx:Win32App
AlternateDataStreams: C:\Program Files\LastPass:Win32App
AlternateDataStreams: C:\Program Files\Malwarebytes Anti-Malware:Win32App
AlternateDataStreams: C:\Program Files\Microsoft LifeCam:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\Quran In Ms Word:Win32App
AlternateDataStreams: C:\Program Files\Tracker Software:Win32App
AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App
AlternateDataStreams: C:\Program Files\Common Files\Skype:Win32App
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App
AlternateDataStreams: C:\Users\TOSHIBA-PC\AppData\Local\Temp:Win32App

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-477176046-21664723-1367556538-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8C263BB3-4253-43EC-B033-942628DFFA9F}] => (Allow) C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{CEA1ADCA-225A-4AF9-A230-EF38F2BD35C0}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{3B7B93DD-25A8-4435-B5A2-8E73E05CEFEB}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{7FAA95DC-FCDF-4899-AE40-91E4360306B5}] => (Allow) C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [UDP Query User{8B21CFCD-EB33-4E14-9116-983AB14D18F2}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{93A5FFB2-9FC1-4526-82E0-A7B4D21A3181}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{87008595-E257-4C2E-83EF-55EB2BA81348}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{57A22A67-1B77-4492-B230-749CB2D47F30}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [{0478BCFD-F008-40CF-916D-978760F39388}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7A6C7354-C337-431D-8085-9443AB2792D4}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{194C95A6-36D5-4825-A1F9-FD853EED2620}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [UDP Query User{D5BE9A40-3F09-4916-923D-16F833A7B89A}C:\program files\calibre2\calibre.exe] => (Allow) C:\program files\calibre2\calibre.exe
FirewallRules: [TCP Query User{C56B17A1-ED22-422C-9DCF-2B97E67B4E5C}C:\program files\calibre2\calibre.exe] => (Allow) C:\program files\calibre2\calibre.exe
FirewallRules: [{76420429-080A-4329-A4C0-1CD6173F1EB7}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2674B0AD-3101-43EE-8CB7-0295B856C1D5}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{C78B317E-F4CE-4F18-A418-5B93EBC5183C}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{51DAC648-8A71-4F26-B347-F0B847A3F06B}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4543268B-4F1B-4117-8F4B-A45565ABEF5F}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{62D08AA0-595D-4072-88FE-DE5F403C2518}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8BDFFC3F-C4E4-44BF-9DA9-93DA1C675FC0}C:\program files\calibre2\calibre.exe] => (Block) C:\program files\calibre2\calibre.exe
FirewallRules: [UDP Query User{C2B27E51-D810-41E6-BFC5-DCC185138147}C:\program files\calibre2\calibre.exe] => (Block) C:\program files\calibre2\calibre.exe
FirewallRules: [{2AC02063-8D5A-44D9-A886-3DA8F84EBE98}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2015 06:47:06 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/14/2015 06:47:06 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2015 06:46:55 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/14/2015 06:46:55 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2015 06:46:45 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/14/2015 06:46:45 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2015 06:46:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/14/2015 06:46:35 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2015 06:46:24 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/14/2015 06:46:24 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (11/14/2015 08:08:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/14/2015 06:38:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/14/2015 05:12:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%1053

Error: (11/14/2015 05:12:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender Service service to connect.

Error: (11/14/2015 05:12:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%1053

Error: (11/14/2015 05:12:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender Service service to connect.

Error: (11/14/2015 05:07:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/14/2015 05:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/14/2015 05:07:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (11/14/2015 05:06:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-11-14 20:20:57.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:37.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:37.212
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:36.989
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:36.810
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:36.597
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:36.421
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:36.171
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:35.981
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-14 20:08:35.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 82%
Total physical RAM: 3069.99 MB
Available physical RAM: 541.53 MB
Total Virtual: 4477.99 MB
Available Virtual: 1079.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.62 GB) (Free:69.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.99 GB) (Free:122.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 4BCB0FB6)
Partition 1: (Active) - (Size=187.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller Results:
RogueKiller V10.11.5.0 [Nov 9 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 32 bits version
Started in : Normal mode
User : TOSHIBA-PC [Administrator]
Started from : C:\Users\TOSHIBA-PC\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/15/2015 05:58:57

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{148f2ba4-8d03-4c77-a463-a5993d6b4e59} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{148f2ba4-8d03-4c77-a463-a5993d6b4e59} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] hk2n3rt0.default : user_pref("browser.startup.homepage", "http://login.hhtxnet.com/search.php?q="); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 41ca5a0d8eda1432a40cbf6842a427ec
[BSP] f725e6a2c87b8afb0eccac32bc315328 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 192118 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 393459712 | Size: 189434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes Results:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/15/2015
Scan Time: 6:10 AM
Logfile: MBAM results.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.14.07
Rootkit Database: v2015.11.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: TOSHIBA-PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306771
Time Elapsed: 25 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Adware Results:
# AdwCleaner v5.021 - Logfile created 15/11/2015 at 11:27:33
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 10 Home (x86)
# Username : TOSHIBA-PC - TOSHIBA-PC-PC
# Running from : C:\Users\TOSHIBA-PC\Downloads\Programs\adwcleaner_5.021.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao

***** [ Files ] *****

File Found : C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpphkkgodbfncbcpgopijlfakfgmclao_0.localstorage
File Found : C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpphkkgodbfncbcpgopijlfakfgmclao_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.avira.com
[C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : blekko.com
[C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ironsource
[C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.yahoo.com
[C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://searchou.com/?id=54091e3600000000000000ffdeb7792f
[C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bpphkkgodbfncbcpgopijlfakfgmclao

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1941 bytes] ##########
 
Junnk Removal Results:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x86
Ran by TOSHIBA-PC on Sun 11/15/2015 at 11:42:44.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\TOSHIBA-PC\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod

[C:\Users\TOSHIBA-PC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\TOSHIBA-PC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
bigefpfhnfcobdlfbedofhhaibnlghod

[C:\Users\TOSHIBA-PC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\TOSHIBA-PC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
bigefpfhnfcobdlfbedofhhaibnlghod
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/15/2015 at 11:45:13.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Per your request (Farbar Recovery) - Part 1
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by TOSHIBA-PC (administrator) on TOSHIBA-PC-PC (15-11-2015 21:28:52)
Running from C:\Users\TOSHIBA-PC\Desktop
Loaded Profiles: TOSHIBA-PC & (Available Profiles: TOSHIBA-PC)
Platform: Microsoft Windows 10 Home (X86) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\Backblaze\bzserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15081.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(LastPass) C:\Program Files\LastPass\nplastpass.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527880 2015-06-12] (Synaptics Incorporated)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [haozipcd] => C:\Program Files\HaoZip\HaoZipCD.exe [256264 2012-07-26] (瑞创网络)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Run: [Backblaze] => C:\Program Files\Backblaze\bzbui.exe [581800 2015-10-23] ()
HKU\S-1-5-21-477176046-21664723-1367556538-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [haozipcd] => C:\Program Files\HaoZip\HaoZipCD.exe [256264 2012-07-26] (瑞创网络)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Backblaze] => C:\Program Files\Backblaze\bzbui.exe [581800 2015-10-23] ()
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [haozipcd] => C:\Program Files\HaoZip\HaoZipCD.exe [256264 2012-07-26] (瑞创网络)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Backblaze] => C:\Program Files\Backblaze\bzbui.exe [581800 2015-10-23] ()
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-09-17]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Accurate Times.lnk [2014-09-13]
ShortcutTarget: Accurate Times.lnk -> C:\Accurate Times\alert63.exe (JAS)
Startup: C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-13]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{148f2ba4-8d03-4c77-a463-a5993d6b4e59}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-477176046-21664723-1367556538-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-09-17] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-09-17] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://login.hhtxnet.com/search.php?q=
FF Keyword.URL: hxxp://login.hhtxnet.com/search.php?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-09-17] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-20] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-477176046-21664723-1367556538-1000: @citrixonline.com/appdetectorplugin -> C:\Users\TOSHIBA-PC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\TOSHIBA-PC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\TOSHIBA-PC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-18] (Citrix Online)
FF SearchPlugin: C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\searchplugins\duckduckgo.xml [2014-10-07]
FF SearchPlugin: C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\searchplugins\startpage-ssl.xml [2015-10-23]
FF Extension: LastPass - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\support@lastpass.com [2015-09-27]
FF Extension: WOT - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-10]
FF Extension: Disconnect - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\2.0@disconnect.me.xpi [2015-05-29]
FF Extension: Ghostery - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\firefox@ghostery.com.xpi [2015-11-06]
FF Extension: MEGA - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\firefox@mega.co.nz.xpi [2015-11-13] [not signed]
FF Extension: Lightbeam - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-05-27]
FF Extension: NoScript - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-10-29]
FF Extension: Adblock Plus - C:\Users\TOSHIBA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\hk2n3rt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: No Name - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-10-02] [not signed]
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA-PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\TOSHIBA-PC\AppData\Roaming\IDM\idmmzcc5 [2015-10-18] [not signed]
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA-PC\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA-PC\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://searchou.com/?id=54091e3600000000000000ffdeb7792f"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Beautiful landscape) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2015-11-14]
CHR Extension: (WikiTube) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneddidibfifdpbeppmpoackniodpekj [2015-05-09]
CHR Extension: (Google Docs) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (Turn Off the Lights) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-09-05]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-05]
CHR Extension: (MEGA) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-11-15]
CHR Extension: (YouTube) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-11-14]
CHR Extension: (Adblock Plus) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-13]
CHR Extension: (Add to Amazon Wish List) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-09-13]
CHR Extension: (Google Search) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Avira SafeSearch) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-11-13]
CHR Extension: (Google Calendar) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-11-13]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-05-02]
CHR Extension: (PanicButton) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-09-13]
CHR Extension: (Dashlane) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-09-05]
CHR Extension: (WikiMapper) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\feiheebgoilmbkaddngcoocjbogfchlb [2014-09-28]
CHR Extension: (Google Sheets) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Avira Browser Safety) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-11-13]
CHR Extension: (Marvel Comics) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2014-09-13]
CHR Extension: (Disconnect Search) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-02-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-09-13]
CHR Extension: (Tradair Analytics) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfdibgccmdloekfajpdialdmhlacfkb [2015-01-31]
CHR Extension: (Disconnect) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-09-05]
CHR Extension: (StumbleUpon) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-09-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (The Independent) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai [2015-07-13]
CHR Extension: (Google Mail Checker) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-09-13]
CHR Extension: (Google Play Books) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-07-13]
CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-05]
CHR Extension: (Click&Clean App) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-11-13]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-09-13]
CHR Extension: (Gmail) - C:\Users\TOSHIBA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKU\S-1-5-21-477176046-21664723-1367556538-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [936544 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1105952 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 bzserv; C:\Program Files\Backblaze\bzserv.exe [341672 2015-10-23] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1883320 2015-10-07] (Microsoft Corporation)
S2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [216776 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105352 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [138800 2015-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [55912 2015-09-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [26328 2014-09-19] (Sony Mobile Communications)
R3 HaoZipVirtualCDBus; C:\WINDOWS\System32\drivers\HaoZipVirtualCDBus.sys [115288 2012-07-24] (Shanghai RuiChuang)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [13224 2006-10-20] (Chicony)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [30840 2015-02-09] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-07-10] (Intel Corporation)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-06-12] (Synaptics Incorporated)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [50280 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Farbar Recovery - Part 2:

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 21:24 - 2015-11-15 21:24 - 00016148 _____ C:\WINDOWS\system32\TOSHIBA-PC-PC_TOSHIBA-PC_HistoryPrediction.bin
2015-11-15 17:35 - 2015-07-05 13:11 - 00246952 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-11-15 11:45 - 2015-11-15 11:45 - 00001303 _____ C:\Users\TOSHIBA-PC\Desktop\JRT.txt
2015-11-15 11:33 - 2015-11-15 11:28 - 00002020 _____ C:\Users\TOSHIBA-PC\Desktop\AdwCleaner[S2].txt
2015-11-15 06:44 - 2015-11-15 06:44 - 00001054 _____ C:\Users\TOSHIBA-PC\Desktop\MBAM results.txt
2015-11-15 06:00 - 2015-11-15 06:00 - 00004048 _____ C:\Users\TOSHIBA-PC\Desktop\RKreport.txt
2015-11-14 20:36 - 2015-11-15 21:30 - 00030464 _____ C:\Users\TOSHIBA-PC\Desktop\FRST.txt
2015-11-14 19:11 - 2015-11-14 19:11 - 00000000 ____D C:\Program Files\ESET
2015-11-14 19:10 - 2015-11-14 19:11 - 02870984 _____ (ESET) C:\Users\TOSHIBA-PC\Desktop\esetsmartinstaller_enu.exe
2015-11-14 18:38 - 2015-11-14 18:38 - 00000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2015-11-14 17:21 - 2015-11-14 18:33 - 00000000 ____D C:\Users\TOSHIBA-PC\Desktop\mbar
2015-11-14 17:20 - 2015-11-14 17:20 - 00000833 _____ C:\Users\TOSHIBA-PC\Desktop\checkup.txt
2015-11-14 17:18 - 2015-11-14 17:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\TOSHIBA-PC\Desktop\mbar-1.09.3.1001.exe
2015-11-14 17:10 - 2015-11-14 17:11 - 00852720 _____ C:\Users\TOSHIBA-PC\Desktop\SecurityCheck.exe
2015-11-14 16:59 - 2015-11-14 16:59 - 01801288 _____ (Malwarebytes) C:\Users\TOSHIBA-PC\Desktop\JRT.exe
2015-11-14 16:54 - 2015-11-14 16:54 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-14 16:54 - 2015-11-14 16:54 - 00000000 _____ C:\WINDOWS\setupact.log
2015-11-14 16:42 - 2015-11-15 11:27 - 00000000 ____D C:\AdwCleaner
2015-11-14 15:15 - 2015-11-14 15:15 - 00000000 ___HD C:\OneDriveTemp
2015-11-14 11:58 - 2015-11-14 14:25 - 00018662 _____ C:\Users\TOSHIBA-PC\Desktop\Backup of Orientalism and Islamophobia.wbk
2015-11-13 20:44 - 2015-11-13 20:45 - 00120719 _____ C:\Users\TOSHIBA-PC\Desktop\CheckResults.txt
2015-11-13 17:45 - 2015-11-13 17:45 - 01682416 _____ (Malwarebytes Corporation) C:\Users\TOSHIBA-PC\Desktop\mbam-check-2.1.1.1001.exe
2015-11-13 16:44 - 2015-11-15 12:02 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\CrashDumps
2015-11-13 15:05 - 2015-11-13 15:08 - 18979400 _____ C:\Users\TOSHIBA-PC\Desktop\RogueKiller.exe
2015-11-13 08:57 - 2015-11-14 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-13 08:53 - 2015-11-13 13:28 - 00000000 ____D C:\mbar
2015-11-13 07:15 - 2015-11-15 05:43 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-13 07:15 - 2015-11-13 09:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-13 06:46 - 2015-11-15 21:29 - 00000000 ____D C:\FRST
2015-11-13 06:46 - 2015-11-13 06:46 - 01702400 _____ (Farbar) C:\Users\TOSHIBA-PC\Desktop\Find.com
2015-11-13 06:40 - 2015-11-13 06:40 - 01702400 _____ (Farbar) C:\Users\TOSHIBA-PC\Desktop\FRST.exe
2015-11-13 06:24 - 2015-11-13 06:24 - 00002511 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-11-13 06:24 - 2015-11-13 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-11-12 20:37 - 2015-11-12 20:37 - 00001299 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\VS Revo Group
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-11-12 20:37 - 2015-11-12 20:37 - 00000000 ____D C:\Program Files\VS Revo Group
2015-11-12 20:37 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-11-11 18:16 - 2015-11-14 11:05 - 00000000 __SHD C:\[Smad-Cage]
2015-11-11 18:16 - 2015-11-11 19:49 - 00000000 ____D C:\Program Files\SMADAV
2015-11-11 18:16 - 2015-11-11 18:16 - 00001083 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2015-11-11 18:16 - 2015-11-11 18:16 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\Smadav
2015-11-11 18:16 - 2015-11-11 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2015-11-11 06:45 - 2015-11-05 07:34 - 06265696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 06:45 - 2015-11-05 07:34 - 00558944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 06:45 - 2015-11-05 07:34 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 06:45 - 2015-11-05 07:32 - 00479072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 06:45 - 2015-11-05 07:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 06:45 - 2015-11-05 07:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:45 - 2015-11-05 07:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 06:45 - 2015-11-05 07:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 06:45 - 2015-11-05 07:14 - 00923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 06:45 - 2015-11-05 07:14 - 00024256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 06:45 - 2015-11-05 07:13 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 06:45 - 2015-11-05 06:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 06:45 - 2015-11-05 06:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:45 - 2015-11-05 06:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 06:45 - 2015-11-05 06:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 06:45 - 2015-11-05 06:40 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 06:45 - 2015-11-05 06:39 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 06:45 - 2015-11-05 06:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 06:45 - 2015-11-05 06:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 06:45 - 2015-11-05 06:35 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 06:45 - 2015-11-05 06:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 06:45 - 2015-11-05 06:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:45 - 2015-11-05 06:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:45 - 2015-11-05 06:32 - 00738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 06:45 - 2015-11-05 06:30 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 06:45 - 2015-11-05 06:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 06:45 - 2015-11-05 06:30 - 00546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 06:45 - 2015-11-05 06:29 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 06:45 - 2015-11-05 06:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:45 - 2015-11-05 06:27 - 02985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 06:45 - 2015-11-05 06:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 06:45 - 2015-11-05 06:27 - 01135104 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 06:45 - 2015-11-05 06:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 06:45 - 2015-11-05 06:24 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 06:45 - 2015-11-05 06:24 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 06:45 - 2015-11-05 06:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 06:18 - 2015-11-15 06:08 - 00000000 ___HD C:\Users\TOSHIBA-PC\AppData\Roaming\jokwsyc
2015-11-11 06:18 - 2015-11-11 06:18 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-11-08 06:09 - 2015-07-19 15:44 - 00001070 _____ C:\Users\TOSHIBA-PC\Desktop\Important Info 4 the Family.txt
2015-10-26 09:01 - 2008-11-13 10:25 - 00137024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinet.ocx
2015-10-26 09:01 - 2005-06-10 13:22 - 00450560 _____ (Sky Software) C:\WINDOWS\system32\filevw61.ocx
2015-10-26 09:01 - 2005-06-10 13:22 - 00352256 _____ (Sky Software) C:\WINDOWS\system32\shcmb61.ocx
2015-10-26 09:01 - 2005-06-10 13:21 - 00417792 _____ (Sky Software) C:\WINDOWS\system32\fldrvw61.ocx
2015-10-26 09:01 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.ocx
2015-10-26 09:01 - 2005-04-13 03:00 - 00331784 _____ (VBGold Software) C:\WINDOWS\system32\aresize.ocx
2015-10-26 09:01 - 2004-10-02 09:36 - 00212240 _____ (Microsoft Corporation) C:\WINDOWS\system32\richtx32.ocx
2015-10-26 09:01 - 1999-09-28 21:42 - 01050896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet35.dll
2015-10-26 09:01 - 1998-06-18 10:33 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vb5db.dll
2015-10-26 09:01 - 1998-05-18 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbar332.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00407312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl35.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd2x35.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00123664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint35.dll
2015-10-26 09:01 - 1998-04-24 18:40 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjter35.dll
2015-10-26 09:01 - 1997-07-19 19:00 - 00227600 _____ (Microsoft) C:\WINDOWS\system32\msflxgrd.ocx
2015-10-23 07:20 - 2015-10-23 07:20 - 00000000 ___HD C:\.bzvol
2015-10-23 07:20 - 2015-10-23 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze
2015-10-23 07:19 - 2015-10-23 07:20 - 00000000 ____D C:\Program Files\Backblaze
2015-10-23 07:19 - 2015-10-23 07:19 - 00000000 ____D C:\ProgramData\Backblaze
2015-10-18 06:03 - 2015-09-25 06:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-18 06:02 - 2015-10-10 09:44 - 00069312 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-18 06:02 - 2015-10-06 05:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-18 06:02 - 2015-10-01 06:36 - 01034032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-18 06:02 - 2015-10-01 06:36 - 00907992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-18 06:02 - 2015-10-01 06:36 - 00869232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-18 06:02 - 2015-10-01 06:36 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-18 06:02 - 2015-10-01 05:40 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-18 06:02 - 2015-09-25 06:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-18 06:02 - 2015-09-25 06:31 - 00368992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-18 06:02 - 2015-09-25 06:21 - 00851296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-18 06:02 - 2015-09-25 05:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-18 06:02 - 2015-09-25 05:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-18 06:02 - 2015-09-25 05:43 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-18 06:02 - 2015-09-25 05:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-18 06:02 - 2015-09-25 05:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-18 06:02 - 2015-09-25 05:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-18 06:02 - 2015-09-25 05:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-18 06:02 - 2015-09-25 05:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-18 06:02 - 2015-09-25 05:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-18 06:02 - 2015-09-25 05:34 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-18 06:02 - 2015-09-25 05:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-18 06:02 - 2015-09-25 05:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-18 06:02 - 2015-09-25 05:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-16 15:29 - 2015-06-12 05:00 - 00123968 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-15 21:28 - 2014-09-13 00:57 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\HaoZip
2015-11-15 21:25 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-15 18:20 - 2014-10-05 18:52 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-15 18:20 - 2014-09-13 01:24 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 16:43 - 2015-07-18 22:03 - 00000620 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-477176046-21664723-1367556538-1000.job
2015-11-15 16:18 - 2014-09-13 00:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-15 12:49 - 2015-07-18 22:03 - 00000716 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-477176046-21664723-1367556538-1000.job
2015-11-15 12:20 - 2014-09-13 01:24 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 11:50 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-11-15 05:28 - 2014-09-17 21:28 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\LocalLow\LastPass
2015-11-14 21:38 - 2014-09-12 23:37 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\vlc
2015-11-14 20:54 - 2014-09-13 00:59 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\DMCache
2015-11-14 17:21 - 2014-10-05 18:51 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-14 17:17 - 2014-09-13 00:59 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\IDM
2015-11-14 17:07 - 2014-09-13 00:34 - 00000000 __RDO C:\Users\TOSHIBA-PC\OneDrive
2015-11-14 16:53 - 2015-09-16 21:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-14 16:51 - 2014-09-13 00:59 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\Skype
2015-11-14 16:50 - 2014-09-13 18:33 - 00000000 ___RD C:\Users\TOSHIBA-PC\Google Drive
2015-11-14 16:49 - 2014-12-25 18:24 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\HTC MediaHub
2015-11-14 16:48 - 2015-07-10 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 15:12 - 2015-07-10 09:59 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 15:03 - 2015-09-04 22:14 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 14:00 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-14 10:52 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-13 17:44 - 2014-09-13 00:19 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Local\VirtualStore
2015-11-13 15:00 - 2014-10-09 12:59 - 00000000 ____D C:\Users\TOSHIBA-PC\Documents\Batman Eternal
2015-11-13 15:00 - 2014-09-25 14:50 - 00000000 ____D C:\shamela_arrawdah
2015-11-13 13:33 - 2014-09-15 06:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 13:24 - 2014-09-15 06:11 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-13 11:45 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\rescache
2015-11-13 09:47 - 2014-09-18 21:43 - 00000000 ____D C:\Users\TOSHIBA-PC\AppData\Roaming\uTorrent
2015-11-13 09:44 - 2015-07-10 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-13 06:56 - 2014-10-05 18:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-13 06:05 - 2014-09-16 10:36 - 00000999 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-11-13 06:05 - 2014-09-16 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-11-13 06:05 - 2014-09-16 10:35 - 00000000 ____D C:\Program Files\Calibre2
2015-11-11 17:49 - 2015-09-04 21:53 - 00000000 ____D C:\Users\TOSHIBA-PC
2015-11-11 17:04 - 2014-09-13 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-11 16:46 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-11-11 16:46 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 16:45 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-11 16:28 - 2014-09-13 01:26 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 06:25 - 2015-09-01 20:33 - 00001165 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-11 06:25 - 2014-09-13 12:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-10 18:28 - 2014-09-06 12:25 - 00000000 ____D C:\Users\TOSHIBA-PC\Downloads\Compressed
2015-11-06 11:45 - 2014-09-06 12:25 - 00000000 ____D C:\Users\TOSHIBA-PC\Downloads\Video
2015-11-05 07:34 - 2015-07-10 12:53 - 00810672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-03 21:20 - 2015-07-10 11:29 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-03 21:20 - 2015-07-10 11:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-31 19:26 - 2015-09-04 22:55 - 00002345 _____ C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-30 08:28 - 2014-09-20 12:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-26 09:01 - 2014-09-29 08:33 - 00001937 _____ C:\Users\TOSHIBA-PC\Desktop\المكتبة الشاملة.lnk
2015-10-26 09:01 - 2014-09-25 15:33 - 00001965 _____ C:\Users\Public\Desktop\المكتبة الشاملة.lnk
2015-10-26 09:01 - 2014-09-25 14:55 - 00000000 ____D C:\Program Files\shamela
2015-10-23 13:32 - 2014-09-15 21:06 - 00000000 ____D C:\Users\TOSHIBA-PC\Documents\Calibre Library
2015-10-18 06:42 - 2014-10-05 18:51 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-18 06:42 - 2014-10-05 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-18 06:04 - 2014-09-13 00:58 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-10-17 17:36 - 2014-09-13 20:47 - 00598395 _____ C:\Users\TOSHIBA-PC\Documents\02. Islam and the Workplace.pptx
2015-10-16 07:48 - 2014-09-13 18:24 - 00002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-10-16 07:48 - 2014-09-13 18:24 - 00002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-16 07:48 - 2014-09-13 18:24 - 00002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-10-16 07:48 - 2014-09-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-09-17 21:28 - 2014-09-17 21:28 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-09-04 21:49 - 2015-09-04 21:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\TOSHIBA-PC\msvbvm60.dll


Some files in TEMP:
====================
C:\Users\TOSHIBA-PC\AppData\Local\Temp\avgnt.exe
C:\Users\TOSHIBA-PC\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TOSHIBA-PC\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-13 10:34

==================== End of FRST.txt ============================
 
Additional:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by TOSHIBA-PC (2015-11-15 21:30:57)
Running from C:\Users\TOSHIBA-PC\Desktop
Microsoft Windows 10 Home (X86) (2015-09-04 19:34:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-477176046-21664723-1367556538-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-477176046-21664723-1367556538-503 - Limited - Disabled)
Guest (S-1-5-21-477176046-21664723-1367556538-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-477176046-21664723-1367556538-1002 - Limited - Enabled)
TOSHIBA-PC (S-1-5-21-477176046-21664723-1367556538-1000 - Administrator - Enabled) => C:\Users\TOSHIBA-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Accurate Times 5.3.8 (HKLM\...\Accurate Times_is1) (Version: - Mohammad Odeh (ICOP))
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Aviator (HKLM\...\{B0E4AA1D-76A7-48B5-AAA1-D68BDBB1FF99}) (Version: 2.3 - WhiteHat Security, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.14.259 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Backblaze (HKLM\...\Backblaze) (Version: - Backblaze, Inc)
calibre (HKLM\...\{00A9870A-DA5A-4825-BEC9-F93FD41DE157}) (Version: 2.43.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDisplayEx 1.10.14 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)
Citrix Online Launcher (HKLM\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Evernote v. 5.9.1 (HKLM\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.4.2.3880 (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\GoToMeeting) (Version: 7.4.2.3880 - CitrixOnline)
GoToMeeting 7.4.2.3880 (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.4.2.3880 - CitrixOnline)
GoToMeeting 7.4.2.3880 (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 7.4.2.3880 - CitrixOnline)
HaoZip (HKLM\...\HaoZip) (Version: v3.0 - Ruichuang Network Technology Co.,Ltd)
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - اسم شركتك)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Juniper Networks Setup Client (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft LifeCam (HKLM\...\{412669E8-86CE-4B15-A2D2-F5B0BA9939EF}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM\...\{90150000-001F-0401-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
PDF-XChange Editor (HKLM\...\{cd8b4917-1251-479d-b096-d52170473bb3}) (Version: 5.5.314.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (HKLM\...\{D9E4302E-EB32-4133-BB61-7FF3E19BBCF8}) (Version: 5.5.315.0 - Tracker Software Products (Canada) Ltd.)
Quran In Ms Word version 2.2 (HKLM\...\{132492C5-5EBD-4A88-8686-F4DD15ECFFAE}_is1) (Version: 2.2 - taufiqproduct, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.289 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Telegram Desktop version 0.9.10 (HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.10 - Telegram Messenger LLP)
Telegram Desktop version 0.9.10 (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.10 - Telegram Messenger LLP)
Telegram Desktop version 0.9.10 (HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.10 - Telegram Messenger LLP)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
مصحف المدينة النبوية للنشر الحاسوبي (HKLM\...\{B88D349E-0037-4177-B3C7-B368F487CE42}) (Version: 2.0 - مجمع الملك فهد لطباعة المصحف الشريف)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-477176046-21664723-1367556538-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3019\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

12-11-2015 20:38:26 Revo Uninstaller Pro's restore point - Spyhunter
13-11-2015 09:36:19 Malwarebytes Anti-Rootkit Restore Point
14-11-2015 14:17:53 Revo Uninstaller Pro's restore point - Mozilla Firefox 42.0 (x86 en-US)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:13 - 2013-08-22 09:13 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C38F8C1-5240-437B-A0E6-FBCA5332A0EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {0D9EF262-54F0-40A5-8387-A34F72FDE72D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {20AD55B9-4D2E-43D0-BC3F-A8A9963F5D4F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2514DE51-2CA4-4028-A1B0-C5EB1CF14192} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3D900964-E551-4E51-AF93-7F603CB1D953} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {400D6784-8064-4D45-BFBE-9A7C41D161D1} - System32\Tasks\smadav => C:\Program Files\Smadav\SMΔRTP.exe [2015-08-20] (Smadsoft)
Task: {49FA5FBC-490B-428C-9CCC-14B3B0EF67DC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {4E7D3A85-DAE2-4C36-ACA9-8C157A28C027} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {61A2AAB6-75BE-4A8D-A66C-52FAFED01A76} - System32\Tasks\G2MUploadTask-S-1-5-21-477176046-21664723-1367556538-1000 => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe [2015-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6293D739-21E9-4157-8AF6-ABED546DD267} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {758F9F29-7D3E-40AA-98B5-9397DB9F8C31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {7C85A4F1-0947-4493-8AD9-35E20CA89843} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-13] (Microsoft Corporation)
Task: {7F0B8545-48FF-4116-990A-990A554D5924} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {893317E4-367D-4560-AA4A-F507988B74A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {91DF6EBA-715B-4AAC-9C60-6BB1511EE0BE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {9F56491E-822B-44DD-AB6F-BE881D058FB5} - System32\Tasks\herdProtectScan => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe [2014-09-14] (Reason Software Company Inc.)
Task: {A38BF979-1A49-4DA4-B777-09528C4EC91B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {A6B5CB13-01E7-432A-89BE-79DEA26C835F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B40F95E7-F2A6-41EA-B51A-AA17C362BA2E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B45BD429-8C59-4656-BB08-71477FA8B9B6} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkID=130644
Task: {B9705818-FBC3-40C4-9067-3E424C22772E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BA4ADFBB-CF9A-4D21-812B-DBFFABB7B6F4} - System32\Tasks\G2MUpdateTask-S-1-5-21-477176046-21664723-1367556538-1000 => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe [2015-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C8465238-624F-4255-892D-38B3B9B2B979} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D57F2402-97F3-4309-871A-11F5250F69B5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DB2E9812-45CF-428C-8835-63612C8C4014} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {F52A54CC-265F-4B56-99A0-59AA65A6BA45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F7A5ED4B-D246-4AB7-81EE-E4978DB66806} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FBB6732F-27F8-4CAB-98E7-ED0C600613C0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {FECEF4B5-AC65-4D4B-859E-2D1FE4766B32} - System32\Tasks\AviatorUpdateTask => Wscript.exe "C:\Program Files\WhiteHat\Aviator\Update\BatchLauncher.vbs" "C:\Program Files\WhiteHat\Aviator\Update\AviatorAutoUpdate.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-477176046-21664723-1367556538-1000.job => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-477176046-21664723-1367556538-1000.job => C:\Users\TOSHIBA-PC\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-05 00:37 - 2015-09-05 00:37 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-05 00:37 - 2015-09-05 00:37 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 20:37 - 2015-09-17 09:27 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 20:37 - 2015-09-17 09:27 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-23 07:20 - 2015-10-23 07:20 - 00341672 _____ () C:\Program Files\Backblaze\bzserv.exe
2014-09-20 12:22 - 2015-10-07 18:01 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2015-07-10 11:24 - 2015-07-10 11:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 20:37 - 2015-09-17 08:28 - 04317696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 20:36 - 2015-09-17 08:25 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 20:36 - 2015-09-17 08:25 - 01183232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 20:37 - 2015-09-17 08:26 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-11 16:28 - 2015-11-07 07:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 16:28 - 2015-11-07 07:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Accurate Times:Win32App
AlternateDataStreams: C:\Program Files\Al Madinah Mushaf:Win32App
AlternateDataStreams: C:\Program Files\Calibre2:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\CDisplayEx:Win32App
AlternateDataStreams: C:\Program Files\LastPass:Win32App
AlternateDataStreams: C:\Program Files\Malwarebytes Anti-Malware:Win32App
AlternateDataStreams: C:\Program Files\Microsoft LifeCam:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\Quran In Ms Word:Win32App
AlternateDataStreams: C:\Program Files\Tracker Software:Win32App
AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App
AlternateDataStreams: C:\Program Files\Common Files\Skype:Win32App
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App
AlternateDataStreams: C:\Users\TOSHIBA-PC\AppData\Local\Temp:Win32App

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-477176046-21664723-1367556538-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-477176046-21664723-1367556538-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8C263BB3-4253-43EC-B033-942628DFFA9F}] => (Allow) C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{CEA1ADCA-225A-4AF9-A230-EF38F2BD35C0}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{3B7B93DD-25A8-4435-B5A2-8E73E05CEFEB}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{7FAA95DC-FCDF-4899-AE40-91E4360306B5}] => (Allow) C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [UDP Query User{8B21CFCD-EB33-4E14-9116-983AB14D18F2}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{93A5FFB2-9FC1-4526-82E0-A7B4D21A3181}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{87008595-E257-4C2E-83EF-55EB2BA81348}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{57A22A67-1B77-4492-B230-749CB2D47F30}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [{0478BCFD-F008-40CF-916D-978760F39388}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7A6C7354-C337-431D-8085-9443AB2792D4}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{194C95A6-36D5-4825-A1F9-FD853EED2620}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [UDP Query User{D5BE9A40-3F09-4916-923D-16F833A7B89A}C:\program files\calibre2\calibre.exe] => (Allow) C:\program files\calibre2\calibre.exe
FirewallRules: [TCP Query User{C56B17A1-ED22-422C-9DCF-2B97E67B4E5C}C:\program files\calibre2\calibre.exe] => (Allow) C:\program files\calibre2\calibre.exe
FirewallRules: [{76420429-080A-4329-A4C0-1CD6173F1EB7}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2674B0AD-3101-43EE-8CB7-0295B856C1D5}] => (Allow) C:\Users\TOSHIBA-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{C78B317E-F4CE-4F18-A418-5B93EBC5183C}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{51DAC648-8A71-4F26-B347-F0B847A3F06B}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4543268B-4F1B-4117-8F4B-A45565ABEF5F}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{62D08AA0-595D-4072-88FE-DE5F403C2518}C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\toshiba-pc\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8BDFFC3F-C4E4-44BF-9DA9-93DA1C675FC0}C:\program files\calibre2\calibre.exe] => (Block) C:\program files\calibre2\calibre.exe
FirewallRules: [UDP Query User{C2B27E51-D810-41E6-BFC5-DCC185138147}C:\program files\calibre2\calibre.exe] => (Block) C:\program files\calibre2\calibre.exe
FirewallRules: [{2AC02063-8D5A-44D9-A886-3DA8F84EBE98}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2015 12:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x5416015a
Faulting module name: LSASRV.dll, version: 10.0.10240.16392, time stamp: 0x55a86037
Exception code: 0xc0000005
Fault offset: 0x0004aae6
Faulting process ID: 0xc98
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report ID: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (11/15/2015 11:14:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA-PC-PC)
Description: Activation of application Farlex.581429F59E1D8_wyegy4e46y996!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/15/2015 11:14:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA-PC-PC)
Description: Activation of application Farlex.581429F59E1D8_wyegy4e46y996!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/15/2015 11:14:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA-PC-PC)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/15/2015 05:29:21 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/15/2015 05:29:21 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/15/2015 05:29:11 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/15/2015 05:29:11 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/15/2015 05:29:00 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6828) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/15/2015 05:29:00 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6828) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (11/15/2015 07:09:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/15/2015 06:37:52 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/15/2015 05:41:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/15/2015 05:27:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (11/15/2015 05:27:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (11/15/2015 05:26:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (11/15/2015 04:43:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/15/2015 04:43:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (11/15/2015 04:09:14 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (11/15/2015 01:18:16 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


CodeIntegrity:
===================================
Date: 2015-11-15 17:27:59.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:41.665
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:41.531
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:41.456
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:41.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:41.227
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:41.131
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:41.041
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:40.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-15 16:42:40.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 73%
Total physical RAM: 3069.99 MB
Available physical RAM: 807.44 MB
Total Virtual: 4547.24 MB
Available Virtual: 1655.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.62 GB) (Free:69.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.99 GB) (Free:122.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 4BCB0FB6)
Partition 1: (Active) - (Size=187.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3 KB · Views: 2
Here is the Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by TOSHIBA-PC (2015-11-15 22:31:59) Run:1
Running from C:\Users\TOSHIBA-PC\Desktop
Loaded Profiles: TOSHIBA-PC & (Available Profiles: TOSHIBA-PC)
Boot Mode: Normal

==============================================

fixlist content:
*****************
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2014-09-17 21:28 - 2014-09-17 21:28 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-09-04 21:49 - 2015-09-04 21:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\TOSHIBA-PC\msvbvm60.dll
C:\Users\TOSHIBA-PC\AppData\Local\Temp\avgnt.exe
C:\Users\TOSHIBA-PC\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TOSHIBA-PC\AppData\Local\Temp\SkypeSetup.exe
Task: {0D9EF262-54F0-40A5-8387-A34F72FDE72D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {20AD55B9-4D2E-43D0-BC3F-A8A9963F5D4F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4E7D3A85-DAE2-4C36-ACA9-8C157A28C027} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6293D739-21E9-4157-8AF6-ABED546DD267} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7F0B8545-48FF-4116-990A-990A554D5924} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A6B5CB13-01E7-432A-89BE-79DEA26C835F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B9705818-FBC3-40C4-9067-3E424C22772E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8465238-624F-4255-892D-38B3B9B2B979} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D57F2402-97F3-4309-871A-11F5250F69B5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F52A54CC-265F-4B56-99A0-59AA65A6BA45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F7A5ED4B-D246-4AB7-81EE-E4978DB66806} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Accurate Times:Win32App
AlternateDataStreams: C:\Program Files\Al Madinah Mushaf:Win32App
AlternateDataStreams: C:\Program Files\Calibre2:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\CDisplayEx:Win32App
AlternateDataStreams: C:\Program Files\LastPass:Win32App
AlternateDataStreams: C:\Program Files\Malwarebytes Anti-Malware:Win32App
AlternateDataStreams: C:\Program Files\Microsoft LifeCam:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\Quran In Ms Word:Win32App
AlternateDataStreams: C:\Program Files\Tracker Software:Win32App
AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App
AlternateDataStreams: C:\Program Files\Common Files\Skype:Win32App
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App
AlternateDataStreams: C:\Users\TOSHIBA-PC\AppData\Local\Temp:Win32App



*****************

wfpcapture => service removed successfully.
C:\Program Files\Common Files\lpuninstall.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\TOSHIBA-PC\msvbvm60.dll => moved successfully
C:\Users\TOSHIBA-PC\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\TOSHIBA-PC\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\TOSHIBA-PC\AppData\Local\Temp\SkypeSetup.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D9EF262-54F0-40A5-8387-A34F72FDE72D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D9EF262-54F0-40A5-8387-A34F72FDE72D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20AD55B9-4D2E-43D0-BC3F-A8A9963F5D4F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20AD55B9-4D2E-43D0-BC3F-A8A9963F5D4F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E7D3A85-DAE2-4C36-ACA9-8C157A28C027}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E7D3A85-DAE2-4C36-ACA9-8C157A28C027}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6293D739-21E9-4157-8AF6-ABED546DD267}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6293D739-21E9-4157-8AF6-ABED546DD267}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F0B8545-48FF-4116-990A-990A554D5924}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F0B8545-48FF-4116-990A-990A554D5924}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6B5CB13-01E7-432A-89BE-79DEA26C835F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6B5CB13-01E7-432A-89BE-79DEA26C835F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9705818-FBC3-40C4-9067-3E424C22772E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9705818-FBC3-40C4-9067-3E424C22772E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8465238-624F-4255-892D-38B3B9B2B979}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8465238-624F-4255-892D-38B3B9B2B979}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D57F2402-97F3-4309-871A-11F5250F69B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57F2402-97F3-4309-871A-11F5250F69B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F52A54CC-265F-4B56-99A0-59AA65A6BA45}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F52A54CC-265F-4B56-99A0-59AA65A6BA45}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7A5ED4B-D246-4AB7-81EE-E4978DB66806}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A5ED4B-D246-4AB7-81EE-E4978DB66806}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
C:\Accurate Times => ":Win32App" ADS removed successfully..
C:\Program Files\Al Madinah Mushaf => ":Win32App" ADS removed successfully..
C:\Program Files\Calibre2 => ":Win32App" ADS removed successfully..
C:\Program Files\CCleaner => ":Win32App" ADS removed successfully..
C:\Program Files\CDisplayEx => ":Win32App" ADS removed successfully..
C:\Program Files\LastPass => ":Win32App" ADS removed successfully..
C:\Program Files\Malwarebytes Anti-Malware => ":Win32App" ADS removed successfully..
C:\Program Files\Microsoft LifeCam => ":Win32App" ADS removed successfully..
C:\Program Files\Microsoft Mouse and Keyboard Center => ":Win32App" ADS removed successfully..
C:\Program Files\Microsoft Office => ":Win32App" ADS removed successfully..
C:\Program Files\Microsoft Office 15 => ":Win32App" ADS removed successfully..
C:\Program Files\Quran In Ms Word => ":Win32App" ADS removed successfully..
C:\Program Files\Tracker Software => ":Win32App" ADS removed successfully..
C:\Program Files\Common Files\DESIGNER => ":Win32App" ADS removed successfully..
C:\Program Files\Common Files\microsoft shared => ":Win32App" ADS removed successfully..
C:\Program Files\Common Files\Skype => ":Win32App" ADS removed successfully..
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App" ADS removed successfully..
C:\Users\TOSHIBA-PC\AppData\Local\Temp => ":Win32App" ADS removed successfully..

==== End of Fixlog 22:32:01 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Security Check results:
Results of screen317's Security Check version 1.009
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Avira Antivirus
Windows Defender
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Flash Player 19.0.0.245
Google Chrome (46.0.2490.80)
Google Chrome (46.0.2490.86)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
 
FSS Results:
Farbar Service Scanner Version: 26-07-2015
Ran by TOSHIBA-PC (administrator) on 16-11-2015 at 06:04:59
Running from "C:\Users\TOSHIBA-PC\Desktop"
Microsoft Windows 10 Home (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\WINDOWS\system32\nsisvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\WINDOWS\system32\dhcpcore.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\mpssvc.dll => File is digitally signed
C:\WINDOWS\system32\bfe.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuaueng.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
Ok. I have completed a Sophos Virus Removal scan; and it stated "Number of threats found: 0."

The scan was performed while my anti-virus (Avira) and Malware programs were disabled.

While performing the scan, Windows defender gives me a window stating that there is a potential threat found. Does that mean anything?

Look forward to your reply and thanks.
 
Don't worry about Window Defender :)

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you very much for your help.

I have a question: In my original post I stated that I deleted Firefox. Is it safe for me to re-download and install it?
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
Jess_123
My num pad + doesn't work ...
Replies
0
Views
281
Jess_123
Jess_123
O
Syngate - what is it and why has it shown up on my laptop?
Replies
2
Views
296
Nelson28
N

Latest posts

Back