Hello,
please help! I use Avast on a daily basis but recently ran also Emsisoft Anti-Malware which detected a Trojan and I can't remove it. I ran today Emsisoft Emergency Kit and FRST.
Emsisoft Emergency Kit - Version 9.0
Last update: 2015-03-19 18:32:44
User account: Misia-PC\Misia
Scan settings:
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 2015-03-19 18:36:29
C:\Windows\System32\Drivers\SPPD.sys detected: Trojan.Generic.12423990 (B)
C:\Program Files\Searchprotect detected: Application.AppInstall (A)
C:\ProgramData\apn detected: Application.AppInstall (A)
C:\Users\Misia\AppData\Local\Temp\apn detected: Application.Win32.WebToolbar (A)
C:\Users\Misia\AppData\Local\Temp\apn detected: Application.Win32.WebToolbar (A)
C:\Users\Misia\AppData\Local\Searchprotect detected: Application.AppInstall (A)
C:\Users\Misia\AppData\Roaming\OpenCandy detected: Application.AppInstall (A)
C:\ProgramData\AskPartnerNetwork detected: Application.InstallAd (A)
C:\Program Files\AskPartnerNetwork detected: Application.InstallAd (A)
C:\Users\Misia\AppData\Local\AskPartnerNetwork detected: Application.InstallAd (A)
C:\Windows\system32\config\systemprofile\AppData\Local\AskPartnerNetwork detected: Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> APNTBMON detected: Application.AdStart (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\APNMCP detected: Application.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WPM detected: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\ASKPARTNERNETWORK detected: Application.InstallAd (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1317920439-1838765418-1983103953-1000\SOFTWARE\ASKPARTNERNETWORK detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1317920439-1838765418-1983103953-1000.BA\SOFTWARE\ASKPARTNERNETWORK detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\ASKPARTNERNETWORK detected: Application.InstallAd (A)
C:\Windows\System32\drivers\SPPD.sys detected: Trojan.Generic.12423990 (B)
Scanned 148159
Found 20
Scan end: 2015-03-19 19:06:56
Scan time: 0:30:27
******************************************************************************
******************************************************************************
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Misia at 2015-03-19 19:18:35
Running from C:\Users\Misia\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AC3Filter 2.5b (HKLM\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.5.1 - Airytec)
Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{3CA0D836-B5E7-463D-A1C5-9F49B3E3EDE6}) (Version: 2.20.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Espańol para ti (HKLM\...\Espańol para ti) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F2200 (Version: 100.0.206.000 - Nazwa firmy) Hidden
F2200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{D77D43B5-ED55-426b-B67B-E21F804F6102}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.5100 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.5100 - Lenovo.)
Lenovo EasyCamera (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.32.703.11 - Lenovo EasyCamera)
Lenovo EasyCamera (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.4.1.4 - Silicon Motion)
LG United Mobile Drivers (HKLM\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Matroska Pack (remove only) (HKLM\...\Matroska Pack) (Version: - )
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 21.0 (x86 pl) (HKLM\...\Mozilla Firefox 21.0 (x86 pl)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAPIPROJEKT 1.0.6.2 (HKLM\...\NAPIPROJEKT_is1) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PITy2013 IPS 1.5.5.0 kompilacja:1.5.5.1 (HKLM\...\PITy2013IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Real Alternative 1.8.0 (HKLM\...\RealAlt_is1) (Version: 1.8.0 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20109 - Realtek Semiconductor Corp.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
Settings Manager (HKLM\...\Settings Manager) (Version: 5.0.0.12692 - Aztec Media Inc) <==== ATTENTION
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skype™ 4.0 (HKLM\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.206 - Skype Technologies S.A.)
Sleipnir Version 4.4.2 (HKLM\...\FenrirSleipnirV3_is1) (Version: 4.4.2 - Fenrir Inc.)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - ENE (enecir) HIDClass (11/19/2008 2.7.0.2) (HKLM\...\4EFD6E835D0DD6220DB8126E6447DF7E798781BE) (Version: 11/19/2008 2.7.0.2 - ENE)
XviD-1.0-Beta3 Video Codec 26122003 (Koepi's developer build) (HKLM\...\XviD) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
06-03-2015 10:02:17 Installed calibre
06-03-2015 18:28:40 Windows Update
08-03-2015 10:38:32 Removed Unified Remote
08-03-2015 10:42:47 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-03-2015 10:43:46 Device Driver Package Install: Unified Intents AB Human Interface Devices
09-03-2015 19:54:31 avast! antivirus system restore point
10-03-2015 10:46:06 Windows Update
11-03-2015 12:00:27 Windows Update
15-03-2015 11:58:20 Installed Remote Control Server.
15-03-2015 12:14:37 Installed Remote Control Server.
15-03-2015 23:25:33 Removed Remote Control Server.
15-03-2015 23:33:20 Device Driver Package Install: Monect Human Interface Devices
15-03-2015 23:56:30 Installed Splashtop Streamer.
17-03-2015 00:47:15 Scheduled Checkpoint
17-03-2015 09:21:17 Windows Update
17-03-2015 09:59:37 Removed Splashtop Streamer.
18-03-2015 18:16:19 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {245C0C7D-2FC0-400F-BCB7-9E7C1FF46127} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-27] (AVAST Software)
Task: {3A709AE1-DA33-49DD-8211-D1C4903D79C5} - System32\Tasks\{71D65B9E-BA39-4D80-8AD0-B42832009B51} => c:\program files\fenrir inc\sleipnir\bin\sleipnir.exe [2015-03-08] (Fenrir Inc.)
Task: {57771B6C-60F6-40E7-B197-DDF37A772126} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {7B7142A5-9445-43DB-B236-4B4218E28A50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {E1BD7B30-667B-45EF-A06D-B8878DCABB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19] (Adobe Systems Incorporated)
Task: {F306E9D4-9AB2-4754-ABBB-A90A93ACD877} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {F694E081-6E09-4323-A95A-29CE1DC7AB07} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-04-02 19:48 - 2014-07-27 20:13 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-03-19 10:01 - 2015-03-19 10:01 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031900\algo.dll
2008-08-26 11:48 - 2008-08-26 11:48 - 00126976 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2014-02-21 21:04 - 2014-07-27 20:13 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-04 22:08 - 2015-03-04 22:08 - 00750080 _____ () C:\Users\Misia\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-19 17:18 - 2015-03-19 17:18 - 00043008 _____ () c:\users\misia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptbifv9.dll
2015-03-04 22:08 - 2015-03-04 22:08 - 00047616 _____ () C:\Users\Misia\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:08 - 2015-03-04 22:08 - 00865280 _____ () C:\Users\Misia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:07 - 2015-03-04 22:07 - 00200704 _____ () C:\Users\Misia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:3ED99525
AlternateDataStreams: C:\Users\Misia\Desktop\laptok help.odt:com.dropbox.attributes
AlternateDataStreams: C:\Users\Misia\Desktop\shopping list.odt:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Misia\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1317920439-1838765418-1983103953-500 - Administrator - Disabled)
Guest (S-1-5-21-1317920439-1838765418-1983103953-501 - Limited - Disabled)
Misia (S-1-5-21-1317920439-1838765418-1983103953-1000 - Administrator - Enabled) => C:\Users\Misia
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/19/2015 05:42:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 7.0.6002.18005, time stamp 0x49e01e78, faulting module MSVCR110.dll, version 11.0.51106.1, time stamp 0x5098858e, exception code 0xc0000005, fault offset 0x0000e562,
process id 0x758, application start time 0xiexplore.exe0.
Error: (03/18/2015 06:16:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {1470e5e7-1137-48a4-b884-66871d6ad906}
Error: (03/17/2015 10:27:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 40.0.2214.115, time stamp 0x54f53ba9, faulting module chrome.dll, version 40.0.2214.115, time stamp 0x54f53b6c, exception code 0xc0000005, fault offset 0x0043788f,
process id 0x13a4, application start time 0xchrome.exe0.
Error: (03/17/2015 09:59:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {4897ed81-7172-4ebf-b15d-51532b44db0e}
Error: (03/17/2015 09:21:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a5566942-5cfe-48e9-8e6a-681e6fde7542}
Error: (03/17/2015 00:47:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {10752a21-b766-4b29-b94d-5f26ec97baa1}
Error: (03/15/2015 11:56:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {260f352c-68e3-4537-bc2a-c47e2a984126}
Error: (03/15/2015 11:33:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {fa8918cf-9a18-42d7-993b-440527074bac}
Error: (03/15/2015 11:25:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e5cba885-2a05-4497-9529-56bb00236604}
Error: (03/15/2015 00:14:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {4aac8e49-958c-4dae-992b-6b0f9eca62e5}
System errors:
=============
Error: (03/19/2015 06:26:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: cleanhlp%%183
Error: (03/19/2015 05:17:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (03/19/2015 05:17:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (03/19/2015 05:16:14 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.6 for the Network Card with network address 0022FAE620A4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (03/18/2015 05:40:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (03/18/2015 05:40:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (03/18/2015 05:38:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:03:47 on 2015-03-18 was unexpected.
Error: (03/18/2015 09:38:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (03/18/2015 09:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (03/18/2015 09:35:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:24:54 on 2015-03-17 was unexpected.
Microsoft Office Sessions:
=========================
Error: (03/19/2015 05:42:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe7.0.6002.1800549e01e78MSVCR110.dll11.0.51106.15098858ec00000050000e56275801d0626c1262bf56
Error: (03/18/2015 06:16:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {1470e5e7-1137-48a4-b884-66871d6ad906}
Error: (03/17/2015 10:27:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11554f53ba9chrome.dll40.0.2214.11554f53b6cc00000050043788f13a401d060ef8d0e5b84
Error: (03/17/2015 09:59:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {4897ed81-7172-4ebf-b15d-51532b44db0e}
Error: (03/17/2015 09:21:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a5566942-5cfe-48e9-8e6a-681e6fde7542}
Error: (03/17/2015 00:47:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {10752a21-b766-4b29-b94d-5f26ec97baa1}
Error: (03/15/2015 11:56:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {260f352c-68e3-4537-bc2a-c47e2a984126}
Error: (03/15/2015 11:33:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {fa8918cf-9a18-42d7-993b-440527074bac}
Error: (03/15/2015 11:25:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e5cba885-2a05-4497-9529-56bb00236604}
Error: (03/15/2015 00:14:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {4aac8e49-958c-4dae-992b-6b0f9eca62e5}
CodeIntegrity Errors:
===================================
Date: 2015-03-10 21:58:07.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:07.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:06.971
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:06.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:06.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:05.778
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:05.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:05.001
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:04.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-10 21:58:04.094
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\TeamViewer\Version9\tv_w32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3065.86 MB
Available physical RAM: 1443.67 MB
Total Pagefile: 6335.98 MB
Available Pagefile: 4666.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:136.5 GB) (Free:50.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lenovo) (Fixed) (Total:30.38 GB) (Free:27.97 GB) NTFS
Drive e: (Moje) (Fixed) (Total:116.45 GB) (Free:95.46 GB) NTFS
Drive f: () (Fixed) (Total:14.65 GB) (Free:5.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 04AC1E08)
Partition 1: (Active) - (Size=136.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
******************************************************************************
******************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Misia (administrator) on MISIA-PC on 19-03-2015 19:17:23
Running from C:\Users\Misia\Desktop
Loaded Profiles: Misia (Available profiles: Misia)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser path: "C:\Program Files\Fenrir Inc\Sleipnir\bin\Sleipnir.exe")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Misia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-24] (Synaptics Incorporated)
HKLM\...\Run: [tuto4pc_pl_5] => [X]
HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [VDownloader] => E:\Program Files\VDownloader\VDownloader.exe [879104 2012-12-20] (Vitzo)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4885584 2015-03-02] (Emsisoft GmbH)
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\Run: [Unified Remote v2] => E:\Program Files\unified remote\RemoteServer.exe
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\Run: [Unified Remote V3] => E:\Program Files\Unified Remote 3\RemoteServerWin.exe
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\Run: [Remote Mouse] => C:\Program Files\Remote Mouse\RemoteMouse.exe
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\RunOnce: [Application Restart #2] => C:\Users\Misia\AppData\Roaming\Fenrir Inc\Sleipnir\~temp\plugins\ChromiumEngine\chrome.exe [692760 2015-03-08] (Fenrir Inc.)
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\MountPoints2: {7d1f04f6-6ce6-11e4-93ea-002556eadcf9} - H:\LG_PC_Programs.exe
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\MountPoints2: {d5b27db0-980b-11e4-bb8c-002556eadcf9} - H:\LGAutoRun.exe
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\...\MountPoints2: {e9879b4c-6d34-11e3-b8a1-002556eadcf9} - H:\LGAutoRun.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll File Not Found
AppInit_DLLs: C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll => C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Misia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Misia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Misia\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1317920439-1838765418-1983103953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EGB&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_dbr=ie&apn_uid=FDADA64B-1277-442B-BEEA-2E476EC171C2&itbv=12.23.0.15&doi=2015-01-24&psv=&pt=tb
URLSearchHook: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=100&itype=n&ver=12692&tm=380&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^GB&gct=sb&itbv=12.23.0.15&apn_uid=FDADA64B-1277-442B-BEEA-2E476EC171C2&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^GB&apn_dbr=ie&doi=2015-01-24&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^GB&gct=sb&itbv=12.23.0.15&apn_uid=FDADA64B-1277-442B-BEEA-2E476EC171C2&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^GB&apn_dbr=ie&doi=2015-01-24&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?sid=503&aid=100&itype=n&ver=12692&tm=380&src=ds&p={searchTerms}
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2015-01-30] (APN LLC.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-27] (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2015-01-30] (APN LLC.)
Toolbar: HKU\S-1-5-21-1317920439-1838765418-1983103953-1000 -> Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2015-01-30] (APN LLC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2009-02-04] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Misia\AppData\Roaming\Mozilla\Firefox\Profiles\6u3pktpn.default
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M5C91F26E-BFA3-471E-B177-663BF6489A09&SearchSource=55&CUI=&UM=6&UP=SP55EA8C65-F3C6-4849-A287-CD7C66AB200C&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M5C91F26E-BFA3-471E-B177-663BF6489A09&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP55EA8C65-F3C6-4849-A287-CD7C66AB200C
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> E:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> E:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> E:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> E:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Misia\AppData\Roaming\Mozilla\Firefox\Profiles\6u3pktpn.default\searchplugins\trovi-search.xml [2014-11-24]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\default-search.xml [2014-06-16]
FF Extension: Settings Manager - C:\Users\Misia\AppData\Roaming\Mozilla\Firefox\Profiles\6u3pktpn.default\Extensions\{2CE20D27-2234-2E54-FE97-279239B29585} [2014-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Pres