TechSpot

Malware Removal

By amasud17
Apr 30, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
    Ran by Home (administrator) on HOME-PC on 30-04-2015 17:45:57
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home (Available profiles: Home)
    Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1529128 2009-04-30] (Synaptics Incorporated)
    HKU\S-1-5-21-1842446025-2463305157-3835274049-1001\...\Run: [GoogleChromeAutoLaunch_F8F9C1389199C5D42EF0F1FE1D081D59] => c:\program files\google\chrome\application\chrome.exe [812872 2015-04-28] (Google Inc.)
    AppInit_DLLs: acaptuser32.dll => C:\Windows\system32\acaptuser32.dll [111992 2008-06-12] (Adobe Systems, Inc.)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Olly Murs Heart Skips A Beat.mp3.lnk [2015-02-17]
    ShortcutTarget: Olly Murs Heart Skips A Beat.mp3.lnk -> C:\ProgramData\{74f4c6aa-575f-9ed8-74f4-4c6aa5751aa9}\Olly Murs Heart Skips A Beat.mp3.exe ()
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Good Wife S06E20 HDTV x264 LOL[ettv].lnk [2015-04-27]
    ShortcutTarget: The Good Wife S06E20 HDTV x264 LOL[ettv].lnk -> C:\ProgramData\{ebc87c56-ac1f-ae48-ebc8-87c56ac1f15a}\The Good Wife S06E20 HDTV x264 LOL[ettv].exe ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1842446025-2463305157-3835274049-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-30] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-30] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1420380150&from=amt&uid=TOSHIBAXMK5055GSX_69BFC38NTXX69BFC38NT"
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
    CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
    CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-06]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-06]
    CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-06]
    CHR Extension: (Google Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
    CHR Extension: (Bookmark Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-30]
    CHR Extension: (DeAlSpace) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbkoioabaoihmoeelhbcpcclafimfh [2015-04-30]
    CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-06]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 b2925b79; c:\Program Files\StatEngine\StatEngine.dll [1949184 2015-04-30] () [File not signed]
    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-01-14] (Macrovision Europe Ltd.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
    S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [685568 2013-11-11] () [File not signed]
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
    S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
    S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1208832 2013-09-30] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [107648 2013-08-22] (Microsoft Corporation)
    S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
    S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
    R3 NETwNs32; C:\Windows\system32\DRIVERS\NETwNs32.sys [7518208 2013-06-18] (Intel Corporation)
    R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
    R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
    R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-30 17:45 - 2015-04-30 17:46 - 00009944 _____ () C:\Users\Home\Downloads\FRST.txt
    2015-04-30 17:45 - 2015-04-30 17:45 - 01140736 _____ (Farbar) C:\Users\Home\Downloads\FRST.exe
    2015-04-30 17:45 - 2015-04-30 17:45 - 00002259 _____ () C:\Windows\epplauncher.mif
    2015-04-30 17:45 - 2015-04-30 17:45 - 00000000 ____D () C:\FRST
    2015-04-30 17:45 - 2015-04-30 17:45 - 00000000 ____D () C:\6f2736b4a9cc2557e2240a050bf33f89
    2015-04-30 17:43 - 2015-04-30 17:44 - 11530032 _____ (Microsoft Corporation) C:\Users\Home\Downloads\mseinstall.exe
    2015-04-30 17:34 - 2015-04-30 17:34 - 00000000 ____D () C:\ProgramData\AdBlocker Manger
    2015-04-30 17:17 - 2015-04-30 17:17 - 00002225 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-30 17:17 - 2015-04-30 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-04-30 17:16 - 2015-04-30 17:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-30 17:16 - 2015-04-30 17:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-30 17:11 - 2015-04-30 17:12 - 00000000 ____D () C:\ProgramData\95d70d850000301a
    2015-04-30 17:11 - 2015-04-30 17:11 - 00000000 ____D () C:\Program Files\StatEngine
    2015-04-30 17:06 - 2015-04-30 17:06 - 06240645 _____ () C:\Users\Home\Downloads\c1pastpaper.zip
    2015-04-30 16:21 - 2015-04-30 16:21 - 00000000 ____D () C:\ProgramData\f9429f3000007505
    2015-04-30 16:20 - 2015-04-30 16:20 - 00000000 ____D () C:\ProgramData\{eb63d2aa-eab4-3bd5-eb63-3d2aaeab4aab}
    2015-04-30 15:41 - 2015-04-30 16:48 - 00000000 ____D () C:\Program Files\KEEpersExte
    2015-04-30 15:40 - 2015-04-30 15:40 - 00000000 ____D () C:\Program Files\DealNoDeal
    2015-04-27 16:14 - 2015-04-27 16:17 - 209057419 _____ () C:\Users\Home\Downloads\the.good.wife.620.hdtv-lol.mp4
    2015-04-27 16:11 - 2015-04-30 16:11 - 00000408 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
    2015-04-27 16:11 - 2015-04-28 16:11 - 00000000 ____D () C:\ProgramData\{ebc87c56-ac1f-ae48-ebc8-87c56ac1f15a}
    2015-04-27 16:11 - 2015-04-27 16:11 - 00000000 ____D () C:\ProgramData\bnondlokmlgokafpnfopifdcmcmihpnc
    2015-04-26 12:18 - 2015-04-26 12:33 - 00189952 _____ () C:\Users\Home\Downloads\Local Accounts.xls
    2015-04-26 11:17 - 2015-04-26 11:17 - 03061682 _____ () C:\Users\Home\Downloads\Book1.xlsx
    2015-04-18 00:40 - 2015-04-18 00:40 - 00000736 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
    2015-04-16 22:07 - 2015-04-16 22:07 - 00000000 ____D () C:\Users\Home\Downloads\GCSE-Mathematics A (2010) (Current)-June 2014.pastpapers
    2015-04-13 11:32 - 2015-04-13 11:32 - 00000958 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\30 days.lnk
    2015-04-11 23:23 - 2015-04-11 23:23 - 00625664 _____ () C:\Users\Home\Desktop\Accounts.xls

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-30 17:38 - 2015-02-26 20:31 - 00000020 _____ () C:\Users\Home\AppData\Roaming\appdataFr3.bin
    2015-04-30 17:27 - 2015-01-15 05:20 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Skype
    2015-04-30 17:27 - 2015-01-14 12:46 - 01622357 _____ () C:\Windows\WindowsUpdate.log
    2015-04-30 17:17 - 2015-01-14 14:01 - 00000000 ____D () C:\Program Files\Google
    2015-04-30 17:15 - 2015-02-05 10:43 - 00000000 ___RD () C:\Users\Home\SkyDrive
    2015-04-30 17:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\system32\sru
    2015-04-30 17:13 - 2013-08-22 08:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-30 17:13 - 2013-08-22 07:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-04-30 17:12 - 2015-01-15 05:38 - 00000000 ____D () C:\Windows\system32\appmgmt
    2015-04-30 16:48 - 2013-09-29 21:01 - 00005464 _____ () C:\Windows\PFRO.log
    2015-04-30 16:47 - 2015-01-17 21:16 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
    2015-04-30 15:41 - 2015-03-06 12:49 - 00000000 ____D () C:\ProgramData\10554098507610406551
    2015-04-30 14:53 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-04-29 15:34 - 2015-01-20 19:53 - 00010961 _____ () C:\Users\Home\Desktop\Missed Classes.xlsx
    2015-04-27 12:06 - 2015-03-10 19:33 - 00000000 ____D () C:\Users\Home\Downloads\Certificates
    2015-04-26 19:55 - 2015-01-14 13:39 - 00000000 ____D () C:\Users\Home\Downloads\Maths Doctor
    2015-04-24 19:16 - 2015-01-15 05:19 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-20 00:52 - 2015-01-14 12:53 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-20 00:51 - 2013-08-22 08:23 - 00024327 _____ () C:\Windows\setupact.log
    2015-04-18 20:07 - 2015-01-20 17:47 - 00622592 _____ () C:\Users\Home\Desktop\Stocks.accdb
    2015-04-17 11:14 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\AppReadiness
    2015-04-15 15:35 - 2015-01-14 13:15 - 00000000 ____D () C:\Users\Home\AppData\Local\Microsoft Help
    2015-04-15 05:06 - 2015-01-14 12:46 - 00000000 ____D () C:\Users\Home
    2015-04-11 12:47 - 2015-02-17 15:45 - 00000000 ____D () C:\ProgramData\{74f4c6aa-575f-9ed8-74f4-4c6aa5751aa9}
    2015-04-10 00:08 - 2015-01-14 14:03 - 00000000 ____D () C:\Users\Home\Downloads\The Big Bang Theory
    2015-04-02 12:25 - 2015-01-17 21:20 - 00000000 ____D () C:\Users\Home\Downloads\IS

    ==================== Files in the root of some directories =======

    2015-02-26 20:31 - 2015-04-30 17:38 - 0000020 _____ () C:\Users\Home\AppData\Roaming\appdataFr3.bin
    2015-04-30 16:21 - 2015-04-30 16:35 - 0011340 _____ () C:\Users\Home\AppData\Local\Temp-log.txt

    Some content of TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\6427434880618589048.exe
    C:\Users\Home\AppData\Local\Temp\6660.exe
    C:\Users\Home\AppData\Local\Temp\847A95369FEd.exe
    C:\Users\Home\AppData\Local\Temp\A1B0.exe
    C:\Users\Home\AppData\Local\Temp\A828.exe
    C:\Users\Home\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-24 11:13

    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2015 01
    Ran by Home at 2015-04-30 17:46:52
    Running from C:\Users\Home\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1842446025-2463305157-3835274049-500 - Administrator - Disabled)
    Guest (S-1-5-21-1842446025-2463305157-3835274049-501 - Limited - Disabled)
    Home (S-1-5-21-1842446025-2463305157-3835274049-1001 - Administrator - Enabled) => C:\Users\Home

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1842446025-2463305157-3835274049-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    AdBlocker Manger (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - AdBlocker Manger) <==== ATTENTION
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
    DealNoDeal (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version: - DealNoDeal) <==== ATTENTION
    Dot4 (HKLM\...\{FF359AAB-AA6A-449F-B75F-21201CD86495}) (Version: 1.0.0.0 - HP)
    Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
    K-Lite Codec Pack 10.9.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
    KMSpico v9.0.5.20131111 (HKLM\...\KMSpico_is1) (Version: 9.0.5.20131111 - )
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    StatEngine (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b2925b79}) (Version: - Software Publisher) <==== ATTENTION
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.0.4.0 - Synaptics Incorporated)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1842446025-2463305157-3835274049-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Home\AppData\Local\Temp\2260\temp\6660.exe ()

    ==================== Restore Points =========================

    08-04-2015 12:37:39 Scheduled Checkpoint
    16-04-2015 19:30:36 Scheduled Checkpoint
    26-04-2015 20:30:18 Scheduled Checkpoint
    30-04-2015 17:12:02 Removed Dot4

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1F9427DF-AFC5-47EF-8F78-E22F43FB2447} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-11] ()
    Task: {4A18C941-1442-43A4-88BD-EAA16DB7BC0A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {4B9FD1CA-72CD-4036-AF9A-7B501835A550} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
    Task: {614FB656-2A6D-49BE-B101-C9C34065B4B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.)
    Task: {87D14F01-D3AF-406C-819B-4BCAA4B10A33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.)
    Task: {A13DACBA-42ED-4560-BE69-911E847053C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {B3F22A94-CF00-434A-8E93-AC28A69943F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {C0DF8C20-11A8-47BF-B2FB-97FF98BFDE5A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-PC-Home Home-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
    Task: {D2A9A821-0803-48DD-BDE4-0BFA992EA504} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{ebc87c56-ac1f-ae48-ebc8-87c56ac1f15a}\The Good Wife S06E20 HDTV x264 LOL[ettv].exe [2014-04-27] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{ebc87c56-ac1f-ae48-ebc8-87c56ac1f15a}\The Good Wife S06E20 HDTV x264 LOL[ettv].exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-04-30 17:11 - 2015-04-30 17:11 - 01949184 _____ () c:\Program Files\StatEngine\StatEngine.dll
    2012-10-01 21:33 - 2012-10-01 21:33 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-04-30 17:17 - 2015-04-28 03:07 - 01252680 _____ () c:\program files\google\chrome\application\42.0.2311.135\libglesv2.dll
    2015-04-30 17:17 - 2015-04-28 03:07 - 00080712 _____ () c:\program files\google\chrome\application\42.0.2311.135\libegl.dll
    2015-04-30 17:17 - 2015-04-28 03:07 - 14980424 _____ () c:\program files\google\chrome\application\42.0.2311.135\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1842446025-2463305157-3835274049-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1842446025-2463305157-3835274049-1001\...\StartupApproved\StartupFolder: => "Olly Murs Heart Skips A Beat.mp3.lnk"
    HKU\S-1-5-21-1842446025-2463305157-3835274049-1001\...\StartupApproved\StartupFolder: => "The Good Wife S06E20 HDTV x264 LOL[ettv].lnk"
    HKU\S-1-5-21-1842446025-2463305157-3835274049-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F8F9C1389199C5D42EF0F1FE1D081D59"

    ==================== FirewallRules (whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [{00400DF6-18C2-4AA0-A2FC-126FE27A7DEB}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{0E45886F-7B48-4580-A4EB-8FB13A42598D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{9D0411A0-547F-4713-8440-15E45CD0308B}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
    FirewallRules: [{A53FB2F0-69B8-410D-B2F2-E035226C454C}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
    FirewallRules: [{B7C96D84-D70C-478D-901B-58457B2BCEF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{6B3CBA1D-2E18-4CB3-A377-2ADA0D31234A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{E7253B9F-B4DB-468A-9597-1028FAF2F113}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{056BD915-8667-4BC2-BF24-31A326B7A36F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{7B5E7CC1-72F4-4374-A866-A0366ECAAB07}] => (Allow) C:\Program Files\Microsoft Office\Office15\outlook.exe
    FirewallRules: [{917D9B33-B2BA-48FA-AFE8-6E0DA001F25C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{18EA792C-4FEB-464B-A45D-F6A84870516F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{41EEB050-FE10-4E5B-9CB7-A36FB5AA1778}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{A485B4DC-B033-44E1-8673-0A025FA15DF1}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{84E994BC-E69B-44A2-8637-8CAC9B3723F2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{19F415B0-8C76-4907-B4B1-B74D76DC0F93}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{6DB4F617-2A8D-4CDD-B0E1-E05D57D472B0}] => (Allow) C:\Windows\System32\KMSServer.exe
    FirewallRules: [{D6CD54D3-207A-4BBC-801C-22C513DA7502}] => (Allow) C:\Windows\System32\KMSServer.exe
    FirewallRules: [{0B48FB30-24C0-4F5A-8AB0-10C88818BFD7}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{3BB986A8-E5E8-49FF-B635-503A7AFACD11}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E72296B3-900F-48A2-BE39-A65EBA2D3801}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{D590747E-F354-4C9F-94F3-26FA376FE1D4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [TCP Query User{BF16542D-7C5B-4BF4-B904-D45ED988312E}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
    FirewallRules: [UDP Query User{792E9C83-81DB-4ECF-AFF5-DFE40F6F6E65}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
    FirewallRules: [{A4646B6D-0DCC-4C33-91FE-8ECA3803E41A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{EC529C90-DD54-4C57-81B2-2DF31309991C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{D3C7FF1A-5D13-448E-9106-9E68509B9158}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{66BEC5CC-EE73-4883-BC37-1D153A7AC744}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{BBD6DD9A-243C-45B4-97AD-2CDB26FDEB41}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
    FirewallRules: [UDP Query User{ECE9ECC9-52E8-475E-AD78-5E237376072D}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
    FirewallRules: [{27EC6096-DF57-4EAF-A4AF-0C2870595AFC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{90570CCF-7FE1-404E-A76B-36FEFA77CA90}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{9EEF9E0F-B0EE-4BB7-9481-8F0D724EFD77}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E8B3F672-3D4A-48B3-B6CD-B1AD39282BCD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{B6E0B212-60B6-42F4-B31E-28CBD025E534}C:\users\home\desktop\u\u1405.exe] => (Allow) C:\users\home\desktop\u\u1405.exe
    FirewallRules: [UDP Query User{DD72D9DB-F12F-4212-B3DB-3B1987695D9A}C:\users\home\desktop\u\u1405.exe] => (Allow) C:\users\home\desktop\u\u1405.exe
    FirewallRules: [{8251D725-50B0-412B-B264-626ACC6DB523}] => (Allow) LPort=1688
    FirewallRules: [{BA5C6378-E876-4238-BAE8-630D0C7C4190}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/30/2015 05:45:55 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (04/30/2015 05:45:16 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/30/2015 05:45:16 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/30/2015 05:42:44 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/30/2015 05:42:44 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/30/2015 05:10:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Taskmgr.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: f5c

    Start Time: 01d0835fdf01e416

    Termination Time: 15

    Application Path: C:\Windows\system32\Taskmgr.exe

    Report Id: 6824f053-ef53-11e4-973b-00238bda860e

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/30/2015 05:07:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/30/2015 05:07:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/30/2015 04:47:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/30/2015 04:47:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (04/30/2015 05:17:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

    Error: (04/30/2015 05:17:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

    Error: (04/30/2015 05:17:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

    Error: (04/30/2015 05:14:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

    Error: (04/30/2015 05:14:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/30/2015 05:14:14 PM) (Source: DCOM) (EventID: 10016) (User: HOME-PC)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Home-PCHomeS-1-5-21-1842446025-2463305157-3835274049-1001LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/30/2015 05:14:14 PM) (Source: DCOM) (EventID: 10016) (User: HOME-PC)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Home-PCHomeS-1-5-21-1842446025-2463305157-3835274049-1001LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/30/2015 05:14:14 PM) (Source: DCOM) (EventID: 10016) (User: HOME-PC)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Home-PCHomeS-1-5-21-1842446025-2463305157-3835274049-1001LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/30/2015 05:14:14 PM) (Source: DCOM) (EventID: 10016) (User: HOME-PC)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Home-PCHomeS-1-5-21-1842446025-2463305157-3835274049-1001LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/30/2015 05:14:13 PM) (Source: DCOM) (EventID: 10016) (User: HOME-PC)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Home-PCHomeS-1-5-21-1842446025-2463305157-3835274049-1001LocalHost (Using LRPC)UnavailableUnavailable


    Microsoft Office Sessions:
    =========================
    Error: (04/30/2015 05:45:55 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (04/30/2015 05:45:16 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

    Error: (04/30/2015 05:45:16 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

    Error: (04/30/2015 05:42:44 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

    Error: (04/30/2015 05:42:44 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

    Error: (04/30/2015 05:10:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Taskmgr.exe6.3.9600.16384f5c01d0835fdf01e41615C:\Windows\system32\Taskmgr.exe6824f053-ef53-11e4-973b-00238bda860e

    Error: (04/30/2015 05:07:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

    Error: (04/30/2015 05:07:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

    Error: (04/30/2015 04:47:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL

    Error: (04/30/2015 04:47:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
    Percentage of memory in use: 53%
    Total physical RAM: 2975.2 MB
    Available physical RAM: 1386.61 MB
    Total Pagefile: 3679.2 MB
    Available Pagefile: 1809 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1865.34 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:110.51 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4425CDC2)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] You're not saying what your computer issues are.

    [​IMG] Uninstall:

    AdBlocker Manger
    DealNoDeal
    StatEngine


    Let me know if you had any problems uninstalling any of them.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...