Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Laptop is infected by Hohosearch and Tencent\QQPCMgr Virus [C

Started by Frank Noko , May 30 2016 02:14 AM

  • This topic is locked This topic is locked

#16
Frank Noko
Posted 14 June 2016 - 01:17 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation unsupported OS
Validation Code: 6
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GQXBC-K4PHH-XD6VK
Windows Product Key Hash: wN7Y60mvwqfCjpDm0BuCMBJG0Uc=
Windows Product ID: 00262-30140-11184-AAOEM
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 6.3.9600.2.00010300.0.0.100
ID: {F497ABBE-F5C9-411E-A29B-F4956D54E96F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 8.1 Single Language
Architecture: 0x00000009
Build lab: 9600.winblue_ltsb.160328-1315
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 111 Unsupported OS
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Weness\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\WINDOWS\system32\licdll.dll[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80070002]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80070002]
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F497ABBE-F5C9-411E-A29B-F4956D54E96F}</UGUID><Version>1.9.0027.0</Version><OS>6.3.9600.2.00010300.0.0.100</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XD6VK</PKey><PID>00262-30140-11184-AAOEM</PID><PIDType>0</PIDType><SID>S-1-5-21-2472899907-1604452211-935407213</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>SATELLITE C50-A</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>1.30</Version><SMBIOSVersion major="2" minor="7"/><Date>20130916000000.000000+000</Date></BIOS><HWID>7FD93B07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>111</Result><Products/><Applications><App Id="00" Version="10" Result="260"/><App Id="01" Version="10" Result="12343992"/><App Id="02" Version="10" Result="2"/><App Id="03" Version="10" Result="10"/><App Id="04" Version="10" Result="31"/><App Id="06" Version="10" Result="80"/><App Id="07" Version="10" Result="31"/><App Id="08" Version="10" Result="3"/><App Id="09" Version="10" Result="62"/><App Id="0C" Version="10" Result="28237024"/><App Id="0D" Version="10" Result="62"/><App Id="0F" Version="10" Result="34078782"/><App Id="10" Version="10" Result="11459808"/><App Id="11" Version="10" Result="12995716"/><App Id="13" Version="10" Result="1910025711"/><App Id="14" Version="10" Result="1883351844"/><App Id="15" Version="10" Result="1883352016"/><App Id="16" Version="10" Result="-1073741772"/><App Id="17" Version="10" Result="11464760"/><App Id="18" Version="10" Result="2000778112"/><App Id="19" Version="10" Result="131328484"/><App Id="1A" Version="10" Result="11460452"/><App Id="1B" Version="10" Result="62"/><App Id="1C" Version="10" Result="11460336"/><App Id="1D" Version="10" Result="2000463431"/><App Id="1E" Version="10" Result="12344000"/><App Id="1F" Version="10" Result="11459808"/><App Id="20" Version="10" Result="62"/><App Id="21" Version="10" Result="11461232"/><App Id="22" Version="10" Result="12306048"/><App Id="23" Version="10" Result="2000463558"/><App Id="24" Version="10" Result="572"/><App Id="25" Version="10" Result="11459808"/><App Id="26" Version="10" Result="2000463564"/><App Id="27" Version="10" Result="122060"/><App Id="29" Version="10" Result="34078782"/><App Id="2A" Version="10" Result="11459808"/><App Id="2B" Version="10" Result="11403326"/><App Id="2C" Version="10" Result="8"/><App Id="2E" Version="10" Result="12344000"/><App Id="2F" Version="10" Result="5898330"/><App Id="31" Version="10" Result="11460468"/><App Id="32" Version="10" Result="11460488"/><App Id="33" Version="10" Result="2"/><App Id="35" Version="10" Result="3801155"/><App Id="36" Version="10" Result="5701724"/><App Id="37" Version="10" Result="5111881"/><App Id="38" Version="10" Result="5177412"/><App Id="39" Version="10" Result="5439575"/><App Id="3A" Version="10" Result="7536732"/><App Id="3B" Version="10" Result="7536761"/><App Id="3C" Version="10" Result="6619252"/><App Id="3D" Version="10" Result="3342445"/><App Id="3E" Version="10" Result="6029362"/><App Id="3F" Version="10" Result="4653143"/><App Id="40" Version="10" Result="5505089"/><App Id="41" Version="10" Result="7536741"/><App Id="42" Version="10" Result="3014772"/><App Id="43" Version="10" Result="6357091"/><App Id="44" Version="10" Result="98"/><App Id="AC" Version="10" Result="11460332"/><App Id="AD" Version="10" Result="10747904"/><App Id="AE" Version="10" Result="2000283750"/><App Id="AF" Version="10" Result="10750888"/><App Id="B0" Version="10" Result="10747904"/><App Id="B1" Version="10" Result="12273720"/><App Id="B5" Version="10" Result="10748120"/><App Id="B6" Version="10" Result="12058624"/><App Id="B7" Version="10" Result="12273720"/><App Id="B8" Version="10" Result="11460412"/><App Id="B9" Version="10" Result="2000600138"/><App Id="BA" Version="10" Result="65537"/><App Id="BB" Version="10" Result="11461232"/><App Id="BC" Version="10" Result="-1073741809"/><App Id="BF" Version="10" Result="10750968"/><App Id="C0" Version="10" Result="12273720"/><App Id="C1" Version="10" Result="1883351136"/><App Id="C2" Version="10" Result="11461232"/><App Id="C3" Version="10" Result="-1073741809"/><App Id="C5" Version="10" Result="75"/><App Id="C6" Version="10" Result="11460368"/><App Id="C8" Version="10" Result="11464760"/><App Id="C9" Version="10" Result="2000778112"/><App Id="CA" Version="10" Result="131279708"/><App Id="CB" Version="10" Result="-2"/><App Id="CC" Version="10" Result="11461160"/><App Id="CD" Version="10" Result="1992683756"/><App Id="CE" Version="10" Result="2"/><App Id="CF" Version="10" Result="11460460"/><App Id="D0" Version="10" Result="2000453540"/><App Id="D1" Version="10" Result="11460548"/><App Id="D2" Version="10" Result="11537228"/><App Id="D3" Version="10" Result="11537204"/><App Id="D4" Version="10" Result="11460676"/><App Id="D5" Version="10" Result="11537160"/><App Id="D6" Version="10" Result="11537204"/><App Id="D8" Version="10" Result="11460576"/><App Id="D9" Version="10" Result="11460500"/><App Id="DA" Version="10" Result="2000453493"/><App Id="DB" Version="10" Result="11460564"/><App Id="DC" Version="10" Result="11469052"/><App Id="DD" Version="10" Result="9"/><App Id="DE" Version="10" Result="11468800"/><App Id="E1" Version="10" Result="2000455148"/><App Id="E2" Version="10" Result="11460736"/><App Id="E3" Version="10" Result="11474764"/><App Id="E4" Version="10" Result="11476644"/><App Id="E5" Version="10" Result="11474904"/><App Id="E6" Version="10" Result="1"/><App Id="E7" Version="10" Result="16"/><App Id="E8" Version="10" Result="2000453344"/><App Id="E9" Version="10" Result="1952"/><App Id="EB" Version="10" Result="11460676"/><App Id="EC" Version="10" Result="11460820"/><App Id="ED" Version="10" Result="16900112"/><App Id="EE" Version="10" Result="-194488364"/><App Id="EF" Version="10" Result="380"/><App Id="F0" Version="10" Result="2"/><App Id="F1" Version="10" Result="236"/><App Id="F2" Version="10" Result="2"/><App Id="F4" Version="10" Result="1883351228"/><App Id="F5" Version="10" Result="11460692"/><App Id="F6" Version="10" Result="2000454578"/><App Id="F7" Version="10" Result="11460820"/><App Id="F8" Version="10" Result="11460736"/><App Id="F9" Version="10" Result="11460680"/><App Id="FA" Version="10" Result="11460676"/><App Id="FB" Version="10" Result="11460636"/><App Id="FC" Version="10" Result="11460624"/><App Id="FD" Version="10" Result="11461036"/><App Id="FE" Version="10" Result="11460920"/><App Id="FF" Version="10" Result="2000454751"/><App Id="00" Version="11" Result="11460820"/><App Id="01" Version="11" Result="1952"/><App Id="04" Version="11" Result="11474764"/><App Id="06" Version="11" Result="24"/><App Id="07" Version="11" Result="3"/><App Id="09" Version="11" Result="2"/><App Id="0A" Version="11" Result="3"/><App Id="0B" Version="11" Result="2"/><App Id="0C" Version="11" Result="2136010752"/><App Id="0D" Version="11" Result="2135977984"/><App Id="0E" Version="11" Result="-194488364"/><App Id="0F" Version="11" Result="1"/><App Id="10" Version="11" Result="1883346768"/><App Id="12" Version="11" Result="11460884"/><App Id="13" Version="11" Result="2000456528"/><App Id="14" Version="11" Result="3"/><App Id="16" Version="11" Result="2"/><App Id="17" Version="11" Result="11460820"/><App Id="18" Version="11" Result="11460736"/><App Id="19" Version="11" Result="11461432"/><App Id="1B" Version="11" Result="2000456629"/><App Id="1D" Version="11" Result="64"/><App Id="2D" Version="11" Result="9"/><App Id="2F" Version="11" Result="11460968"/><App Id="30" Version="11" Result="11462148"/><App Id="31" Version="11" Result="-1073741515"/><App Id="32" Version="11" Result="11461416"/><App Id="33" Version="11" Result="12301600"/><App Id="38" Version="11" Result="11461416"/><App Id="3B" Version="11" Result="108"/><App Id="3C" Version="11" Result="-1073741515"/>
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
N/A, hr = 0x80070424
 
Windows Activation Technologies-->
N/A
 
HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAEAAQABAAAABAABAAEA6GEmBY4OWPhUVHoJEAKKt1J/AKiuhX4ZlmM=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  DBGP TOSINV TOSINV00
  FACP TOSINV TOSINV00
  APIC TOSINV TOSINV00
  BOOT TOSINV TOSINV00
  HPET TOSINV TOSINV00
  WDAT TOSINV TOSINV00
  FPDT TOSINV TOSINV00
  MCFG TOSINV TOSINV00
  UEFI TOSINV TOSINV00
  ASF! TOSINV TOSINV00
  SLIC TOSINV TOSINV00
  SSDT INSYDE CR CRB  
  ASPT TOSINV TOSINV00
  SSDT INSYDE CR CRB  
  MSDM TOSINV TOSINV00
  SSDT INSYDE CR CRB  
  SSDT INSYDE CR CRB  
  BGRT TOSINV TOSINV00
 
COMMENT
 
Still getting the following message when I tried to copy the MGADiag scan text output  "Failed to create output file, hr= 0x80070002. Please contact support.
 

  • 0

Advertisements

#17
Frank Noko
Posted 15 June 2016 - 04:50 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
<DiagReport>
<LicensingData>
  <ToolVersion>6.3.9600.16384</ToolVersion>
  <LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
  <LicensingStatusReason>0x00000000</LicensingStatusReason>
  <LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
  <LocalGenuineResultP>1</LocalGenuineResultP>
  <LastOnlineGenuineResult>0x00000000</LastOnlineGenuineResult>
  <GraceTimeMinutes>0</GraceTimeMinutes>
  <TotalGraceDays>0</TotalGraceDays>
  <ValidityExpiration></ValidityExpiration>
  <ActivePartialProductKey>XD6VK</ActivePartialProductKey>
  <ActiveProductKeyPid2>00262-30140-11184-AAOEM</ActiveProductKeyPid2>
  <OSVersion>6.3.9600.2.00010300.0.0.100</OSVersion>
  <ProductName>Windows 8.1 Single Language</ProductName>
  <ProcessorArchitecture>x64</ProcessorArchitecture>
  <EditionId>CoreSingleLanguage</EditionId>
  <BuildLab>9600.winblue_ltsb.160328-1315</BuildLab>
  <TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone>
  <ActiveSkuId>e2ca509a-a2f4-498b-ba09-297685d369ac</ActiveSkuId>
  <ActiveSkuDescription>Windows® Operating System, OEM_DM channel</ActiveSkuDescription>
  <ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
  <ActiveProductKeyPKeyId>fb269a14-eacc-2d48-afcf-6990da34f9fc</ActiveProductKeyPKeyId>
  <ActiveProductKeyPidEx>06401-02623-014-011184-02-1033-9600.0000-3162013</ActiveProductKeyPidEx>
  <ActiveProductKeyChannel>OEM:DM</ActiveProductKeyChannel>
  <ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
  <OfflineInstallationId>603081582737500005845757975393524944996126550838183451428816962</OfflineInstallationId>
  <DomainJoined>false</DomainJoined>
  <ComputerSid>S-1-5-21-2472899907-1604452211-935407213</ComputerSid>
  <ProductLCID>1033</ProductLCID>
  <UserLCID>1033</UserLCID>
  <SystemLCID>1033</SystemLCID>
  <CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
  <ServiceAvailable>true</ServiceAvailable>
  <OemMarkerVersion>0x00020001</OemMarkerVersion>
  <OemId>TOSINV</OemId>
  <OemTableId>TOSINV00</OemTableId>
  <Manufacturer>TOSHIBA</Manufacturer>
  <Model>SATELLITE C50-A</Model>
  <InstallDate>20141020103412.000000+120</InstallDate>
</LicensingData>
<HealthCheck>
  <Result>PASS</Result>
  <TamperedItems></TamperedItems>
</HealthCheck>
<GenuineAuthz>
  <ServerProps>GenuineId=55c92734-d682-4d71-983e-d6ec3f16059f;OemId=J028;OptionalInfoId=pZjZ2ONpTePpyYPjcYRSW0aOt/jdenHBBiYcpj5O4+UkG5XhsMpLkhg/mWm04iFy;Pid=CO3ICzmcV0wMhKj48oIq6Lfmae9c0DON/F3uowoqLro=;SkuId=e2ca509a-a2f4-498b-ba09-297685d369ac;TimeStampServer=2014-03-29T18:56:27Z;</ServerProps>
</GenuineAuthz>
</DiagReport>

  • 0

#18
Machiavelli
Posted 16 June 2016 - 08:30 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I will be back soon.


  • 0

#19
Machiavelli
Posted 16 June 2016 - 10:39 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

STEP 0
MgeHyNE.png Licensing Diag (W8)

  • Right-click the Windows Start startwin8.gif button and click Command Prompt (Admin).
  • Copy the entire contents of the codebox below and paste (right-click + Paste) into the Command Prompt. Press Enter on your keyboard.
Licensingdiag.exe -report %userprofile%\desktop\LDReport.txt -log %userprofile%\desktop\repfiles.cab
  • Upon completion, (The operation completed successfully) type Exit and press Enter on your keyboard.
  • A log (LDReport.txt) will be saved to your Desktop. Copy the contents of the log and paste in your next reply.

 

STEP 1
sSxh9jE.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your Anti-Virus software. For instructions, please refer to the following link.
  • Right-click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your Desktop.
  • Re-enable your Anti-Virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 2
eL8MiAP.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click A49sxPr.png Scan
  • Upon completion, click 6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click MqHawIb.png Clean
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • JRT.txt
  • AdwCleaner[C1].txt
  • FRST & Addition log

  • 0

#20
Frank Noko
Posted 17 June 2016 - 01:26 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Deleted Post


Edited by Frank Noko, 17 June 2016 - 01:59 AM.

  • 0

#21
Frank Noko
Posted 17 June 2016 - 01:31 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

SYNCHRONIZATION ERROR

 

Pliz ignore the above post. I reposted it after noticing that the massage was missing in this discussion


  • 0

#22
Frank Noko
Posted 17 June 2016 - 01:57 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
<DiagReport>
<LicensingData>
  <ToolVersion>6.3.9600.16384</ToolVersion>
  <LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
  <LicensingStatusReason>0x00000000</LicensingStatusReason>
  <LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
  <LocalGenuineResultP>1</LocalGenuineResultP>
  <LastOnlineGenuineResult>0x00000000</LastOnlineGenuineResult>
  <GraceTimeMinutes>0</GraceTimeMinutes>
  <TotalGraceDays>0</TotalGraceDays>
  <ValidityExpiration></ValidityExpiration>
  <ActivePartialProductKey>XD6VK</ActivePartialProductKey>
  <ActiveProductKeyPid2>00262-30140-11184-AAOEM</ActiveProductKeyPid2>
  <OSVersion>6.3.9600.2.00010300.0.0.100</OSVersion>
  <ProductName>Windows 8.1 Single Language</ProductName>
  <ProcessorArchitecture>x64</ProcessorArchitecture>
  <EditionId>CoreSingleLanguage</EditionId>
  <BuildLab>9600.winblue_ltsb.160328-1315</BuildLab>
  <TimeZone>South Africa Standard Time(GMT+02:00)</TimeZone>
  <ActiveSkuId>e2ca509a-a2f4-498b-ba09-297685d369ac</ActiveSkuId>
  <ActiveSkuDescription>Windows® Operating System, OEM_DM channel</ActiveSkuDescription>
  <ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
  <ActiveProductKeyPKeyId>fb269a14-eacc-2d48-afcf-6990da34f9fc</ActiveProductKeyPKeyId>
  <ActiveProductKeyPidEx>06401-02623-014-011184-02-1033-9600.0000-3162013</ActiveProductKeyPidEx>
  <ActiveProductKeyChannel>OEM:DM</ActiveProductKeyChannel>
  <ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
  <OfflineInstallationId>603081582737500005845757975393524944996126550838183451428816962</OfflineInstallationId>
  <DomainJoined>false</DomainJoined>
  <ComputerSid>S-1-5-21-2472899907-1604452211-935407213</ComputerSid>
  <ProductLCID>1033</ProductLCID>
  <UserLCID>1033</UserLCID>
  <SystemLCID>1033</SystemLCID>
  <CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
  <ServiceAvailable>true</ServiceAvailable>
  <OemMarkerVersion>0x00020001</OemMarkerVersion>
  <OemId>TOSINV</OemId>
  <OemTableId>TOSINV00</OemTableId>
  <Manufacturer>TOSHIBA</Manufacturer>
  <Model>SATELLITE C50-A</Model>
  <InstallDate>20141020103412.000000+120</InstallDate>
</LicensingData>
<HealthCheck>
  <Result>PASS</Result>
  <TamperedItems></TamperedItems>
</HealthCheck>
<GenuineAuthz>
  <ServerProps>GenuineId=55c92734-d682-4d71-983e-d6ec3f16059f;OemId=J028;OptionalInfoId=pZjZ2ONpTePpyYPjcYRSW0aOt/jdenHBBiYcpj5O4+UkG5XhsMpLkhg/mWm04iFy;Pid=CO3ICzmcV0wMhKj48oIq6Lfmae9c0DON/F3uowoqLro=;SkuId=e2ca509a-a2f4-498b-ba09-297685d369ac;TimeStampServer=2014-03-29T18:56:27Z;</ServerProps>
</GenuineAuthz>
</DiagReport>

  • 0

#23
Frank Noko
Posted 18 June 2016 - 05:42 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 Single Language x64 
Ran by oliver (Administrator) on 17-Jun-16 at 10:19:28.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Failed to delete: C:\ProgramData\tencent (Folder) 
Failed to delete: C:\Users\oliver\AppData\Roaming\tencent (Folder) 
Failed to delete: C:\WINDOWS\system32\drivers\tfsfltx64.sys (File) 
Failed to delete: C:\Program Files (x86)\tencent (Folder) 
Failed to delete: C:\Program Files\Common Files\tencent (Folder) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\cloudprinter (Folder) 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\ProgramData\txqmpc (Folder) 
Successfully deleted: C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\u26ralq4.default\searchplugins\nuesearch.xml (File) 
Successfully deleted: C:\Users\oliver\Documents\optimizer pro (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\WINDOWS\chromebrowser.exe (File) 
Successfully deleted: C:\WINDOWS\system32\drivers\taoaccelerator64.sys (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\findit.xml (File) 
Successfully deleted: C:\Program Files (x86)\Common Files\tencent (Folder) 
 
Deleted the following from C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\u26ralq4.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);
 
 
 
Registry: 28 
 
Failed to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray (Registry Value) 
Failed to delete: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray (Registry Value) 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\QQPCRTP (Registry Key) 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\TFsFlt (Registry Key) 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\TSDefenseBt (Registry Key) 
Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/npandroidassistant (Registry Key) 
Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/qqpcmgr (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\QMUdisk (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TAOAccelerator (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TAOKernelDriver (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TS888x64 (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TSSysKit (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17-Jun-16 at 10:23:04.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v5.200 - Logfile created 18/06/2016 at 12:57:31
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-17.1 [Server]
# Operating system : Windows 8.1 Single Language  (X64)
# Username : oliver - TOSHIBA
# Running from : C:\Users\oliver\Desktop\AdwCleaner(1).exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : QQPCRTP
[-] Service Deleted : TAOAccelerator
[-] Service Deleted : TSDefenseBt
[!] Service Not Deleted : TSSysKit
[-] Service Deleted : QMUdisk
[-] Service Deleted : TS888x64
[-] Service Deleted : QQSysMonX64
[-] Service Deleted : TFsFlt
[-] Service Deleted : TAOKernelDriver
[-] Service Deleted : SSFK
[-] Service Deleted : WdMan
[-] Service Deleted : softaal
[-] Service Deleted : CloudPrinter
[!] Service Not Deleted : SRepairDrv
[-] Service Deleted : tsnethlpx64
[-] Service Deleted : GoogleChromeUpService
[-] Service Deleted : QQRepair1dd9
[-] Service Deleted : QQRepairFixSVC
[-] Service Deleted : didedobyzbt
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\ProgramData\Uncheckit
[-] Folder Deleted : C:\ProgramData\Weness
[-] Folder Deleted : C:\ProgramData\6winp6
[-] Folder Deleted : C:\ProgramData\bwinpb
[-] Folder Deleted : C:\ProgramData\QwinpQ
[#] Folder Deleted : C:\ProgramData\Application Data\tencent
[#] Folder Deleted : C:\ProgramData\Application Data\TXQMPC
[#] Folder Deleted : C:\ProgramData\Application Data\Uncheckit
[#] Folder Deleted : C:\ProgramData\Application Data\Weness
[#] Folder Deleted : C:\ProgramData\Application Data\6winp6
[#] Folder Deleted : C:\ProgramData\Application Data\bwinpb
[#] Folder Deleted : C:\ProgramData\Application Data\QwinpQ
[-] Folder Deleted : C:\Program Files (x86)\SFK
[#] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\WinZipper
[-] Folder Deleted : C:\Program Files (x86)\QQBrowser
[-] Folder Deleted : C:\Program Files (x86)\Weness
[-] Folder Deleted : C:\Program Files (x86)\TXQQBrowser
[-] Folder Deleted : C:\Program Files (x86)\20668AF2-1463173963-E311-AB28-008CFA7E37CB
[-] Folder Deleted : C:\Program Files (x86)\Tawesh
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Users\oliver\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
[-] Folder Deleted : C:\Users\oliver\AppData\Local\Weness
[-] Folder Deleted : C:\Users\oliver\AppData\Local\20668AF2-1463181474-E311-AB28-008CFA7E37CB
[-] Folder Deleted : C:\Users\oliver\AppData\Roaming\eCyber
[#] Folder Deleted : C:\Users\oliver\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\oliver\AppData\Roaming\TSv
[-] Folder Deleted : C:\Users\oliver\AppData\Roaming\WinZiper
[-] Folder Deleted : C:\Users\oliver\AppData\Roaming\UPUpdata
[-] Folder Deleted : C:\Users\oliver\AppData\Roaming\Uncheckit
[-] Folder Deleted : C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\YourGSearchFinder_br
[#] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\Users\oliver\AppData\Local\VirtualStore\Program Files (x86)\tencent
 
***** [ Files ] *****
 
[-] File Deleted : C:\WINDOWS\SysWOW64\drivers\TS888x64.sys
[-] File Deleted : C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOAccelerator64.sys
[!] File Not Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOKernelEx64.sys
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : snp
[-] Task Deleted : snf
[-] Task Deleted : Browser Updater Task(Core)
[-] Task Deleted : WenessUpdateTaskMachineCore
[-] Task Deleted : WenessUpdateTaskMachineUA
[-] Task Deleted : Tawesh Helper
[-] Task Deleted : psv_Duolab
[-] Task Deleted : psv_Faxdom
[-] Task Deleted : psv_Goodfresh
[-] Task Deleted : psv_Opecof
[-] Task Deleted : psv_Tresdomcof
[-] Task Deleted : psv_Zaamsonzap
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Key Deleted : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Key Deleted : HKLM\SOFTWARE\Classes\.qbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKEY_CLASSES_ROOT\.qmgc
[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmbfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\qpakfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\qqapp
[-] Key Deleted : HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid
[-] Key Deleted : HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\QQPCMgr.qbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\qqpro
[-] Key Deleted : HKLM\SOFTWARE\Classes\TencentAndroidAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{573F9869-D92C-4B7E-A9C3-F042278D5078}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{754DF2CE-51E8-4895-B53C-6381418B84AE}]
[-] Key Deleted : HKCU\Software\csastats
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\hohosearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key Deleted : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{365ADADE-814B-400C-877C-95E9F684BBEB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key Deleted : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[+] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{82D9C473-2D97-428C-A409-EBB198731E9C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{52D109BA-1C48-4DAA-A7EC-D00F820D3AFB}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FF5B06E8-21DC-4CF4-9158-81AD115A2475}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{491FCB4C-B249-4025-8CB4-EE4000CFE774}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{347195AA-E229-4564-BEF4-517A0F0C0409}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{CC677246-B20D-49B7-B32E-909BBC09A4AF}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{CE8B7490-A48E-4A24-8D15-C3C7087CA891}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9607B9A9-9A66-414A-8CE0-EE542240469D}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{44F2C5E0-DBF0-4EF4-8386-679FC9198D27}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{63890222-C44E-413A-8A3C-9C7B35F63D67}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6D3FB261-2114-4A99-9D68-7390B82742D9}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2A9CE69E-F549-4049-8CC1-E5357914951B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D7F9DD3F-EF99-4A3B-A8E8-DB696C6682F8}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{32971A39-B97D-48B1-9230-8E7E713024B9}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DEF4880F-337F-4A32-9BC9-39705962CEBB}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9B6754D9-BFE0-4C5A-9B9E-9E7D1E99BBD6}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{74DDF6E6-EEFE-4FE5-B55C-4BA6C7AE4526}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{12BD19D5-8906-419A-85A8-41928D8E5CEE}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E9E447E5-F41D-409D-BB1B-912C1BF94A3C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4CDA80AF-9E28-41A0-9B82-8C4B8D0DC7DB}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{48EA8908-D563-4370-9117-DCBFAE38EB66}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6366A041-76E0-4A70-AC11-C85C4FE088E9}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5F58CE07-55EC-445A-9686-1F2AD2D38983}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B872AAC2-A9B0-4CA3-BE02-DCE0256A32C5}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{28FA86E9-6646-4A29-8F72-26A0CFA0DCD6}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{47005EFD-8E05-428B-8062-21198CB5143B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EDACF653-D870-42D2-A1C0-6FAD88B07037}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EC6E757F-95B1-4794-8163-DE411C1BBCB3}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{CCE1D71F-D18C-49EB-95EE-66117682F4F7}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command []
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mini2015.qq.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
 
***** [ Web browsers ] *****
 
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.hohosearch.com/?ts=AHEqAn4rB38sC0..&v=20160513&uid=D65811CD2053B48C3A5F6FABEFC539D4&ptid=ftp&mode=loadm");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "hohosearch");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=hohosearch");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.search.searchengine.hp", "hxxp://www.hohosearch.com/?ts=AHEqAn4rB38sC0..&v=20160513&uid=D65811CD2053B48C3A5F6FABEFC539D4&ptid=ftp&mode=loadm");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.search.searchengine.sp", "hxxp://www.hohosearch.com/chrome.php?mode=ffsengext&ptid=ftp&q={searchTerms}&ts=AHEqAn4rB38sC0..&uid=D65811CD2053B48C3A5F6FABEFC539D4&v=20160513");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.search.searchengine.uid", "D65811CD2053B48C3A5F6FABEFC539D4");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.hohosearch.com/chrome.php?mode=ffsengext&ptid=ftp&q={searchTerms}&ts=AHEqAn4rB38sC0..&uid=D65811CD2053B48C3A5F6FABEFC539D4&v=20160513");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "hohosearch");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://www.hohosearch.com/?ts=AHEqAn4rB38sC0..&v=20160513&uid=D65811CD2053B48C3A5F6FABEFC539D4&ptid=ftp&mode=loadm");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "46.0");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=782a813d");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", true);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016051517");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1466240765863");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLo[...]
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.searchHistory", "roy bennettshear walls");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "hxxp://www.hohosearch.com/chrome.php?uid=D65811CD2053B48C3A5F6FABEFC539D4&ptid=ftp&ts=AHEqAn4rB38sC0..&v=20160513&mode=ffexttoolbar&q=[...]
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", false);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\oliver\\\\AppData\\\[...]
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[email protected]");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\prefs.js] Deleted : user_pref("keyword.URL", "hxxp://www.hohosearch.com/chrome.php?uid=D65811CD2053B48C3A5F6FABEFC539D4&ptid=ftp&ts=AHEqAn4rB38sC0..&v=20160513&mode=ffexttoolbar&q=");
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [22615 bytes] - [18/06/2016 12:57:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [23133 bytes] - [17/06/2016 12:56:30]
C:\AdwCleaner\AdwCleaner[S3].txt - [23104 bytes] - [18/06/2016 12:46:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [22837 bytes] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016
Ran by oliver (administrator) on TOSHIBA (18-06-2016 13:12:46)
Running from C:\Users\oliver\Desktop
Loaded Profiles: oliver (Available Profiles: oliver & Administrator)
Platform: Windows 8.1 Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Weness\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
() C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HSDPALauncher] => C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe [233472 2012-02-22] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ic-0.9d8fbedaf301b8.exe -start] => C:\Users\oliver\AppData\Local\Temp\113257328\ic-0.9d8fbedaf301b8.exe -start <===== ATTENTION
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-05-13] (Tencent)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-06-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471a77-b763-11e3-8259-a4db30eaa69f} - "E:\autorun.exe" 
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471aa6-b763-11e3-8259-a4db30eaa69f} - "F:\autorun.exe" 
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471c18-b763-11e3-8259-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471d04-b763-11e3-8259-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {207c0123-c1a6-11e3-825e-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {207c0976-c1a6-11e3-825e-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {63fe9841-0c39-11e5-8264-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {63fe9936-0c39-11e5-8264-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {b09f42fb-8162-11e4-825f-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {cd6cbf1e-6786-11e4-825f-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {e6d772f0-fa56-11e4-8261-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll [2016-05-13] (Tencent)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-15] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 168.210.2.2 196.14.239.2
Tcpip\..\Interfaces\{290EC7AD-1445-480D-A04F-A1F7C70EF173}: [DhcpNameServer] 168.210.2.2 196.14.239.2
Tcpip\..\Interfaces\{2DE2FEA3-6B46-4870-967F-A3D0A56DA5D4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6965B23C-CD2F-42AA-959F-E29AA033569C}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshibamea.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-2472899907-1604452211-935407213-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-05-13] (Tencent)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-15] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-15] (AVAST Software)
 
FireFox:
========
FF ProfilePath: C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default
FF Keyword.URL: undefined://undefined/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-06-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-06-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\searchplugins\isdnex4i.xml [2016-05-13]
FF Extension: GsearchFinder - C:\Users\oliver\AppData\Roaming\Profiles\iv2umxhy.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-13]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR Profile: C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]
CHR Extension: (Google Docs) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]
CHR Extension: (Google Drive) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (YouTube) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
CHR Extension: (Google Sheets) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
CHR Extension: (Gmail) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-15] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-06-15] (AVAST Software)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 QQPCRtp; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-05-13] (Tencent)
U2 QQRepairdac; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairdac [147176 2016-06-18] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-18] ()
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-07-16] (TOSHIBA CORPORATION)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 QQRepairf54; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairf54" [X]
S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a
S2 WenessU; "C:\Program Files (x86)\Weness\Update\WenessUpdate.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-15] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-15] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-06-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-15] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-05-18] (Tencent)
R2 qqsysmonx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-05-13] (电脑管家)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-05-13] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-18] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-05-13] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-05-13] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-05-13] (电脑管家)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-06-18] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-05-13] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-05-13] ()
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-05-13] (电脑管家)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wirelessusbser; C:\Windows\system32\DRIVERS\3GDatausbser64.sys [120832 2009-11-09] (Haier Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-18 13:11 - 2016-06-18 13:12 - 00030159 _____ C:\Users\oliver\Desktop\Addition.txt
2016-06-18 13:09 - 2016-06-18 13:12 - 00020967 _____ C:\Users\oliver\Desktop\FRST.txt
2016-06-18 13:03 - 2016-06-18 13:03 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2016-06-18 13:03 - 2016-05-13 23:13 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-06-18 13:03 - 2016-05-13 23:13 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
2016-06-18 13:01 - 2016-06-18 13:03 - 00000000 ____D C:\ProgramData\TXQMPC
2016-06-18 12:47 - 2016-06-18 12:47 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-18 12:46 - 2016-06-18 12:45 - 03703360 _____ C:\Users\oliver\Desktop\AdwCleaner(1).exe
2016-06-18 12:42 - 2016-06-18 12:45 - 03703360 _____ C:\Users\oliver\Downloads\AdwCleaner(1).exe
2016-06-18 12:31 - 2016-06-18 13:04 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-18 12:31 - 2016-06-18 12:36 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-18 12:31 - 2016-06-18 12:31 - 00003886 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-18 12:31 - 2016-06-18 12:31 - 00003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-18 12:31 - 2016-06-18 12:31 - 00000000 ____D C:\Users\oliver\AppData\Local\Google
2016-06-18 12:29 - 2016-06-18 12:29 - 00987728 _____ (Google Inc.) C:\Users\oliver\Desktop\ChromeSetup.exe
2016-06-17 12:55 - 2016-06-18 12:57 - 00000000 ____D C:\AdwCleaner
2016-06-17 12:22 - 2016-06-17 12:22 - 00406618 _____ C:\Users\oliver\Downloads\TYRIS Organogram Mar 2015.pdf
2016-06-17 11:54 - 2016-06-17 12:27 - 44782080 _____ C:\Users\oliver\Downloads\AlwaysOn-WiFi.msi
2016-06-17 10:23 - 2016-06-17 10:23 - 00004847 _____ C:\Users\oliver\Desktop\JRT.txt
2016-06-17 10:18 - 2016-06-17 10:05 - 01610816 _____ (Malwarebytes) C:\Users\oliver\Desktop\JRT.exe
2016-06-17 10:15 - 2016-06-17 10:16 - 03703360 _____ C:\Users\oliver\Downloads\AdwCleaner (1).exe
2016-06-17 10:14 - 2016-06-17 10:17 - 03703360 _____ C:\Users\oliver\Downloads\AdwCleaner.exe
2016-06-17 10:00 - 2016-06-17 10:05 - 01610816 _____ (Malwarebytes) C:\Users\oliver\Downloads\JRT.exe
2016-06-17 09:53 - 2016-06-17 09:53 - 00005274 _____ C:\Users\oliver\Desktop\LDReport.txt
2016-06-16 06:36 - 2016-06-16 06:36 - 00001879 _____ C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-06-15 22:49 - 2016-06-15 22:49 - 00001949 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-06-15 22:49 - 2016-06-15 22:49 - 00000000 ____D C:\Users\oliver\AppData\Roaming\AVAST Software
2016-06-15 22:49 - 2016-06-15 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-15 22:48 - 2016-06-15 22:48 - 00003038 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466023706
2016-06-15 22:48 - 2016-06-15 22:48 - 00001064 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-15 22:48 - 2016-06-15 22:48 - 00001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-15 22:47 - 2016-06-18 11:08 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-15 22:47 - 2016-06-15 22:47 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-06-15 22:47 - 2016-06-15 22:47 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-06-15 22:47 - 2016-06-15 22:47 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-06-15 22:47 - 2016-06-15 22:47 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-06-15 22:47 - 2016-06-15 22:47 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-06-15 22:47 - 2016-06-15 22:47 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-06-15 22:47 - 2016-06-15 22:47 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-06-15 22:47 - 2016-06-15 22:47 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-06-15 22:47 - 2016-06-15 22:46 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-06-15 22:47 - 2016-06-15 22:46 - 00536312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2016-06-15 22:47 - 2016-06-15 22:46 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-06-15 22:46 - 2016-06-15 22:46 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-06-15 22:46 - 2016-06-15 22:46 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-15 21:58 - 2016-06-15 21:58 - 00000000 ____D C:\Users\oliver\AppData\Roaming\PDF Software
2016-06-15 20:05 - 2016-06-15 20:05 - 00000000 ____D C:\Users\oliver\AppData\LocalLow\uTorrent
2016-06-15 19:01 - 2016-06-15 19:01 - 00000000 ____D C:\Users\oliver\AppData\Roaming\SUPERAntiSpyware.com
2016-06-15 12:46 - 2016-06-15 12:46 - 00005274 _____ C:\Users\oliver\Desktop\report.txt
2016-06-15 11:35 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 11:35 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 11:34 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-15 11:34 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 11:34 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 11:34 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 11:28 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 11:28 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 11:28 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 11:28 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 11:28 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 11:28 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 11:28 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-06-15 11:28 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-15 11:28 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 11:28 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-15 11:28 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 11:28 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-06-15 11:28 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-06-15 11:28 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-06-15 11:28 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-06-15 11:28 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-06-15 11:28 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-06-15 11:28 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-06-15 11:28 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 11:28 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-15 11:28 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 11:28 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-06-15 11:28 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 11:28 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-15 11:28 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-15 11:28 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 11:28 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-15 11:28 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 11:28 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 11:28 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 11:28 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-06-15 11:28 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 11:28 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-06-15 11:28 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-15 11:28 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-15 11:28 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-15 11:28 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-15 11:28 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-15 11:28 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-15 10:19 - 2016-06-15 10:19 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043541421.html
2016-06-15 10:19 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 10:19 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-15 10:19 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 10:19 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 10:19 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 10:19 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 10:19 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 10:19 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00000073 _____ C:\WINDOWS\SysWOW64\EN_1043478453.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043488625.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043488218.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043485718.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043485218.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043479796.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043477031.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043476609.html
2016-06-15 10:18 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 10:18 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\us_1043430578.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043460046.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043456687.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043431593.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000000 ____D C:\WINDOWS\SysWOW64\_tWm
2016-06-15 10:17 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-15 10:17 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-15 10:17 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 10:17 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 10:09 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-15 09:51 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 09:51 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 09:51 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 09:51 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 09:51 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 09:51 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 09:51 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 09:51 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-15 09:51 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-15 09:50 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 09:50 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 09:50 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 09:50 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 09:50 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 09:50 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 09:50 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 09:50 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 09:50 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 09:50 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 09:50 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 09:50 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 09:50 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 09:49 - 2016-06-15 09:49 - 01415179 _____ C:\Users\oliver\Downloads\gibela_supplier_day_get_on_board_presentation.pdf
2016-06-15 09:49 - 2016-06-15 09:49 - 00140782 _____ C:\Users\oliver\Downloads\gibela_supplier_specs_.pdf
2016-06-15 09:48 - 2016-06-15 09:48 - 00605642 _____ C:\Users\oliver\Downloads\gibela_8steps_factsheet.pdf
2016-06-15 09:48 - 2016-06-15 09:48 - 00283988 _____ C:\Users\oliver\Downloads\gibela_supplier_support.pdf
2016-06-15 09:37 - 2016-06-15 09:42 - 3354066944 _____ C:\Users\oliver\Downloads\Zootropolis[HowardMoore2016]byKenzo[dvd9].iso
2016-06-10 10:41 - 2016-06-10 10:41 - 09651146 _____ C:\Users\oliver\Downloads\1505111_Ramadaan_8Pg_Inland-8_compressed.pdf
2016-06-10 09:23 - 2016-06-10 09:23 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2016-06-06 15:20 - 2016-06-06 15:20 - 00000127 _____ C:\Users\oliver\Desktop\ckfiles.txt
2016-06-06 11:17 - 2016-06-06 11:17 - 00007360 _____ C:\Users\oliver\Downloads\Walls09 21 16.23.3912_Shaft Wall_Elevator Door Rough Opening.pdf
2016-06-06 11:16 - 2016-06-06 11:16 - 00039417 _____ C:\Users\oliver\Downloads\Walls09 21 16.23.3910_Shaft Wall_Lobby Elevator Door Elevation.pdf
2016-06-06 11:15 - 2016-06-06 17:27 - 00015505 _____ C:\Users\oliver\Desktop\Meilijian-Erf- Dingani1.xlsx
2016-06-06 10:53 - 2016-06-06 10:53 - 00398495 _____ C:\Users\oliver\Downloads\WallsCEMCO SURE-BOARD 200W.pdf
2016-06-06 10:44 - 2016-06-06 10:44 - 02384017 _____ C:\Users\oliver\Downloads\Walls-shaft-wall-systems-catalog-en-SA926.pdf
2016-06-06 09:45 - 2016-06-06 09:46 - 00000000 ___DC C:\Users\oliver\AppData\Local\MigWiz
2016-06-05 09:27 - 2016-06-16 16:19 - 00000000 ____D C:\Users\oliver\Desktop\FlashDrive
2016-06-03 09:04 - 2016-06-15 13:22 - 798703020 _____ C:\Users\oliver\Downloads\[ www.UsaBit.com ] - Sofia the First The Floating Palace 2013 DVDRIP XVID AC3 ACAB.avi
2016-06-03 08:31 - 2016-06-03 08:31 - 00251202 _____ C:\Users\oliver\Desktop\KingdomPT.Profile.pdf
2016-06-01 13:14 - 2016-06-01 13:14 - 02031992 _____ (Microsoft Corporation) C:\Users\oliver\Desktop\MGADiag (1).exe
2016-06-01 13:14 - 2016-06-01 13:08 - 00468480 _____ () C:\Users\oliver\Desktop\CKScanner.exe
2016-05-30 09:46 - 2016-05-30 09:48 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-24 13:01 - 2016-05-24 13:05 - 00271415 _____ C:\Users\oliver\Desktop\QuotatonParkingCampaignParkingFloorCRST.pdf
2016-05-23 21:22 - 2016-05-23 21:22 - 00000000 ____D C:\Users\oliver\AppData\Local\Avg2015
2016-05-23 13:52 - 2016-05-23 13:53 - 00122409 _____ C:\Users\oliver\Downloads\FW__INQUIRY_ABOUT_SUBCONTRACTING_WORK_.zip.part
2016-05-23 13:48 - 2016-05-23 13:49 - 00207725 _____ C:\Users\oliver\Downloads\SEEKING_SUBCONTRACTING_WORK.zip
2016-05-23 09:45 - 2016-05-23 14:23 - 404512768 _____ C:\Users\oliver\Downloads\Lepoard Boot.cdr
2016-05-20 21:26 - 2016-05-20 22:05 - 00000000 ____D C:\Users\oliver\Desktop\Linkedin
2016-05-20 12:28 - 2016-06-18 13:12 - 00000000 ____D C:\FRST
2016-05-20 12:20 - 2016-05-20 12:23 - 02382336 _____ (Farbar) C:\Users\oliver\Desktop\FRST64.exe
2016-05-19 18:57 - 2016-05-19 18:57 - 00172080 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-05-19 18:57 - 2016-05-19 18:57 - 00032304 ____R (Symantec Corporation) C:\WINDOWS\system32\Drivers\SymIMV.sys
2016-05-19 18:57 - 2016-05-19 18:57 - 00010655 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-05-19 18:57 - 2016-05-19 18:57 - 00000000 ____D C:\Program Files\Symantec
2016-05-19 18:57 - 2016-05-19 18:57 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-05-19 18:56 - 2016-05-19 18:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-05-19 18:56 - 2016-05-19 18:56 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2016-05-19 18:56 - 2016-05-19 18:56 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-05-19 18:55 - 2016-05-19 18:55 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-05-19 18:38 - 2016-06-15 22:06 - 00000000 ____D C:\ProgramData\MFAData
2016-05-19 18:38 - 2016-05-19 18:38 - 00000000 ____D C:\Users\oliver\AppData\Local\MFAData
2016-05-19 10:01 - 2016-05-23 09:05 - 377196995 _____ C:\Users\oliver\Downloads\AVG Antivirus Pro 2015 15.0 Build 6081 (x86x64) Multilingual + Keys [4realtorrentz].rar
2016-05-19 09:25 - 2016-06-15 22:16 - 00000000 ____D C:\ProgramData\Avg
2016-05-19 09:24 - 2016-06-15 22:16 - 00000000 ____D C:\Users\oliver\AppData\Local\AvgSetupLog
2016-05-19 09:24 - 2016-05-19 09:24 - 00000000 ____D C:\Users\oliver\AppData\Local\Avg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-18 13:08 - 2014-10-20 11:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2472899907-1604452211-935407213-1001
2016-06-18 13:04 - 2016-05-13 23:11 - 00000000 ____D C:\ProgramData\Tencent
2016-06-18 13:03 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-18 12:58 - 2016-05-18 09:32 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-18 12:47 - 2016-05-18 09:44 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 12:47 - 2016-05-17 10:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-18 12:44 - 2016-05-18 09:20 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-06-18 12:35 - 2013-09-22 19:59 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-18 12:35 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-18 11:34 - 2016-02-19 22:27 - 00000000 ____D C:\Users\oliver\AppData\Local\Research In Motion
2016-06-18 11:21 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-18 11:20 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 11:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-17 11:49 - 2016-05-13 23:11 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Tencent
2016-06-17 11:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-06-17 09:36 - 2016-01-17 17:43 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-06-16 18:57 - 2013-08-22 16:44 - 00481208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 16:25 - 2016-03-03 22:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-16 16:25 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-06-16 16:21 - 2014-03-29 22:08 - 00000000 ____D C:\Users\oliver\Documents\zsoftware
2016-06-16 15:00 - 2014-11-06 20:13 - 00000000 ____D C:\Users\oliver\AppData\Roaming\vlc
2016-06-16 12:36 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 12:26 - 2014-10-20 17:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-16 12:22 - 2014-10-20 17:07 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-16 11:17 - 2016-02-20 16:13 - 00000000 ____D C:\Users\oliver\Desktop\SCREENSHOTS
2016-06-16 06:36 - 2014-10-31 23:20 - 00000000 ____D C:\Users\oliver\AppData\Roaming\uTorrent
2016-06-15 22:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2016-06-15 22:47 - 2016-03-08 20:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-15 20:04 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-15 12:36 - 2016-01-17 20:01 - 00000000 ____D C:\Users\oliver\Desktop\KingdomProjects
2016-06-15 10:17 - 2016-02-24 09:31 - 00001896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-15 10:17 - 2016-02-24 09:31 - 00001884 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-15 10:17 - 2014-10-20 10:34 - 00001742 _____ C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-06 16:07 - 2014-12-11 20:35 - 00123272 _____ C:\Users\oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-06 15:16 - 2014-03-29 21:40 - 00000000 ____D C:\Users\oliver\Documents\Sifiso100
2016-06-06 10:37 - 2016-05-13 23:18 - 00000000 ____D C:\Program Files (x86)\Cluudomclwuse
2016-06-06 10:36 - 2014-03-29 22:31 - 00000000 ____D C:\Users\oliver\Documents\DinganiFolder
2016-06-06 10:35 - 2016-01-24 14:15 - 00000000 ____D C:\Users\oliver\Desktop\TodoFile
2016-06-05 10:26 - 2016-01-17 17:43 - 00000000 __SHD C:\[Smad-Cage]
2016-06-03 18:15 - 2014-12-28 13:33 - 00000000 ____D C:\Users\oliver\AppData\Roaming\dvdcss
2016-06-03 11:44 - 2014-10-20 10:30 - 00000000 ____D C:\Users\oliver
2016-06-01 09:20 - 2016-03-03 22:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-06-01 09:20 - 2016-03-03 22:01 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-30 10:32 - 2016-02-03 21:25 - 00000000 ____D C:\Users\oliver\Desktop\Advertising Photos
2016-05-30 09:52 - 2013-09-23 05:37 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-26 11:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-19 18:56 - 2013-11-12 02:10 - 00000000 ____D C:\ProgramData\Norton
2016-05-19 12:29 - 2016-03-11 11:18 - 00000000 ____D C:\Users\oliver\Desktop\QueenAkermans
2016-05-19 08:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\ModemLogs
 
==================== Files in the root of some directories =======
 
2016-05-13 23:09 - 2016-05-13 23:09 - 6494208 _____ () C:\Users\oliver\AppData\Roaming\agent.dat
2016-05-13 23:09 - 2016-05-13 23:09 - 0054272 _____ () C:\Users\oliver\AppData\Roaming\ApplicationHosting.dat
2016-05-13 23:09 - 2016-05-13 23:09 - 1626777 _____ () C:\Users\oliver\AppData\Roaming\Cof-In.tst
2016-05-13 23:09 - 2016-05-13 23:09 - 0065568 _____ () C:\Users\oliver\AppData\Roaming\Config.xml
2016-05-13 23:09 - 2016-05-13 23:09 - 0848437 _____ () C:\Users\oliver\AppData\Roaming\Doublehold.bin
2016-05-13 23:08 - 2016-05-13 23:08 - 0015840 _____ () C:\Users\oliver\AppData\Roaming\InstallationConfiguration.xml
2016-05-13 23:08 - 2016-05-13 23:08 - 0127488 _____ () C:\Users\oliver\AppData\Roaming\Installer.dat
2016-05-13 23:09 - 2016-05-13 23:09 - 0126464 _____ () C:\Users\oliver\AppData\Roaming\lobby.dat
2016-05-13 23:09 - 2016-05-13 23:09 - 0018432 _____ () C:\Users\oliver\AppData\Roaming\Main.dat
2016-05-13 23:09 - 2016-05-13 23:09 - 0005568 _____ () C:\Users\oliver\AppData\Roaming\md.xml
2016-05-13 23:09 - 2016-05-13 23:09 - 0126464 _____ () C:\Users\oliver\AppData\Roaming\noah.dat
2016-02-19 22:27 - 2016-04-30 08:20 - 0000385 _____ () C:\Users\oliver\AppData\Roaming\Rim.Desktop.Exception.log
2016-02-19 22:25 - 2016-02-19 22:25 - 0001111 _____ () C:\Users\oliver\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2016-02-19 22:27 - 2016-04-30 08:20 - 0000385 _____ () C:\Users\oliver\AppData\Roaming\Rim.DesktopHelper.Exception.log
2016-05-13 23:09 - 2016-05-13 23:09 - 0072717 _____ () C:\Users\oliver\AppData\Roaming\Truetom.tst
2016-05-13 23:09 - 2016-05-13 23:09 - 0032038 _____ () C:\Users\oliver\AppData\Roaming\uninstall_temp.ico
2008-05-23 17:48 - 2008-05-23 17:48 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-06-23 13:02 - 2008-06-23 13:02 - 0097410 ____R () C:\ProgramData\DeviceManager.xml.rc4
2013-11-12 01:49 - 2013-11-12 01:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\oliver\AppData\Local\Temp\1B76.tmp.exe
C:\Users\oliver\AppData\Local\Temp\avg-9cedb840-73a8-467d-aefb-c46484975b33.exe
C:\Users\oliver\AppData\Local\Temp\DeviceSetup64.exe
C:\Users\oliver\AppData\Local\Temp\libeay32.dll
C:\Users\oliver\AppData\Local\Temp\MediaPlayer__11426.exe
C:\Users\oliver\AppData\Local\Temp\msconfig.exe
C:\Users\oliver\AppData\Local\Temp\msvcr120.dll
C:\Users\oliver\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_45371_Silence.exe
C:\Users\oliver\AppData\Local\Temp\sqlite3.dll
C:\Users\oliver\AppData\Local\Temp\Uninstall.exe
C:\Users\oliver\AppData\Local\Temp\uttE359.tmp.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-15 19:24
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-05-2016
Ran by oliver (2016-06-18 13:13:44)
Running from C:\Users\oliver\Desktop
Windows 8.1 Single Language (X64) (2014-10-20 08:34:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2472899907-1604452211-935407213-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2472899907-1604452211-935407213-501 - Limited - Disabled)
oliver (S-1-5-21-2472899907-1604452211-935407213-1001 - Administrator - Enabled) => C:\Users\oliver
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
3G Voice Modem (HKLM-x32\...\InstallShield_{3A59AA92-8BAC-4795-B17A-5535ED4AA9FA}) (Version: 1.0 - 3G Voice)
3G Voice Modem (x32 Version: 1.0 - 3G Voice) Hidden
Adobe Reader XI (11.0.14)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.2.2260 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.0.0.125 - Symantec Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SafeFinder (HKLM-x32\...\{D05C2B68-CF99-4650-8AAC-6B50311C42A3}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.1.0000 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinRAR 4.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0282E1DB-AAF6-424A-9B54-45C0B4B6DED1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {21E2C840-A3A3-4435-9F8A-3FDCE35B4E0E} - System32\Tasks\TOSHIBA\HotKeysCmds => C:\Windows\system32\hkcmd.exe [2013-08-31] (Intel Corporation)
Task: {26B1AE00-EC41-46AD-9793-74D66D6EE879} - System32\Tasks\SafeZone scheduled Autoupdate 1466023706 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {31D5CE8E-CD48-4A3F-9762-A9CAC96FCCD1} - System32\Tasks\TOSHIBA\TSVU => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [2013-07-23] (TOSHIBA)
Task: {495E3F97-7B83-4F5C-BF3D-9AD70267C6D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {5C4C6110-9EE4-4C06-8924-F039FB97128D} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {681C6E34-07E7-461F-97F0-C9DB36CB1659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {681D84BE-6314-4B16-A2EA-2BC39342FCEC} - System32\Tasks\TOSHIBA\TecoResident => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [2013-08-21] (TOSHIBA Corporation)
Task: {685D3C83-7A4D-4A4E-9B4C-BEEB1F517135} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-15] (AVAST Software)
Task: {73FC3073-E28C-487E-B3AB-48A7AF63712A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {830B4638-C920-4C2C-9D2E-3F1D3C1651EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {960CDA20-480F-43A4-98A3-C765F7B869BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {981BC066-930D-462F-92CE-2A02D76B7AEE} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2013-08-13] (TOSHIBA Corporation)
Task: {9F33B46A-AC92-4E96-8534-B7D4D54E4115} - System32\Tasks\TOSHIBA\IgfxTray => C:\Windows\system32\igfxtray.exe [2013-08-31] (Intel Corporation)
Task: {C608F8E3-75B2-4FB2-AA7D-1BE342D8E709} - System32\Tasks\TOSHIBA\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {E33D88D4-11E3-4789-BF91-D22C3F6666D6} - System32\Tasks\TOSHIBA\Persistence => C:\Windows\system32\igfxpers.exe [2013-08-31] (Intel Corporation)
Task: {EB28C38A-99FD-4ABB-853D-11CB19A3EB9C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {F661E3BE-4142-489B-BC8E-CF71EDF29E56} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {FEEC7355-F4C2-46CD-8E73-1B2959446EE5} - System32\Tasks\TOSHIBA\TCrdMain => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2013-08-17] (TOSHIBA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-03 21:18 - 2011-12-07 12:40 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-02-22 14:31 - 2012-02-22 14:31 - 00233472 _____ () C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-13 04:52 - 2013-08-13 04:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2016-05-23 21:10 - 2016-05-23 21:10 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\5062f8f84e45fee3a39c25e1f72b3461\Windows.UI.ni.dll
2013-08-22 09:19 - 2013-08-22 08:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2016-05-23 21:09 - 2016-05-23 21:09 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll
2016-06-15 22:46 - 2016-06-15 22:46 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-15 22:46 - 2016-06-15 22:46 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-18 12:36 - 2016-06-18 12:36 - 02935808 _____ () C:\Program Files\AVAST Software\Avast\defs\16061800\algo.dll
2016-06-15 22:46 - 2016-06-15 22:46 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00115904 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAntiInject.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\zlib.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00488640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\sqlite.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\tinyxml.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00046784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2016-05-13 23:17 - 2016-03-28 21:11 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2016-05-13 23:12 - 2016-02-28 00:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\oDayProtect.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00128192 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmrtpcontroller.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xImage.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\arkGraphic.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\GF.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xGraphic32.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libpng.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libjpegturbo.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libexpatw.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgImage.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgIOStub.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00169152 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmhipslogpolicy.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00083136 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\MemDefrag.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00337088 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\DlForQd.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00251072 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMWlanMacDll.dll
2016-06-15 22:47 - 2016-06-15 22:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-12 01:43 - 2013-09-03 17:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2016-06-18 13:14 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\oliver\Desktop\2015 Jan -Mar\2015 Photoz\20150816_141156.jpg
DNS Servers: 168.210.2.2 - 196.14.239.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AFA7664F-4339-4BFF-BEA5-E4348581EA7F}] => (Allow) C:\Users\oliver\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4FC6104F-5332-4C91-B6F9-865E9ED9A7DB}] => (Allow) C:\Users\oliver\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2991F92C-F468-4A74-8C63-B231ADA46514}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8F9E0023-9C48-4536-A04B-2B81667B9012}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{3693C593-2BCB-4353-B1DA-3CF65A170CAA}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{286332D7-CAFA-4DC1-AD56-C19A5CC5DC4E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{9EF185E1-B126-4718-B7FC-AAA0B4BADD16}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{A6794C50-F486-4611-B3F9-F08E2BE1CD77}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{29E6EA8B-2EE2-4AB6-B4D9-98F656DE21F3}] => (Allow) LPort=4481
FirewallRules: [{A3E5BB69-CD2F-4054-80A6-2CD4148B492D}] => (Allow) LPort=4481
FirewallRules: [{28D15ECE-0217-476C-95FD-48B398B08C95}] => (Allow) LPort=4482
FirewallRules: [{4AC3ACA7-6174-4851-840A-5411A0DB2F63}] => (Allow) LPort=4482
FirewallRules: [{5063CBF1-D5FE-4F16-972D-3D8A7B9ABEE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3984F31-D74F-4D54-BE56-4B973327C5C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CA2530F3-785D-42F6-9D2A-3D6B96CCC625}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{F6AC9B01-1EFD-40BA-8EA8-3A72D0C89CB4}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{7AAD88D3-89A9-4BB5-8436-0329BEDBE951}] => (Allow) C:\Users\oliver\AppData\Local\Temp\113257328\download\MiniThunderPlatform.exe
FirewallRules: [{2901F26E-F099-4876-AB35-91F5B26262DC}] => (Allow) C:\Users\oliver\AppData\Local\Temp\113257328\download\MiniThunderPlatform.exe
FirewallRules: [{AD563E48-9E59-4538-8BE8-2688FBBFF20F}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe
FirewallRules: [{D7C74366-A051-41F7-9E0C-D63025416878}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe
FirewallRules: [{C2D35217-18D0-466A-A347-E2CB4EC7EF94}] => (Allow) C:\Program Files (x86)\Weness\Update\WenessUpdate.exe
FirewallRules: [{F9024118-639E-4682-BA33-9EA7328E342A}] => (Allow) C:\Program Files (x86)\Weness\Application\chrome.exe
FirewallRules: [{745C808F-7CE7-48E6-A3BC-EEC01EF33F49}] => (Allow) C:\ProgramData\Weness\Weness.exe
FirewallRules: [{4B2962B3-13BA-49AE-AFC8-307FF0E9C72E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B380446F-0388-47CE-B40A-7C177D0E6088}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{E76DF126-61C4-4C25-94B6-0C40D065B8D5}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
 
==================== Restore Points =========================
 
01-06-2016 09:12:46 Scheduled Checkpoint
12-06-2016 20:26:22 Scheduled Checkpoint
16-06-2016 12:21:44 Windows Update
17-06-2016 10:19:38 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2016 01:04:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (06/18/2016 01:03:20 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
Error: (06/18/2016 12:58:32 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
Error: (06/18/2016 11:03:58 AM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser
 
Error: (06/18/2016 11:03:56 AM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser
 
Error: (06/17/2016 12:45:00 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
Error: (06/17/2016 12:26:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/17/2016 11:48:46 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
Error: (06/17/2016 11:43:40 AM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser
 
Error: (06/17/2016 11:43:38 AM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser
 
 
System errors:
=============
Error: (06/18/2016 01:14:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/18/2016 01:05:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Service(WenessU) service failed to start due to the following error: 
%%2
 
Error: (06/18/2016 01:03:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (06/18/2016 01:03:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (06/18/2016 01:03:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The QQPCMgr RTP Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/18/2016 01:03:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Quoteex service failed to start due to the following error: 
%%2
 
Error: (06/18/2016 12:57:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (06/18/2016 12:57:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (06/18/2016 12:57:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSFK service failed to start due to the following error: 
%%1006
 
Error: (06/18/2016 12:57:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-05-10 17:35:15.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-28 20:01:23.310
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-24 22:48:43.375
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-19 10:39:53.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 11:03:19.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1037U @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 3975.27 MB
Available physical RAM: 2006.05 MB
Total Virtual: 4807.27 MB
Available Virtual: 2772.01 MB
 
==================== Drives ================================
 
Drive c: (TI31142400B) (Fixed) (Total:454.84 GB) (Free:206.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 

  • 0

#24
Machiavelli
Posted 19 June 2016 - 11:26 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I will come back to you the next days. (probably tomorrow)


  • 0

#25
Machiavelli
Posted 20 June 2016 - 11:38 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Hello.

 

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of malware is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the programme(s) during this process.

 

 

 

STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • SafeFinder
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above.

 

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

start
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-05-13] (Tencent)ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll [2016-05-13] (Tencent)
Hosts:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-2472899907-1604452211-935407213-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-05-13] (Tencent)
R2 QQPCRtp; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-05-13] (Tencent)
U2 QQRepairdac; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairdac [147176 2016-06-18] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-18] ()
S2 QQRepairf54; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairf54" [X]
S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a
S2 WenessU; "C:\Program Files (x86)\Weness\Update\WenessUpdate.exe" [X]
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-05-18] (Tencent)
R2 qqsysmonx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-05-13] (电脑管家)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-05-13] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-18] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-05-13] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-05-13] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-05-13] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-06-18] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-05-13] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-05-13] ()
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-05-13] (电脑管家)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
FirewallRules: [{B380446F-0388-47CE-B40A-7C177D0E6088}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{E76DF126-61C4-4C25-94B6-0C40D065B8D5}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
CMD: ipconfig /flushdns
EmptyTemp:
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

 

STEP 3
Ky7CZ60.png Malwarebytes Anti-Malware (MBAM)

  • Your version of MBAM is outdated. Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware
  • Click the Settings tab, followed by Detection and Protection and place a checkmark next to Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs, followed by the first Scan Log.
  • Click Export, followed by Copy to ClipboardPaste the log in your next reply.

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • Fixlog.txt
  • FRST log
  • Addition log
 

 


  • 0

Advertisements

#26
Frank Noko
Posted 24 June 2016 - 03:01 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
  • MBAM log

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 22-Jun-16

Scan Time: 9:15 PM

Logfile:

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.06.22.03

Rootkit Database: v2016.05.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: oliver

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 335790

Time Elapsed: 28 min, 0 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by oliver (2016-06-22 10:17:32) Run:1
Running from C:\Users\oliver\Desktop
Loaded Profiles: oliver (Available Profiles: oliver & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-05-13] (Tencent)ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll [2016-05-13] (Tencent)
Hosts:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2472899907-1604452211-935407213-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-05-13] (Tencent)
R2 QQPCRtp; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-05-13] (Tencent)
U2 QQRepairdac; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairdac [147176 2016-06-18] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-18] ()
S2 QQRepairf54; "C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairf54" [X]
S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a
S2 WenessU; "C:\Program Files (x86)\Weness\Update\WenessUpdate.exe" [X]
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-05-18] (Tencent)
R2 qqsysmonx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-05-13] (电脑管家)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-05-13] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-18] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-05-13] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-05-13] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-05-13] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-06-18] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-05-13] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-05-13] ()
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-05-13] (电脑管家)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
FirewallRules: [{B380446F-0388-47CE-B40A-7C177D0E6088}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{E76DF126-61C4-4C25-94B6-0C40D065B8D5}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value could not remove.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value removed successfully
"HKCR\Wow6432Node\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
"HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
QQPCRtp => Unable to stop service.
QQPCRtp => service could not remove
QQRepairdac => service removed successfully
QQRepairFixSVC => service removed successfully
QQRepairf54 => service removed successfully
Quoteex => service removed successfully
WenessU => service removed successfully
QMUdisk => Unable to stop service.
QMUdisk => service removed successfully
qqsysmonx64 => Unable to stop service.
qqsysmonx64 => service could not remove
softaal => Unable to stop service.
softaal => service removed successfully
SRepairDrv => Unable to stop service.
SRepairDrv => service removed successfully
TAOAccelerator => Unable to stop service.
TAOAccelerator => service could not remove
TAOKernelDriver => Unable to stop service.
TAOKernelDriver => service could not remove
TFsFlt => Unable to stop service.
TFsFlt => service could not remove
TS888x64 => Unable to stop service.
TS888x64 => service removed successfully
TSDefenseBt => service could not remove
tsnethlpx64 => Unable to stop service.
tsnethlpx64 => service could not remove
TSSysKit => Unable to stop service.
TSSysKit => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SafeZone 1.48.2066.98\\SystemComponent => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B380446F-0388-47CE-B40A-7C177D0E6088} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E76DF126-61C4-4C25-94B6-0C40D065B8D5} => value removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62638026 B
Java, Flash, Steam htmlcache => 1796 B
Windows/system/drivers => 105204825 B
Edge => 0 B
Chrome => 13170380 B
Firefox => 376716333 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 89281 B
NetworkService => 454962 B
oliver => 3191669756 B
Administrator => 2417260 B

RecycleBin => 4206 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:20:49 ====

 

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by oliver (administrator) on TOSHIBA (22-06-2016 22:17:52)
Running from C:\Users\oliver\Desktop
Loaded Profiles: oliver (Available Profiles: oliver & Administrator)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\LogTransport2.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCLeakScan.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HSDPALauncher] => C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe [233472 2012-02-22] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ic-0.9d8fbedaf301b8.exe -start] => C:\Users\oliver\AppData\Local\Temp\113257328\ic-0.9d8fbedaf301b8.exe -start <===== ATTENTION
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-05-13] (Tencent)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-20] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471a77-b763-11e3-8259-a4db30eaa69f} - "E:\autorun.exe"
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471aa6-b763-11e3-8259-a4db30eaa69f} - "F:\autorun.exe"
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471c18-b763-11e3-8259-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471d04-b763-11e3-8259-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {207c0123-c1a6-11e3-825e-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {207c0976-c1a6-11e3-825e-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {63fe9841-0c39-11e5-8264-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {63fe9936-0c39-11e5-8264-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {b09f42fb-8162-11e4-825f-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {cd6cbf1e-6786-11e4-825f-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {e6d772f0-fa56-11e4-8261-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-20] (AVAST Software)
Startup: C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-06-22]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 168.210.2.2 196.14.239.2
Tcpip\..\Interfaces\{290EC7AD-1445-480D-A04F-A1F7C70EF173}: [DhcpNameServer] 168.210.2.2 196.14.239.2
Tcpip\..\Interfaces\{2DE2FEA3-6B46-4870-967F-A3D0A56DA5D4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6965B23C-CD2F-42AA-959F-E29AA033569C}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshibamea.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-05-13] (Tencent)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-15] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-15] (AVAST Software)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]
CHR Extension: (Google Docs) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]
CHR Extension: (Google Drive) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (YouTube) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
CHR Extension: (Google Sheets) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-22]
CHR Extension: (Avast Online Security) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
CHR Extension: (Gmail) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-20] (AVAST Software)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 QQPCRtp; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-05-13] (Tencent)
U2 QQRepairf1f; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairf1f [147176 2016-06-22] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-22] ()
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-07-16] (TOSHIBA CORPORATION)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-20] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-05-18] (Tencent)
R2 qqsysmonx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-05-13] (电脑管家)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-05-13] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-22] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-05-13] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-05-13] (Tencent Technology(Shenzhen) Company Limited)
R3 TcHardWare; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCHW-x64.sys [16552 2016-05-13] (Tencent)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-05-13] (电脑管家)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-06-22] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-05-13] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-05-13] ()
R4 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-05-13] (电脑管家)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wirelessusbser; C:\Windows\system32\DRIVERS\3GDatausbser64.sys [120832 2009-11-09] (Haier Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-22 22:17 - 2016-06-22 22:18 - 00021173 _____ C:\Users\oliver\Desktop\FRST.txt
2016-06-22 10:33 - 2016-06-22 21:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-22 10:32 - 2016-06-22 21:57 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-22 10:32 - 2016-06-22 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-22 10:31 - 2016-06-22 10:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-22 10:31 - 2016-06-22 10:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-22 10:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-22 10:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-22 10:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-22 10:17 - 2016-06-22 10:20 - 00008555 _____ C:\Users\oliver\Desktop\Fixlog.txt
2016-06-22 10:17 - 2016-06-22 10:17 - 00000000 ____D C:\Users\oliver\Desktop\FRST-OlderVersion
2016-06-22 09:54 - 2016-06-22 21:56 - 00001291 _____ C:\Users\oliver\Desktop\Revo Uninstaller.lnk
2016-06-22 09:54 - 2016-06-22 09:54 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-06-22 09:54 - 2016-06-22 09:54 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-06-22 09:49 - 2016-06-22 09:33 - 22908888 _____ (Malwarebytes ) C:\Users\oliver\Desktop\mbam-setup-2.2.0.1024.exe
2016-06-22 09:49 - 2016-06-21 12:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\oliver\Desktop\revosetup.exe
2016-06-20 09:15 - 2016-06-22 21:57 - 00001987 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-06-20 09:15 - 2016-06-20 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-20 09:13 - 2016-06-20 09:13 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-06-20 09:12 - 2016-06-20 09:12 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-06-18 13:03 - 2016-06-22 21:56 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2016-06-18 13:03 - 2016-05-13 23:13 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-06-18 13:03 - 2016-05-13 23:13 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
2016-06-18 13:01 - 2016-06-22 21:55 - 00000000 ____D C:\ProgramData\TXQMPC
2016-06-18 12:47 - 2016-06-22 21:57 - 00002280 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-18 12:46 - 2016-06-18 12:45 - 03703360 _____ C:\Users\oliver\Desktop\AdwCleaner(1).exe
2016-06-18 12:42 - 2016-06-18 12:45 - 03703360 _____ C:\Users\oliver\Downloads\AdwCleaner(1).exe
2016-06-18 12:31 - 2016-06-22 22:16 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-18 12:31 - 2016-06-22 21:55 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-18 12:31 - 2016-06-20 10:27 - 00000000 ____D C:\Users\oliver\AppData\Local\Google
2016-06-18 12:31 - 2016-06-20 09:11 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-18 12:31 - 2016-06-20 09:11 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-18 12:29 - 2016-06-18 12:29 - 00987728 _____ (Google Inc.) C:\Users\oliver\Desktop\ChromeSetup.exe
2016-06-17 12:55 - 2016-06-18 12:57 - 00000000 ____D C:\AdwCleaner
2016-06-17 12:22 - 2016-06-17 12:22 - 00406618 _____ C:\Users\oliver\Downloads\TYRIS Organogram Mar 2015.pdf
2016-06-17 11:54 - 2016-06-17 12:27 - 44782080 _____ C:\Users\oliver\Downloads\AlwaysOn-WiFi.msi
2016-06-17 10:18 - 2016-06-17 10:05 - 01610816 _____ (Malwarebytes) C:\Users\oliver\Desktop\JRT.exe
2016-06-17 10:15 - 2016-06-17 10:16 - 03703360 _____ C:\Users\oliver\Downloads\AdwCleaner (1).exe
2016-06-17 10:14 - 2016-06-17 10:17 - 03703360 _____ C:\Users\oliver\Downloads\AdwCleaner.exe
2016-06-17 10:00 - 2016-06-17 10:05 - 01610816 _____ (Malwarebytes) C:\Users\oliver\Downloads\JRT.exe
2016-06-16 06:36 - 2016-06-22 21:57 - 00001899 _____ C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-06-15 22:49 - 2016-06-15 22:49 - 00000000 ____D C:\Users\oliver\AppData\Roaming\AVAST Software
2016-06-15 22:48 - 2016-06-22 21:57 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-15 22:48 - 2016-06-22 21:57 - 00001186 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-15 22:48 - 2016-06-22 10:23 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466023706
2016-06-15 22:47 - 2016-06-22 22:00 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-15 22:47 - 2016-06-20 09:13 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-06-15 22:47 - 2016-06-20 09:13 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-06-15 22:47 - 2016-06-20 09:13 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-06-15 22:47 - 2016-06-20 09:13 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-06-15 22:47 - 2016-06-20 09:13 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-06-15 22:47 - 2016-06-20 09:13 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-06-15 22:47 - 2016-06-20 09:13 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-06-15 22:47 - 2016-06-20 09:12 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-06-15 22:47 - 2016-06-20 09:12 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-06-15 22:46 - 2016-06-15 22:46 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-15 21:58 - 2016-06-15 21:58 - 00000000 ____D C:\Users\oliver\AppData\Roaming\PDF Software
2016-06-15 20:05 - 2016-06-15 20:05 - 00000000 ____D C:\Users\oliver\AppData\LocalLow\uTorrent
2016-06-15 19:01 - 2016-06-15 19:01 - 00000000 ____D C:\Users\oliver\AppData\Roaming\SUPERAntiSpyware.com
2016-06-15 11:35 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 11:35 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 11:34 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-15 11:34 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 11:34 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 11:34 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-15 11:34 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 11:28 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 11:28 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 11:28 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 11:28 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 11:28 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 11:28 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 11:28 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-06-15 11:28 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-15 11:28 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 11:28 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-15 11:28 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 11:28 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-06-15 11:28 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-06-15 11:28 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-06-15 11:28 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-06-15 11:28 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-06-15 11:28 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-06-15 11:28 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-06-15 11:28 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 11:28 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-15 11:28 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 11:28 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-06-15 11:28 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 11:28 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-15 11:28 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-15 11:28 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 11:28 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-15 11:28 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 11:28 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 11:28 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 11:28 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-06-15 11:28 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 11:28 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-06-15 11:28 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-15 11:28 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-15 11:28 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-15 11:28 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-15 11:28 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-15 11:28 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-15 10:19 - 2016-06-15 10:19 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043541421.html
2016-06-15 10:19 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 10:19 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-15 10:19 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 10:19 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 10:19 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 10:19 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 10:19 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 10:19 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:18 - 2016-06-15 10:18 - 00000073 _____ C:\WINDOWS\SysWOW64\EN_1043478453.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043488625.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043488218.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043485718.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043485218.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043479796.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043477031.html
2016-06-15 10:18 - 2016-06-15 10:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043476609.html
2016-06-15 10:18 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 10:18 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\us_1043430578.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043460046.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043456687.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1043431593.html
2016-06-15 10:17 - 2016-06-15 10:17 - 00000000 ____D C:\WINDOWS\SysWOW64\_tWm
2016-06-15 10:17 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-15 10:17 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-15 10:17 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 10:17 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 10:09 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-15 09:51 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 09:51 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 09:51 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 09:51 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 09:51 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 09:51 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 09:51 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 09:51 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-15 09:51 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-15 09:50 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 09:50 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 09:50 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 09:50 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 09:50 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 09:50 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 09:50 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 09:50 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 09:50 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 09:50 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 09:50 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 09:50 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 09:50 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 09:49 - 2016-06-15 09:49 - 01415179 _____ C:\Users\oliver\Downloads\gibela_supplier_day_get_on_board_presentation.pdf
2016-06-15 09:49 - 2016-06-15 09:49 - 00140782 _____ C:\Users\oliver\Downloads\gibela_supplier_specs_.pdf
2016-06-15 09:48 - 2016-06-15 09:48 - 00605642 _____ C:\Users\oliver\Downloads\gibela_8steps_factsheet.pdf
2016-06-15 09:48 - 2016-06-15 09:48 - 00283988 _____ C:\Users\oliver\Downloads\gibela_supplier_support.pdf
2016-06-15 09:37 - 2016-06-15 09:42 - 3354066944 _____ C:\Users\oliver\Downloads\Zootropolis[HowardMoore2016]byKenzo[dvd9].iso
2016-06-10 10:41 - 2016-06-10 10:41 - 09651146 _____ C:\Users\oliver\Downloads\1505111_Ramadaan_8Pg_Inland-8_compressed.pdf
2016-06-10 09:23 - 2016-06-10 09:23 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2016-06-06 11:17 - 2016-06-06 11:17 - 00007360 _____ C:\Users\oliver\Downloads\Walls09 21 16.23.3912_Shaft Wall_Elevator Door Rough Opening.pdf
2016-06-06 11:16 - 2016-06-06 11:16 - 00039417 _____ C:\Users\oliver\Downloads\Walls09 21 16.23.3910_Shaft Wall_Lobby Elevator Door Elevation.pdf
2016-06-06 11:15 - 2016-06-06 17:27 - 00015505 _____ C:\Users\oliver\Desktop\Meilijian-Erf- Dingani1.xlsx
2016-06-06 10:53 - 2016-06-06 10:53 - 00398495 _____ C:\Users\oliver\Downloads\WallsCEMCO SURE-BOARD 200W.pdf
2016-06-06 10:44 - 2016-06-06 10:44 - 02384017 _____ C:\Users\oliver\Downloads\Walls-shaft-wall-systems-catalog-en-SA926.pdf
2016-06-06 09:45 - 2016-06-06 09:46 - 00000000 ___DC C:\Users\oliver\AppData\Local\MigWiz
2016-06-05 09:27 - 2016-06-16 16:19 - 00000000 ____D C:\Users\oliver\Desktop\FlashDrive
2016-06-03 09:04 - 2016-06-15 13:22 - 798703020 _____ C:\Users\oliver\Downloads\[ www.UsaBit.com ] - Sofia the First The Floating Palace 2013 DVDRIP XVID AC3 ACAB.avi
2016-06-03 08:31 - 2016-06-03 08:31 - 00251202 _____ C:\Users\oliver\Desktop\KingdomPT.Profile.pdf
2016-06-01 13:14 - 2016-06-01 13:14 - 02031992 _____ (Microsoft Corporation) C:\Users\oliver\Desktop\MGADiag (1).exe
2016-06-01 13:14 - 2016-06-01 13:08 - 00468480 _____ () C:\Users\oliver\Desktop\CKScanner.exe
2016-05-30 09:46 - 2016-05-30 09:48 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-24 13:01 - 2016-05-24 13:05 - 00271415 _____ C:\Users\oliver\Desktop\QuotatonParkingCampaignParkingFloorCRST.pdf
2016-05-23 21:22 - 2016-05-23 21:22 - 00000000 ____D C:\Users\oliver\AppData\Local\Avg2015
2016-05-23 13:52 - 2016-05-23 13:53 - 00122409 _____ C:\Users\oliver\Downloads\FW__INQUIRY_ABOUT_SUBCONTRACTING_WORK_.zip.part
2016-05-23 13:48 - 2016-05-23 13:49 - 00207725 _____ C:\Users\oliver\Downloads\SEEKING_SUBCONTRACTING_WORK.zip
2016-05-23 09:45 - 2016-05-23 14:23 - 404512768 _____ C:\Users\oliver\Downloads\Lepoard Boot.cdr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-22 22:17 - 2016-05-20 12:28 - 00000000 ____D C:\FRST
2016-06-22 22:03 - 2014-10-20 11:25 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2472899907-1604452211-935407213-1001
2016-06-22 21:57 - 2016-05-18 09:44 - 00002286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-22 21:57 - 2016-03-12 09:44 - 00001134 _____ C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
2016-06-22 21:57 - 2016-02-24 09:31 - 00001884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-22 21:57 - 2016-02-24 09:31 - 00001878 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-22 21:57 - 2016-02-19 22:25 - 00002252 _____ C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2016-06-22 21:57 - 2015-05-20 22:30 - 00001990 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2016-06-22 21:57 - 2014-11-06 20:12 - 00001087 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-22 21:57 - 2014-10-20 10:34 - 00001762 _____ C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-22 21:57 - 2014-07-08 19:13 - 00002537 _____ C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2016-06-22 21:57 - 2014-03-29 21:59 - 00002777 _____ C:\Users\Public\Desktop\Vodafone SMS.lnk
2016-06-22 21:57 - 2014-03-29 21:59 - 00002777 _____ C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
2016-06-22 21:57 - 2014-03-29 20:50 - 00002769 _____ C:\Users\Public\Desktop\3G Voice Modem.lnk
2016-06-22 21:57 - 2014-03-29 14:41 - 00001300 _____ C:\Users\Public\Desktop\SugarSync Your Cloud.lnk
2016-06-22 21:57 - 2013-11-12 02:18 - 00002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-06-22 21:57 - 2013-11-12 02:18 - 00001632 _____ C:\Users\Public\Desktop\Microsoft Office.lnk
2016-06-22 21:57 - 2013-11-12 02:10 - 00002619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2016-06-22 21:57 - 2013-11-12 02:10 - 00002121 _____ C:\Users\Public\Desktop\Norton Online Backup ARA.lnk
2016-06-22 21:57 - 2013-11-12 02:07 - 00002041 _____ C:\Users\Public\Desktop\Manual.lnk
2016-06-22 21:57 - 2013-09-22 20:14 - 00001078 _____ C:\Users\Public\Desktop\Desktop Assist.lnk
2016-06-22 21:57 - 2013-09-22 20:12 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-06-22 21:56 - 2014-11-01 17:33 - 00000851 _____ C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-06-22 21:56 - 2014-10-20 11:26 - 00000879 _____ C:\Users\oliver\Desktop\Pictures - Shortcut.lnk
2016-06-22 21:56 - 2014-10-20 11:26 - 00000865 _____ C:\Users\oliver\Desktop\Videos - Shortcut.lnk
2016-06-22 21:56 - 2014-10-20 11:25 - 00000882 _____ C:\Users\oliver\Desktop\Documents - Shortcut.lnk
2016-06-22 21:55 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-22 21:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2016-06-22 11:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2016-06-22 11:30 - 2016-01-24 14:15 - 00000000 ____D C:\Users\oliver\Desktop\TodoFile
2016-06-22 10:24 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-22 10:17 - 2016-05-20 12:20 - 02387456 _____ (Farbar) C:\Users\oliver\Desktop\FRST64.exe
2016-06-21 09:20 - 2016-05-11 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-20 12:56 - 2013-09-22 19:59 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-20 11:23 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-20 11:22 - 2016-03-03 21:18 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-20 11:22 - 2016-03-03 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-20 11:22 - 2016-03-03 21:18 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-06-20 11:22 - 2014-11-06 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-06-18 13:14 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 13:14 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-18 13:04 - 2016-05-13 23:11 - 00000000 ____D C:\ProgramData\Tencent
2016-06-18 12:58 - 2016-05-18 09:32 - 00000000 ____D C:\WINDOWS\system32\log
2016-06-18 12:47 - 2016-05-17 10:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-18 12:44 - 2016-05-18 09:20 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-06-18 11:34 - 2016-02-19 22:27 - 00000000 ____D C:\Users\oliver\AppData\Local\Research In Motion
2016-06-18 11:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-17 11:49 - 2016-05-13 23:11 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Tencent
2016-06-17 11:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-06-17 09:36 - 2016-01-17 17:43 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-06-16 18:57 - 2013-08-22 16:44 - 00481208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 16:25 - 2016-03-03 22:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-16 16:25 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-06-16 16:21 - 2014-03-29 22:08 - 00000000 ____D C:\Users\oliver\Documents\zsoftware
2016-06-16 15:00 - 2014-11-06 20:13 - 00000000 ____D C:\Users\oliver\AppData\Roaming\vlc
2016-06-16 12:26 - 2014-10-20 17:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-16 12:22 - 2014-10-20 17:07 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-16 11:17 - 2016-02-20 16:13 - 00000000 ____D C:\Users\oliver\Desktop\SCREENSHOTS
2016-06-16 06:36 - 2014-10-31 23:20 - 00000000 ____D C:\Users\oliver\AppData\Roaming\uTorrent
2016-06-15 22:47 - 2016-03-08 20:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-15 22:16 - 2016-05-19 09:25 - 00000000 ____D C:\ProgramData\Avg
2016-06-15 22:16 - 2016-05-19 09:24 - 00000000 ____D C:\Users\oliver\AppData\Local\AvgSetupLog
2016-06-15 22:06 - 2016-05-19 18:38 - 00000000 ____D C:\ProgramData\MFAData
2016-06-15 20:04 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-15 12:36 - 2016-01-17 20:01 - 00000000 ____D C:\Users\oliver\Desktop\KingdomProjects
2016-06-14 19:13 - 2016-05-12 15:44 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 19:13 - 2016-05-12 15:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-06 16:07 - 2014-12-11 20:35 - 00123272 _____ C:\Users\oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-06 15:16 - 2014-03-29 21:40 - 00000000 ____D C:\Users\oliver\Documents\Sifiso100
2016-06-06 10:37 - 2016-05-13 23:18 - 00000000 ____D C:\Program Files (x86)\Cluudomclwuse
2016-06-06 10:36 - 2014-03-29 22:31 - 00000000 ____D C:\Users\oliver\Documents\DinganiFolder
2016-06-05 10:26 - 2016-01-17 17:43 - 00000000 __SHD C:\[Smad-Cage]
2016-06-03 18:15 - 2014-12-28 13:33 - 00000000 ____D C:\Users\oliver\AppData\Roaming\dvdcss
2016-06-03 11:44 - 2014-10-20 10:30 - 00000000 ____D C:\Users\oliver
2016-06-01 09:20 - 2016-03-03 22:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-06-01 09:20 - 2016-03-03 22:01 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-30 10:32 - 2016-02-03 21:25 - 00000000 ____D C:\Users\oliver\Desktop\Advertising Photos
2016-05-30 09:52 - 2013-09-23 05:37 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-26 11:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-23 09:05 - 2016-05-19 10:01 - 377196995 _____ C:\Users\oliver\Downloads\AVG Antivirus Pro 2015 15.0 Build 6081 (x86x64) Multilingual + Keys [4realtorrentz].rar

==================== Files in the root of some directories =======

2016-05-13 23:09 - 2016-05-13 23:09 - 6494208 _____ () C:\Users\oliver\AppData\Roaming\agent.dat
2016-05-13 23:08 - 2016-05-13 23:08 - 0127488 _____ () C:\Users\oliver\AppData\Roaming\Installer.dat
2016-05-13 23:09 - 2016-05-13 23:09 - 0018432 _____ () C:\Users\oliver\AppData\Roaming\Main.dat
2016-02-19 22:27 - 2016-04-30 08:20 - 0000385 _____ () C:\Users\oliver\AppData\Roaming\Rim.Desktop.Exception.log
2016-02-19 22:25 - 2016-02-19 22:25 - 0001111 _____ () C:\Users\oliver\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2016-02-19 22:27 - 2016-04-30 08:20 - 0000385 _____ () C:\Users\oliver\AppData\Roaming\Rim.DesktopHelper.Exception.log
2008-05-23 17:48 - 2008-05-23 17:48 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-06-23 13:02 - 2008-06-23 13:02 - 0097410 ____R () C:\ProgramData\DeviceManager.xml.rc4
2013-11-12 01:49 - 2013-11-12 01:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-21 09:35

==================== End of FRST.txt ============================

 

Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by oliver (2016-06-22 22:19:08)
Running from C:\Users\oliver\Desktop
Windows 8.1 Single Language (Update) (X64) (2014-10-20 08:34:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2472899907-1604452211-935407213-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2472899907-1604452211-935407213-501 - Limited - Disabled)
oliver (S-1-5-21-2472899907-1604452211-935407213-1001 - Administrator - Enabled) => C:\Users\oliver

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3G Voice Modem (HKLM-x32\...\InstallShield_{3A59AA92-8BAC-4795-B17A-5535ED4AA9FA}) (Version: 1.0 - 3G Voice)
3G Voice Modem (x32 Version: 1.0 - 3G Voice) Hidden
Adobe Reader XI (11.0.14)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.0.0.125 - Symantec Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.1.0000 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0282E1DB-AAF6-424A-9B54-45C0B4B6DED1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {21E2C840-A3A3-4435-9F8A-3FDCE35B4E0E} - System32\Tasks\TOSHIBA\HotKeysCmds => C:\Windows\system32\hkcmd.exe [2013-08-31] (Intel Corporation)
Task: {31D5CE8E-CD48-4A3F-9762-A9CAC96FCCD1} - System32\Tasks\TOSHIBA\TSVU => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [2013-07-23] (TOSHIBA)
Task: {495E3F97-7B83-4F5C-BF3D-9AD70267C6D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {5C4C6110-9EE4-4C06-8924-F039FB97128D} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {681C6E34-07E7-461F-97F0-C9DB36CB1659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {681D84BE-6314-4B16-A2EA-2BC39342FCEC} - System32\Tasks\TOSHIBA\TecoResident => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [2013-08-21] (TOSHIBA Corporation)
Task: {73BD0E52-F046-4631-9A48-4A61451D40F9} - System32\Tasks\SafeZone scheduled Autoupdate 1466023706 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {73FC3073-E28C-487E-B3AB-48A7AF63712A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {830B4638-C920-4C2C-9D2E-3F1D3C1651EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {981BC066-930D-462F-92CE-2A02D76B7AEE} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2013-08-13] (TOSHIBA Corporation)
Task: {9DDD543D-1FBD-497A-84EC-E2F98AB59F28} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {9F33B46A-AC92-4E96-8534-B7D4D54E4115} - System32\Tasks\TOSHIBA\IgfxTray => C:\Windows\system32\igfxtray.exe [2013-08-31] (Intel Corporation)
Task: {C608F8E3-75B2-4FB2-AA7D-1BE342D8E709} - System32\Tasks\TOSHIBA\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {E33D88D4-11E3-4789-BF91-D22C3F6666D6} - System32\Tasks\TOSHIBA\Persistence => C:\Windows\system32\igfxpers.exe [2013-08-31] (Intel Corporation)
Task: {EB28C38A-99FD-4ABB-853D-11CB19A3EB9C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {EED99CF8-AB10-4B59-B682-AFF4E6994054} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-20] (AVAST Software)
Task: {F661E3BE-4142-489B-BC8E-CF71EDF29E56} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {FEEC7355-F4C2-46CD-8E73-1B2959446EE5} - System32\Tasks\TOSHIBA\TCrdMain => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2013-08-17] (TOSHIBA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-13 04:52 - 2013-08-13 04:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-05-23 21:10 - 2016-05-23 21:10 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\5062f8f84e45fee3a39c25e1f72b3461\Windows.UI.ni.dll
2013-08-22 09:19 - 2013-08-22 08:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2016-05-23 21:09 - 2016-05-23 21:09 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\e2e1cd64b91b7395a96ebcde35a63a1c\Windows.Foundation.ni.dll
2012-02-22 14:31 - 2012-02-22 14:31 - 00233472 _____ () C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe
2016-05-13 23:13 - 2016-05-13 23:13 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\zlib.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00115904 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAntiInject.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00488640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\sqlite.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\tinyxml.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00046784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2016-05-13 23:17 - 2016-03-28 21:11 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2016-05-13 23:12 - 2016-02-28 00:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\oDayProtect.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00128192 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmrtpcontroller.dll
2016-06-20 09:12 - 2016-06-20 09:12 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-20 09:12 - 2016-06-20 09:12 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-22 11:39 - 2016-06-22 11:39 - 02939392 _____ () C:\Program Files\AVAST Software\Avast\defs\16062200\algo.dll
2016-06-20 09:12 - 2016-06-20 09:12 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-20 09:12 - 2016-06-20 09:12 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xImage.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\arkGraphic.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\GF.dll
2016-05-13 23:13 - 2016-05-13 23:13 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xGraphic32.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libpng.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libjpegturbo.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libexpatw.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgImage.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgIOStub.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00169152 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmhipslogpolicy.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00083136 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\MemDefrag.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00337088 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\DlForQd.dll
2016-05-13 23:12 - 2016-05-13 23:12 - 00251072 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMWlanMacDll.dll
2013-11-12 01:43 - 2013-09-03 17:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-15 22:47 - 2016-06-15 22:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-06-22 22:06 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\oliver\Desktop\2015 Jan -Mar\2015 Photoz\20150816_141156.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AFA7664F-4339-4BFF-BEA5-E4348581EA7F}] => (Allow) C:\Users\oliver\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4FC6104F-5332-4C91-B6F9-865E9ED9A7DB}] => (Allow) C:\Users\oliver\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2991F92C-F468-4A74-8C63-B231ADA46514}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8F9E0023-9C48-4536-A04B-2B81667B9012}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{3693C593-2BCB-4353-B1DA-3CF65A170CAA}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{286332D7-CAFA-4DC1-AD56-C19A5CC5DC4E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{9EF185E1-B126-4718-B7FC-AAA0B4BADD16}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{A6794C50-F486-4611-B3F9-F08E2BE1CD77}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{29E6EA8B-2EE2-4AB6-B4D9-98F656DE21F3}] => (Allow) LPort=4481
FirewallRules: [{A3E5BB69-CD2F-4054-80A6-2CD4148B492D}] => (Allow) LPort=4481
FirewallRules: [{28D15ECE-0217-476C-95FD-48B398B08C95}] => (Allow) LPort=4482
FirewallRules: [{4AC3ACA7-6174-4851-840A-5411A0DB2F63}] => (Allow) LPort=4482
FirewallRules: [{5063CBF1-D5FE-4F16-972D-3D8A7B9ABEE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3984F31-D74F-4D54-BE56-4B973327C5C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CA2530F3-785D-42F6-9D2A-3D6B96CCC625}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{F6AC9B01-1EFD-40BA-8EA8-3A72D0C89CB4}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{7AAD88D3-89A9-4BB5-8436-0329BEDBE951}] => (Allow) C:\Users\oliver\AppData\Local\Temp\113257328\download\MiniThunderPlatform.exe
FirewallRules: [{2901F26E-F099-4876-AB35-91F5B26262DC}] => (Allow) C:\Users\oliver\AppData\Local\Temp\113257328\download\MiniThunderPlatform.exe
FirewallRules: [{AD563E48-9E59-4538-8BE8-2688FBBFF20F}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe
FirewallRules: [{D7C74366-A051-41F7-9E0C-D63025416878}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe
FirewallRules: [{C2D35217-18D0-466A-A347-E2CB4EC7EF94}] => (Allow) C:\Program Files (x86)\Weness\Update\WenessUpdate.exe
FirewallRules: [{F9024118-639E-4682-BA33-9EA7328E342A}] => (Allow) C:\Program Files (x86)\Weness\Application\chrome.exe
FirewallRules: [{745C808F-7CE7-48E6-A3BC-EEC01EF33F49}] => (Allow) C:\ProgramData\Weness\Weness.exe
FirewallRules: [{4B2962B3-13BA-49AE-AFC8-307FF0E9C72E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{61E0F9D5-6EB0-44E3-B264-84F818F47E92}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => (Block) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [UDP Query User{8A7B1454-D509-4BF1-8AED-CBB484C642FE}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => (Block) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe

==================== Restore Points =========================

01-06-2016 09:12:46 Scheduled Checkpoint
12-06-2016 20:26:22 Scheduled Checkpoint
16-06-2016 12:21:44 Windows Update
17-06-2016 10:19:38 JRT Pre-Junkware Removal
20-06-2016 11:22:00 Windows Update
22-06-2016 09:58:03 Revo Uninstaller's restore point - SafeFinder
22-06-2016 10:17:32 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2016 09:55:33 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/22/2016 09:11:37 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (06/22/2016 09:11:35 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (06/22/2016 12:44:57 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (06/22/2016 12:44:55 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (06/22/2016 11:37:41 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/22/2016 10:23:24 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (06/22/2016 10:17:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Firewall since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/22/2016 09:58:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Firewall since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/22/2016 09:24:34 AM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser


System errors:
=============
Error: (06/22/2016 09:56:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


Error: (06/22/2016 09:56:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


Error: (06/22/2016 09:12:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


Error: (06/22/2016 09:12:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


Error: (06/22/2016 09:11:34 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/22/2016 02:25:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


Error: (06/22/2016 02:25:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


Error: (06/22/2016 12:44:54 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/22/2016 11:38:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.


Error: (06/22/2016 11:38:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5 = Access is denied.



CodeIntegrity:
===================================
  Date: 2016-05-10 17:35:15.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 20:01:23.310
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-24 22:48:43.375
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-19 10:39:53.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-11 11:03:19.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 1037U @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 3975.27 MB
Available physical RAM: 2134.02 MB
Total Virtual: 4807.27 MB
Available Virtual: 2775.82 MB

==================== Drives ================================

Drive c: (TI31142400B) (Fixed) (Total:454.84 GB) (Free:206.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#27
Machiavelli
Posted 24 June 2016 - 03:24 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I think you got an heavier infections than I previously thought.

 

STEP 1
aA7bkRO.png aswMBR

  • Please download aswMBR and save the file to your Desktop
  • Temporarily disable your Anti-Virus software. For instructions, please refer to the following link.
  • Right-click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears. 
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop. 
  • Re-enable your Anti-Virus software.
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT delete the file.


  • 0

#28
dbreeze
Posted 27 June 2016 - 01:10 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Machiavelli asked me to assist you; they are away for some time now.

 

Please post the aswMBR logs and I will review all material shortly with fresh directions. 

 

Are there any new errors or malicious activities or just the ones you started with?

 

Thank you.

 

 

I have a few other questions for you (after reading the entire thread):

 

Are you receiving assistance from another source?

 

Can you tell me the name of this AntiVirus please?  AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}

 

Who told you to install yet a 3rd AntiVirus on the system?  Along with the above, there is now Avast and Norton on your system. ????


  • 0

#29
Frank Noko
Posted 27 June 2016 - 03:50 AM

Frank Noko

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi dbreeze

 

(A) ANSWERS TO QUESTIONS

 

Are you receiving assistance from another source?

I am currently not receiving any assistance from any other source besides Machiavelli

Can you tell me the name of this AntiVirus please?  AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}. Im not quite sure about the name of the virus but its should: Tencent\QQPCMgr. I cant find it in the control panel. Its programs keeps tract of all my downloads

 

Who told you to install yet a 3rd AntiVirus on the system?  Along with the above, there is now Avast and Norton on your system. ????. I installed Avast as i had the antivirus. Norton is not operational on my computer.When I try to uninstall Norton i get the following message: "This program has compatibility issues- u can get help from the Microsoft website............... . When i go on the Microsoft website I get the following message: No solution found for Norton Internet Security ver.2009-----Windows will notify you when solutions become available

 

aswMBR logs

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2016-06-27 11:05:45
-----------------------------
11:05:45.378    OS Version: Windows x64 6.2.9200 
11:05:45.378    Number of processors: 2 586 0x3A09
11:05:45.380    ComputerName: TOSHIBA  UserName: oliver
11:06:17.302    Initialze error C0000160 - driver not loaded
11:17:50.523    Service scanning
11:18:04.959    Modules scanning
11:18:04.972    Disk 0 trace - called modules:
11:18:04.979    
11:18:04.985    Scan finished successfully
11:18:55.350    The log file has been saved successfully to "C:\Users\oliver\Desktop\aswMBR.txt"

  • 0

#30
dbreeze
Posted 27 June 2016 - 04:04 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you for the information.  I was just trying to get a handle on what is happening.

 

FIRST >>>>

 

Let's see about removing the defunct Norton product from your system.

Please download the Norton Removal Tool from here to your desktop.  Double click on the file and follow the prompts. 

If the tool states it needs to be run in Safe Mode, allow it and the the tool will handle rebooting into Safe Mode for the removal. 

Once the tool is finished, reboot your system before moving onto the next steps.

 

 

SECOND >>>>

 

You have many remains of McAfee Security on your system.  Please follow the instructions here to download the removal tool and clean your system.

 

 

THIRD >>>>

 

FRST Fixlist script run

 

Download the attached fixlist.txt file and save it to the Desktop.  Attached File  Fixlist.txt   7.33KB   257 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by double clicking on the FRST64.exe file.  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
 

 

Information to Reply with >>>>

  • How did the Norton removal proceed?  Any problems with that?
  • How did the McAfee removal proceed?  Any problems with that?
  • The Fixlog.txt log file text.
  • How is your system running now?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP