Open FRST, do a scan;
Make sure you have or there is a check mark in the additions.txt box so it creates that log.
In your next reply post;
- Frst.txt
- Additions.txt
Joe
Laptop Is Really Slow/Laggy..Unresponsive Scripts...Mozilla Not Respon
Started by
Jing2x
, Mar 29 2015 11:07 AM
#16
Posted 30 March 2015 - 08:17 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Open FRST, do a scan;
Make sure you have or there is a check mark in the additions.txt box so it creates that log.
In your next reply post;
Joe
#17
Posted 30 March 2015 - 08:30 AM
Jing2x
- Topic Starter
-
- Member
-
- 23 posts
Member
Hello,
You have Malwarebytes installed can you please run a scan and post a log file from Malwarebytes.
Thanks
Joe
Hi Joe,
Did you want me to run a full scan or a quick scan?
Thanks,
Jing
Hello Joe,
Here is the result of the malware scan log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/29/2015
Scan Time: 9:57:30 PM
Logfile: mal log.txt
Administrator: Yes
Version: 2.01.4.1018
Malware Database: v2015.03.30.01
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Marcelino_4
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358891
Time Elapsed: 58 min, 25 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Error, 3/29/2015 2:46:16 PM, SYSTEM, ONEALMAR, Protection, IsLicensed, 13,
Protection, 3/29/2015 2:46:16 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopping,
Protection, 3/29/2015 2:46:16 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopped,
Error, 3/29/2015 7:34:05 PM, SYSTEM, ONEALMAR, Protection, IsLicensed, 13,
Protection, 3/29/2015 7:34:05 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopping,
Protection, 3/29/2015 7:34:05 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopped,
Update, 3/29/2015 8:42:29 PM, SYSTEM, ONEALMAR, Manual, Rootkit Database, 2015.2.25.1, 2015.3.26.1,
Update, 3/29/2015 8:43:52 PM, SYSTEM, ONEALMAR, Manual, Malware Database, 2015.3.9.5, 2015.3.30.1,
Scan, 3/29/2015 9:56:59 PM, SYSTEM, ONEALMAR, Manual, Start:3/29/2015 9:47:22 PM, Duration:9 min 37 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections,
Scan, 3/29/2015 10:55:56 PM, SYSTEM, ONEALMAR, Manual, Start:3/29/2015 9:57:30 PM, Duration:58 min 25 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/29/2015
Scan Time: 9:47:22 PM
Logfile: mal log 3.txt
Administrator: Yes
Version: 2.01.4.1018
Malware Database: v2015.03.30.01
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Marcelino_4
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 49749
Time Elapsed: 9 min, 37 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
There are 3 logs for this day. Thanks again,
Jing
Hi Joe,
Here is the malware log to this morning:
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 3/30/2015 8:27:26 AM, SYSTEM, ONEALMAR, Manual, Malware Database, 2015.3.30.1, 2015.3.30.5,
Scan, 3/30/2015 9:06:41 AM, SYSTEM, ONEALMAR, Manual, Start:3/30/2015 8:27:28 AM, Duration:39 min 13 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/30/2015
Scan Time: 8:27:28 AM
Logfile: mal log 5.txt
Administrator: Yes
Version: 2.01.4.1018
Malware Database: v2015.03.30.05
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Marcelino_4
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358558
Time Elapsed: 39 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Thanks again,
JIng
#18
Posted 30 March 2015 - 08:33 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
That's fine. Post a new frst and additions.txt log. See my post # 13 how to that.
Joe
Joe
#19
Posted 01 April 2015 - 08:05 PM
Jing2x
- Topic Starter
-
- Member
-
- 23 posts
Member
That's fine. Post a new frst and additions.txt log. See my post # 13 how to that.
Joe
Hi Joe,
Here is the post that you require re: #13 post.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Marcelino_4 (administrator) on ONEALMAR on 01-04-2015 08:01:08
Running from C:\Users\Marcelino_4\Desktop
Loaded Profiles: Marcelino_4 (Available profiles: Marcelino_4)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
() C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
( ) C:\Windows\System32\dlcxcoms.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742776 2010-05-08] (TOSHIBA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468904 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [307200 2006-06-15] ()
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [286720 2006-06-14] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [299008 2006-06-27] ()
HKLM\...\Run: [DLCXCATS] => rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [Google Update] => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-19] (Google Inc.)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632840 2015-02-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?p...97DHP&dt=071313
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-18] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
FireFox:
========
FF ProfilePath: C:\Users\Marcelino_4\AppData\Roaming\Mozilla\Firefox\Profiles\suikxs6e.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @nsroblox.roblox.com/launcher -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3a1b3a29e18e4ba7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3a1b3a29e18e4ba7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcelino_4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-01] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: YesScript - C:\Users\Marcelino_4\AppData\Roaming\Mozilla\Firefox\Profiles\suikxs6e.default\Extensions\[email protected] [2015-03-29]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
Chrome:
=======
CHR Profile: C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-13]
CHR Extension: (Google Drive) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (YouTube) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-15]
CHR Extension: (Adblock Plus) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-02]
CHR Extension: (Google Search) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-15]
StartMenuInternet: Google Chrome.X6YNCQX7EZGJWL7Z7HTFS3BZOI - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-28] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R3 dlcx_device; C:\windows\system32\dlcxcoms.exe [495616 2006-05-18] ( )
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [135176 2015-02-17] (Sandboxie Holdings, LLC)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51576 2010-07-01] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-05] (TOSHIBA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amd_sata; C:\windows\System32\DRIVERS\amd_sata.sys [64128 2010-11-05] (Advanced Micro Devices)
R0 amd_xata; C:\windows\System32\DRIVERS\amd_xata.sys [32384 2010-11-05] (Advanced Micro Devices)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [115496 2010-11-11] (ELAN Microelectronics Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)
R0 PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
S3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [1004136 2011-01-05] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2015-02-17] (Sandboxie Holdings, LLC)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2013-03-18] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 08:01 - 2015-04-01 08:01 - 00019910 _____ () C:\Users\Marcelino_4\Desktop\FRST.txt
2015-03-29 19:49 - 2015-03-29 19:49 - 00001799 _____ () C:\Users\Marcelino_4\Desktop\JRT.txt
2015-03-29 19:37 - 2015-03-29 19:37 - 01389240 _____ (Thisisu) C:\Users\Marcelino_4\Downloads\JRT.exe
2015-03-29 19:19 - 2015-03-29 19:20 - 02208768 _____ () C:\Users\Marcelino_4\Downloads\adwcleaner_4.200.exe
2015-03-29 17:39 - 2015-03-29 17:40 - 00011371 _____ () C:\Users\Marcelino_4\Desktop\Kyle_Plays_20150329_SET#2.xlsx
2015-03-29 16:43 - 2015-03-29 17:40 - 00011876 _____ () C:\Users\Marcelino_4\Desktop\Colin_Plays_20150329_SET#2.xlsx
2015-03-29 16:01 - 2015-03-29 17:32 - 05059072 _____ () C:\Users\Marcelino_4\Desktop\2way v3_Colin_20150329_SET#2.xls
2015-03-29 14:46 - 2015-03-29 19:33 - 00000112 _____ () C:\windows\setupact.log
2015-03-29 14:46 - 2015-03-29 14:46 - 00000000 _____ () C:\windows\setuperr.log
2015-03-29 14:45 - 2015-03-29 14:46 - 00408064 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-29 13:28 - 2015-03-29 14:38 - 00011947 _____ () C:\Users\Marcelino_4\Desktop\Colin_Plays_20150329.xlsx
2015-03-29 13:27 - 2015-03-29 14:38 - 05078016 _____ () C:\Users\Marcelino_4\Desktop\2way v3_Colin_20150329.xls
2015-03-29 13:08 - 2015-03-29 13:09 - 00000000 ____D () C:\Users\Marcelino_4\Downloads\Two Lovers
2015-03-29 13:07 - 2015-03-29 13:07 - 00000000 ____D () C:\Users\Marcelino_4\Downloads\Greg Giraldo
2015-03-29 13:06 - 2015-03-29 13:09 - 00000000 ____D () C:\Users\Marcelino_4\Downloads\MOVIES TO WATCH
2015-03-29 13:05 - 2015-03-29 13:05 - 00000000 ____D () C:\Users\Marcelino_4\Downloads\Eastbound & Down
2015-03-29 12:43 - 2015-04-01 08:01 - 00000000 ____D () C:\FRST
2015-03-29 12:42 - 2015-03-29 12:42 - 01135104 _____ (Farbar) C:\Users\Marcelino_4\Desktop\FRST.exe
2015-03-29 12:40 - 2015-03-29 14:43 - 00000000 ____D () C:\Users\Marcelino_4\Desktop\FarBar
2015-03-29 12:33 - 2015-03-29 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-29 12:23 - 2015-03-29 12:24 - 00000000 ___SD () C:\windows\system32\GWX
2015-03-29 12:22 - 2015-03-29 12:22 - 00109280 _____ () C:\Users\Marcelino_4\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-26 17:02 - 2015-03-26 17:02 - 00019703 _____ () C:\Users\Marcelino_4\Desktop\Lines adj for shootouts.xlsm
2015-03-24 18:05 - 2015-03-10 22:30 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-24 18:05 - 2015-03-10 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00818176 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-24 18:05 - 2015-03-10 22:26 - 00892928 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-22 09:58 - 2015-03-22 09:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-18 21:38 - 2015-03-18 21:39 - 40790520 _____ (Amazon.com) C:\Users\Marcelino_4\Downloads\KindleForPC-installer.exe
2015-03-18 21:26 - 2014-03-31 21:36 - 00049856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fssfltr.sys
2015-03-18 21:25 - 2015-03-18 21:25 - 00001331 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-03-18 21:25 - 2015-03-18 21:25 - 00001262 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-03-18 21:20 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2015-03-18 21:20 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2015-03-18 21:20 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-03-18 21:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2015-03-18 21:16 - 2015-03-18 21:16 - 00002208 _____ () C:\Users\Marcelino_4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-18 21:16 - 2015-03-18 21:16 - 00002073 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-18 21:16 - 2015-03-18 21:16 - 00002073 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-18 21:16 - 2015-03-18 21:16 - 00000000 ___RD () C:\Users\Marcelino_4\OneDrive
2015-03-18 21:16 - 2015-03-18 21:16 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-03-18 21:15 - 2015-03-18 21:15 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-03-18 21:09 - 2015-03-18 21:09 - 01239752 _____ (Microsoft Corporation) C:\Users\Marcelino_4\Downloads\wlsetup-web.exe
2015-03-18 20:58 - 2015-03-18 20:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-18 20:48 - 2015-03-18 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-10 16:07 - 2015-02-25 22:11 - 02381312 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 16:07 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-10 16:07 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 16:07 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-10 16:07 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 16:07 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-10 16:07 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-10 16:07 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 16:07 - 2015-02-19 20:56 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-10 16:07 - 2015-02-19 20:50 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-10 16:07 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 16:07 - 2015-02-19 20:24 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-10 16:07 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 16:07 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-10 16:07 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 16:07 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 16:07 - 2015-01-30 22:33 - 02744320 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-10 16:07 - 2015-01-30 22:33 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 16:07 - 2015-01-30 19:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-10 16:07 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 16:06 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 16:06 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 16:06 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 16:06 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 16:06 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 16:06 - 2015-02-19 21:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-10 16:06 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 16:06 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-10 16:06 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-10 16:06 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 16:06 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 16:06 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-10 16:06 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-10 16:06 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 16:06 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 16:06 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-10 16:06 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 16:05 - 2015-03-06 00:15 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 16:05 - 2015-03-06 00:15 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 16:05 - 2015-03-06 00:10 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 16:05 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 16:05 - 2015-03-06 00:09 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 16:05 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 16:05 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 16:05 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 16:05 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 16:04 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 16:04 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-03-10 16:04 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 16:04 - 2015-02-02 22:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 16:04 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 16:04 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 16:04 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 16:04 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 16:04 - 2015-02-02 22:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 16:04 - 2015-02-02 22:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 16:04 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 16:04 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 16:04 - 2015-02-02 22:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 16:04 - 2015-02-02 21:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 16:04 - 2015-01-30 18:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 16:04 - 2014-10-31 17:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 16:04 - 2014-06-27 19:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-10 16:04 - 2014-06-27 19:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 08:01 - 2011-12-27 12:37 - 01332155 _____ () C:\windows\WindowsUpdate.log
2015-04-01 07:53 - 2010-11-20 16:01 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-01 07:52 - 2012-08-19 12:52 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000UA.job
2015-04-01 07:52 - 2012-06-25 22:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 07:51 - 2012-08-19 12:52 - 00000880 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000Core.job
2015-03-30 08:27 - 2015-01-20 13:26 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 19:41 - 2009-07-13 23:34 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 19:41 - 2009-07-13 23:34 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 19:33 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-29 19:32 - 2013-09-09 10:15 - 00000000 ____D () C:\AdwCleaner
2015-03-29 18:23 - 2013-12-04 09:04 - 00000000 ____D () C:\Users\Marcelino_4\Documents\ProlinePlayer
2015-03-29 16:11 - 2013-02-10 23:36 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Local\Deployment
2015-03-29 14:55 - 2012-03-03 18:02 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Local\CrashDumps
2015-03-29 14:51 - 2014-07-14 15:10 - 00068608 ___SH () C:\Users\Marcelino_4\Desktop\Thumbs.db
2015-03-29 14:45 - 2015-01-20 12:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-29 14:45 - 2013-08-11 12:00 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-29 13:17 - 2012-12-08 21:34 - 00000000 ____D () C:\Users\Marcelino_4\Desktop\KAREN FOLDER
2015-03-29 13:14 - 2013-08-11 12:01 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-29 13:14 - 2013-08-11 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-29 13:12 - 2015-01-20 12:30 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-29 13:12 - 2015-01-20 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 13:10 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Marcelino_4\Downloads\DONE
2015-03-29 13:03 - 2012-06-10 03:34 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Roaming\uTorrent
2015-03-29 12:33 - 2012-08-20 00:07 - 00000980 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-29 12:32 - 2012-08-20 00:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 12:22 - 2013-09-07 10:18 - 00000000 ____D () C:\Users\Marcelino_4\Desktop\Geeks To Go
2015-03-29 12:14 - 2014-09-01 11:04 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Local\Adobe
2015-03-29 12:13 - 2012-06-25 22:36 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-03-29 12:13 - 2012-02-09 21:20 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-29 10:52 - 2011-12-27 16:43 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Roaming\Skype
2015-03-25 21:28 - 2014-12-10 13:11 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-25 21:28 - 2014-05-08 16:22 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-24 20:00 - 2012-05-10 00:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 12:25 - 2013-01-29 18:55 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-03-21 16:21 - 2012-08-19 12:53 - 00002410 _____ () C:\Users\Marcelino_4\Desktop\Google Chrome.lnk
2015-03-19 13:47 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-03-18 21:40 - 2012-09-26 10:05 - 00002273 _____ () C:\Users\Marcelino_4\Desktop\Kindle.lnk
2015-03-18 21:26 - 2011-12-27 13:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-18 21:24 - 2011-12-27 13:25 - 00001415 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-03-18 21:23 - 2011-12-27 13:25 - 00002443 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-03-18 21:22 - 2011-12-27 13:24 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-18 21:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-18 21:16 - 2011-12-26 09:13 - 00000000 ____D () C:\Users\Marcelino_4
2015-03-18 21:06 - 2013-09-29 01:22 - 00001039 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-18 20:56 - 2014-10-16 10:50 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-03-18 20:56 - 2014-01-25 02:23 - 00000000 ____D () C:\Program Files\Java
2015-03-18 20:43 - 2011-12-27 13:35 - 00000000 ___RD () C:\Program Files\Skype
2015-03-18 20:43 - 2011-12-27 13:35 - 00000000 ____D () C:\ProgramData\Skype
2015-03-17 06:15 - 2015-01-20 12:30 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2015-01-20 12:30 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2012-10-02 02:35 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-13 12:04 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
2015-03-11 21:24 - 2012-07-23 13:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 21:22 - 2009-07-13 21:04 - 00000478 _____ () C:\windows\win.ini
2015-03-11 21:17 - 2013-07-12 20:20 - 00000000 ____D () C:\windows\system32\MRT
2015-03-11 10:16 - 2012-02-27 18:16 - 119837696 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-04 00:22 - 2013-12-08 14:42 - 00000000 ____D () C:\Users\Marcelino_4\Desktop\Melanie's work folder
2015-03-03 08:16 - 2012-02-02 18:51 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-11-29 18:38 - 2015-01-20 08:16 - 0000165 _____ () C:\Users\Marcelino_4\AppData\Roaming\WB.CFG
2014-12-01 19:46 - 2014-12-16 17:50 - 0000001 _____ () C:\Users\Marcelino_4\AppData\Local\DSI.DAT
2014-12-16 17:50 - 2014-12-16 17:50 - 0022528 _____ () C:\Users\Marcelino_4\AppData\Local\dsisetup2451984872.exe
2014-12-01 19:46 - 2014-12-01 19:46 - 0022528 _____ () C:\Users\Marcelino_4\AppData\Local\dsisetup760187102.exe
2012-01-07 14:34 - 2012-01-07 14:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Marcelino_4\AppData\Local\temp\Quarantine.exe
C:\Users\Marcelino_4\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 22:02
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Marcelino_4 at 2015-04-01 08:03:56
Running from C:\Users\Marcelino_4\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1735.41615 - ABBYY Software House)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{36141ABA-C8A4-D4A8-2960-20D40DBBA95D}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (Version: 2011.0216.726.13233 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell PC Fax (HKLM\...\Dell PC Fax) (Version: - )
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version: - Dell, Inc.)
ETDWare PS/2-X86 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
FATE (Version: 2.2.0.95 - WildTangent) Hidden
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Quest - Heritage (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (Version: 18.1.0.37 - Symantec Corporation) Hidden
Plants vs. Zombies (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (Version: 2.2.0.95 - WildTangent) Hidden
Proline Parlay Maker (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\9b1bc7b86233e4ce) (Version: 1.5.0.5 - ProlinePlayer)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RebelBetting 4.10 (HKLM\...\RebelBetting) (Version: 4.10 - ClaroBet AB)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROBLOX Player for Marcelino_4 (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Marcelino_4 (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Sandboxie 4.16 (32-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Sandboxie Packages (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Sandboxie Packages) (Version: - ) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
TOSHIBA Assist (HKLM\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{E16F083B-F124-4AB0-85F8-A1E6EA6665F7}) (Version: 2.0.16.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.8 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}) (Version: 1.7.16.32 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.22 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
Unity Web Player (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Wheel of Fortune 2 (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
WildTangent ORB Game Console (Version: - WildTangent) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WMV9/VC-1 Video Playback (Version: 1.0.60216.0728 - ATI Technologies Inc.) Hidden
Zuma's Revenge (Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Marcelino_4\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Chrome\Application\41.0.2272.89\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3c333d16b2ee4af9\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3c333d16b2ee4af9\RobloxProxy64.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
==================== Restore Points =========================
18-03-2015 21:17:43 Installed DirectX
18-03-2015 21:18:53 Installed DirectX
18-03-2015 21:19:43 Installed DirectX
18-03-2015 21:21:39 WLSetup
19-03-2015 18:19:49 Windows Update
23-03-2015 21:22:02 Windows Update
25-03-2015 08:57:41 Windows Update
28-03-2015 13:18:47 Windows Update
29-03-2015 12:22:46 Windows Update
29-03-2015 14:43:22 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2015-03-29 14:43 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1A88487F-F72D-427F-BA20-53DA448DBB08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1F62CF7C-34A0-49BF-800A-2B6F815B873D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3BCBB56C-2E28-46AA-873C-A8552F6718ED} - System32\Tasks\{1E7A8891-3C46-42F9-95AB-45A26EB7C014} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {3E6588A3-0607-4E0C-89C2-F540E11244D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {42B00DD9-3052-4503-AAC1-A9F0B44AE50B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000UA => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19] (Google Inc.)
Task: {60E2B6A1-A749-4E21-B494-5019D9CB7B46} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-29] (Adobe Systems Incorporated)
Task: {8408FA05-1A8C-4492-8F58-270A1E1F3E10} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {84D6A7F2-27C3-4BC0-81D9-B2A47DB7AF82} - System32\Tasks\{350D2014-51B2-42BA-8107-712178D2CF39} => Firefox.exe http://ui.skype.com/...;LastError=1618
Task: {8E1FAD92-DD51-44F7-AFDF-8CC996DC7B27} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A4532228-5D52-43D2-BB44-0CF1EAFFA133} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000Core => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19] (Google Inc.)
Task: {D008E139-F24A-4691-BE9B-73E880AD23B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {D6EE5745-5338-4B32-9EB0-26BB72DB59F1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {EE51F9FA-41C5-4884-9033-7BDDE70184EF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {F2DC691B-8F7A-4F89-9B9B-EBA4623100C8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000Core.job => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000UA.job => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-04-27 18:13 - 2006-06-15 05:04 - 00040960 _____ () C:\windows\System32\DLPRMON.DLL
2014-04-27 18:12 - 2006-06-15 05:28 - 00012288 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2014-04-27 18:12 - 2006-06-15 05:01 - 00032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2014-04-27 18:24 - 2006-06-29 01:00 - 00114688 _____ () C:\windows\system32\spool\PRTPROCS\W32X86\dlcxdrpp.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-07 19:06 - 2010-04-07 19:06 - 09487672 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 17:14 - 2010-03-03 17:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:14 - 2010-03-03 17:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-03-02 21:54 - 2009-06-22 18:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 14:07 - 2009-07-25 14:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2014-04-27 18:14 - 2006-06-14 07:51 - 00286720 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
2014-04-27 18:14 - 2006-06-14 07:50 - 00278528 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll
2014-04-27 18:14 - 2006-05-29 03:49 - 00073728 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxcfg.dll
2014-04-27 18:14 - 2006-02-20 11:08 - 00143360 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll
2014-04-27 18:14 - 2006-06-27 06:34 - 00299008 _____ () C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
2011-02-16 10:25 - 2011-02-16 10:25 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-10-19 17:15 - 2010-10-19 17:15 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-10-21 10:57 - 2014-04-22 13:39 - 00645592 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2010-02-05 20:40 - 2010-02-05 20:40 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-29 12:13 - 2015-03-29 12:13 - 16858288 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcelino_4\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.254
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3753955863-2307342207-4068506165-500 - Administrator - Disabled)
Guest (S-1-5-21-3753955863-2307342207-4068506165-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3753955863-2307342207-4068506165-1002 - Limited - Enabled)
Marcelino_4 (S-1-5-21-3753955863-2307342207-4068506165-1000 - Administrator - Enabled) => C:\Users\Marcelino_4
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/31/2015 08:29:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9282
Error: (03/31/2015 08:29:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9282
Error: (03/31/2015 08:29:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/31/2015 08:29:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7987
Error: (03/31/2015 08:29:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7987
Error: (03/31/2015 08:29:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/31/2015 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600
Error: (03/31/2015 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600
Error: (03/31/2015 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/31/2015 04:11:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9422
System errors:
=============
Error: (03/31/2015 03:53:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/30/2015 08:15:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (03/31/2015 08:29:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9282
Error: (03/31/2015 08:29:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9282
Error: (03/31/2015 08:29:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/31/2015 08:29:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7987
Error: (03/31/2015 08:29:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7987
Error: (03/31/2015 08:29:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/31/2015 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600
Error: (03/31/2015 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600
Error: (03/31/2015 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/31/2015 04:11:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9422
==================== Memory info ===========================
Processor: AMD C-50 Processor
Percentage of memory in use: 72%
Total physical RAM: 2662.87 MB
Available physical RAM: 741.86 MB
Total Pagefile: 5324.03 MB
Available Pagefile: 2756.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.52 MB
==================== Drives ================================
Drive c: (S3A8665D005) (Fixed) (Total:270.72 GB) (Free:68.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: AD30EA02)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=270.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.6 GB) - (Type=17)
Partition 4: (Not Active) - (Size=9.3 GB) - (Type=17)
==================== End Of Log ============================
thanks again,
Jing
#20
Posted 01 April 2015 - 08:19 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
How are we doing still slow ? Still have Firefox issue ?
Thanks
Joe
How are we doing still slow ? Still have Firefox issue ?
Thanks
Joe
#21
Posted 02 April 2015 - 07:05 AM
Jing2x
- Topic Starter
-
- Member
-
- 23 posts
Member
Hello,
How are we doing still slow ? Still have Firefox issue ?
Thanks
Joe
Hi Joe,
The laptop is abit faster but the "unresponsive scrip/not responding" still keeps on popping up whenever I go to a different internet site that is when it slow everything down to a halt. So what I do is always click on the " stop script" option button all the time.
Thanks,
Jing
#22
Posted 03 April 2015 - 06:32 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Lets try resetting Firefox;
How to reset Firefox:
Joe
Lets try resetting Firefox;
How to reset Firefox:
- Click the menu button and then click help .
- From the Help menu choose Troubleshooting Information. ...
- Click the Reset Firefox… button in the upper-right corner of the
- Troubleshooting Information page.
- To continue, click Reset Firefox in the confirmation window that opens.
Joe
#23
Posted 03 April 2015 - 10:23 PM
Jing2x
- Topic Starter
-
- Member
-
- 23 posts
Member
Hello,
Lets try resetting Firefox;
How to reset Firefox:Thanks
- Click the menu button and then click help .
- From the Help menu choose Troubleshooting Information. ...
- Click the Reset Firefox… button in the upper-right corner of the
- Troubleshooting Information page.
- To continue, click Reset Firefox in the confirmation window that opens.
Joe
Hi Joe,
I followed the steps for resetting Firefox and that "unresponsive script/not responding" message isn't popping up anymore when I go to certain websites. This is a HUGE relief! The laptop seemed even slower after I followed your steps for resetting Firefox, so I rebooted the laptop and everything seems to be running much better now *cross fingers*
#24
Posted 03 April 2015 - 10:33 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742776 2010-05-08] (TOSHIBA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468904 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [307200 2006-06-15] ()
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [286720 2006-06-14] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [299008 2006-06-27] ()
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-31] (Corel, Inc.)
HKLM\...\Run: [DLCXCATS] => rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
All those programs are running when you boot windows ???? We should stop some of them.
So,
Download HijackThis
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742776 2010-05-08] (TOSHIBA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468904 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [307200 2006-06-15] ()
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [286720 2006-06-14] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [299008 2006-06-27] ()
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-31] (Corel, Inc.)
HKLM\...\Run: [DLCXCATS] => rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
All those programs are running when you boot windows ???? We should stop some of them.
So,
Download HijackThis
- Go Here to download HijackThis program
- Save HijackThis to your desktop.
- Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
- Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
- copy and paste hijackthis report into the topic
#25
Posted 04 April 2015 - 11:38 PM
Jing2x
- Topic Starter
-
- Member
-
- 23 posts
Member
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742776 2010-05-08] (TOSHIBA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468904 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [307200 2006-06-15] ()
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [286720 2006-06-14] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [299008 2006-06-27] ()
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-31] (Corel, Inc.)
HKLM\...\Run: [DLCXCATS] => rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
All those programs are running when you boot windows ???? We should stop some of them.
So,
Download HijackThis
- Go Here to download HijackThis program
- Save HijackThis to your desktop.
- Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
- Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
- copy and paste hijackthis report into the topic
Hi Joe,
Thanks again for all your help and patience. Here is the log file that you requested.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:37:41 AM, on 4/5/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
CHROME: 41.0.2272.118
FIREFOX: 37.0.1 (x86 en-US)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\windows\system32\conhost.exe
C:\Users\Marcelino_4\AppData\Local\Apps\2.0\96PNGNQJ.QGA\D8Z14AEQ.GBH\prol..tion_0000000000000000_0001.0005_93dac5a055a2e545\ProlineParlayMaker.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Marcelino_4\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?p...97DHP&dt=071313
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcx_device - - C:\windows\system32\dlcxcoms.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
--
End of file - 11301 bytes
#26
Posted 07 April 2015 - 08:32 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
We will stop some start up programs that are starting up with windows, a lot of then are pre installed Toshiba bloat ware we call it
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
We will stop some start up programs that are starting up with windows, a lot of then are pre installed Toshiba bloat ware we call it
- Right click on Hijackthis from the desktop. Run as adminstrator.
- This time do a System Scan Only.
- Place a check mark in the following entries:
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
- Now click Fix checked.
- Close Hijackthis.
- Reboot.
#27
Posted 09 April 2015 - 09:07 PM
Jing2x
- Topic Starter
-
- Member
-
- 23 posts
Member
Hello,
We will stop some start up programs that are starting up with windows, a lot of then are pre installed Toshiba bloat ware we call itO4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
- Right click on Hijackthis from the desktop. Run as adminstrator.
- This time do a System Scan Only.
- Place a check mark in the following entries:
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exeRun the computer for a while and let me know how things are. If you loose a function to something let me know that too.
- Now click Fix checked.
- Close Hijackthis.
- Reboot.
Hello Joe,
So I followed the steps that you had instructed and the computer is running alot faster and the "unresponsive script/not responding" is so far no longer popping up anymore which is fantastice and a relief!!! thanks!
But there is one more thing, for some reason after going on to listen to videos on " Youtube" or chat on "Skype" I loose the volume of my computer after 3-4 minutes even though my speaker is on. I dont know why it does that but it didnt use to happen before and it sort of happen about the same time when the "unresponsive script\not responding" came about. So when this would happen and I use my headphones instead and plug it into the computer, the volume would work. But most of the time the volume is not responding or working after a few minutes.
I would appreciate your help for this matter as well Joe. Thanks for your response.
Jing
#28
Posted 10 April 2015 - 05:58 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
This was happening before the Hijackthis fix we made ? It's important I know that..
Thanks
Joe
Thanks
Joe
#29
Posted 12 April 2015 - 11:52 AM
Jing2x
- Topic Starter
-
- Member
-
- 23 posts
Member
This was happening before the Hijackthis fix we made ? It's important I know that..
Thanks
Joe
Hi Joe,
Yes the volume issue started before the Hijacthis fix.
Thanks again for all your help.
Jing
#30
Posted 12 April 2015 - 01:19 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
What is the model # of that Toshiba ?
What is the model # of that Toshiba ?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
