Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Laptop Is Really Slow/Laggy..Unresponsive Scripts...Mozilla Not Respon

Started by Jing2x , Mar 29 2015 11:07 AM

Please log in to reply

#1
Jing2x

Posted 29 March 2015 - 11:07 AM

Member

Member
23 posts

Hi there,

I'm new to the forum and I'm experiencing problems with my Toshiba laptop where I'm getting 'Unresponsive Scripts'. As an example, every time I try to log into my shaw webmail account this is the message that pops up.

"Warning: Unresponsive Script

A script on this page may be busy, or it may have stopped responding. You can stop the script now, open the script in the debugger, or let the script continue.

Script: resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/extensions/%7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D.xpi!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://skype_ff_extension-at-jetpack/skype_ff_extension/data/jquery-2.1.0.min.js:28"

Also, I've noticed that my laptop has become somewhat slower over the past couple of months.

Can someone please help me out or at the very least point me in the right direction?

Thanks again,

Jing

#2
zep516

Posted 29 March 2015 - 11:26 AM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
farbar-recovery-scan-tool/dl/81/Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run (Desktop). Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste it to your reply.

#3
Jing2x

Posted 29 March 2015 - 11:56 AM

Member

Topic Starter
Member
23 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
farbar-recovery-scan-tool/dl/81/Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run (Desktop). Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste it to your reply.

Hello, thanks for responding back so quickly. I have followed your instruction and I had also pasted in on my reply:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Marcelino_4 (administrator) on ONEALMAR on 29-03-2015 12:43:52
Running from C:\Users\Marcelino_4\Desktop\FarBar
Loaded Profiles: Marcelino_4 (Available profiles: Marcelino_4)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
( ) C:\Windows\System32\dlcxcoms.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742776 2010-05-08] (TOSHIBA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468904 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [307200 2006-06-15] ()
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [286720 2006-06-14] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [299008 2006-06-27] ()
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2005-08-31] (Corel, Inc.)
HKLM\...\Run: [DLCXCATS] => rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [Google Update] => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-19] (Google Inc.)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [uTorrent] => C:\Users\Marcelino_4\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632840 2015-02-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?p...97DHP&dt=071313
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.google.co...ng}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {2DA625FF-EA50-47FA-A8A4-A88C6A01421A} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.google.co...CA_enCA464CA465
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.254

FireFox:
========
FF ProfilePath: C:\Users\Marcelino_4\AppData\Roaming\Mozilla\Firefox\Profiles\suikxs6e.default
FF SelectedSearchEngine: Vosteran
FF Homepage: https://www.google.c...HABg&gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @nsroblox.roblox.com/launcher -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3a1b3a29e18e4ba7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3a1b3a29e18e4ba7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3753955863-2307342207-4068506165-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcelino_4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-01] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: YesScript - C:\Users\Marcelino_4\AppData\Roaming\Mozilla\Firefox\Profiles\suikxs6e.default\Extensions\[email protected] [2015-03-29]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor

Chrome:
=======
CHR Profile: C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-13]
CHR Extension: (Google Drive) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (YouTube) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-15]
CHR Extension: (Adblock Plus) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-02]
CHR Extension: (Google Search) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
StartMenuInternet: Google Chrome.X6YNCQX7EZGJWL7Z7HTFS3BZOI - C:\Users\Marcelino_4\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-28] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R3 dlcx_device; C:\windows\system32\dlcxcoms.exe [495616 2006-05-18] ( )
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [135176 2015-02-17] (Sandboxie Holdings, LLC)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51576 2010-07-01] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-05] (TOSHIBA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\windows\System32\DRIVERS\amd_sata.sys [64128 2010-11-05] (Advanced Micro Devices)
R0 amd_xata; C:\windows\System32\DRIVERS\amd_xata.sys [32384 2010-11-05] (Advanced Micro Devices)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [115496 2010-11-11] (ELAN Microelectronics Corp.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-28] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)
R0 PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
S3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [1004136 2011-01-05] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2015-02-17] (Sandboxie Holdings, LLC)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2013-03-18] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R1 MpKslf67e3bb1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC18CE16-A09D-47CB-BD44-E01583AA8790}\MpKslf67e3bb1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 12:43 - 2015-03-29 12:44 - 00000000 ____D () C:\FRST
2015-03-29 12:40 - 2015-03-29 12:43 - 00000000 ____D () C:\Users\Marcelino_4\Desktop\FarBar
2015-03-29 12:33 - 2015-03-29 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-29 12:23 - 2015-03-29 12:24 - 00000000 ___SD () C:\windows\system32\GWX
2015-03-29 12:22 - 2015-03-29 12:22 - 00109280 _____ () C:\Users\Marcelino_4\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-26 17:02 - 2015-03-26 17:02 - 00019703 _____ () C:\Users\Marcelino_4\Desktop\Lines adj for shootouts.xlsm
2015-03-24 18:05 - 2015-03-10 22:30 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-24 18:05 - 2015-03-10 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00818176 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-24 18:05 - 2015-03-10 22:29 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-24 18:05 - 2015-03-10 22:26 - 00892928 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-22 09:58 - 2015-03-22 09:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-18 21:38 - 2015-03-18 21:39 - 40790520 _____ (Amazon.com) C:\Users\Marcelino_4\Downloads\KindleForPC-installer.exe
2015-03-18 21:26 - 2014-03-31 21:36 - 00049856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fssfltr.sys
2015-03-18 21:25 - 2015-03-18 21:25 - 00001331 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-03-18 21:25 - 2015-03-18 21:25 - 00001262 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-03-18 21:20 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2015-03-18 21:20 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2015-03-18 21:20 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-03-18 21:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2015-03-18 21:16 - 2015-03-18 21:16 - 00002208 _____ () C:\Users\Marcelino_4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-18 21:16 - 2015-03-18 21:16 - 00002073 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-18 21:16 - 2015-03-18 21:16 - 00002073 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-18 21:16 - 2015-03-18 21:16 - 00000000 ___RD () C:\Users\Marcelino_4\OneDrive
2015-03-18 21:16 - 2015-03-18 21:16 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-03-18 21:15 - 2015-03-18 21:15 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-03-18 21:09 - 2015-03-18 21:09 - 01239752 _____ (Microsoft Corporation) C:\Users\Marcelino_4\Downloads\wlsetup-web.exe
2015-03-18 20:58 - 2015-03-18 20:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-18 20:48 - 2015-03-18 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-10 16:07 - 2015-02-25 22:11 - 02381312 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 16:07 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-10 16:07 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 16:07 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-10 16:07 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 16:07 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-10 16:07 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-10 16:07 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 16:07 - 2015-02-19 20:56 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-10 16:07 - 2015-02-19 20:50 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-10 16:07 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 16:07 - 2015-02-19 20:24 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-10 16:07 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 16:07 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-10 16:07 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 16:07 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 16:07 - 2015-01-30 22:33 - 02744320 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-10 16:07 - 2015-01-30 22:33 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 16:07 - 2015-01-30 19:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-10 16:07 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 16:06 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 16:06 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 16:06 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 16:06 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 16:06 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 16:06 - 2015-02-19 21:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-10 16:06 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 16:06 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-10 16:06 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-10 16:06 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 16:06 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 16:06 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-10 16:06 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-10 16:06 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 16:06 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 16:06 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-10 16:06 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 16:05 - 2015-03-06 00:15 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 16:05 - 2015-03-06 00:15 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 16:05 - 2015-03-06 00:10 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 16:05 - 2015-03-06 00:10 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 16:05 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 16:05 - 2015-03-06 00:09 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 16:05 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 16:05 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 16:05 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 16:05 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 16:05 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 16:05 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 16:04 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 16:04 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-03-10 16:04 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 16:04 - 2015-02-02 22:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 16:04 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 16:04 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 16:04 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 16:04 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 16:04 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 16:04 - 2015-02-02 22:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 16:04 - 2015-02-02 22:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 16:04 - 2015-02-02 22:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 16:04 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 16:04 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 16:04 - 2015-02-02 22:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 16:04 - 2015-02-02 21:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 16:04 - 2015-01-30 18:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 16:04 - 2014-10-31 17:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 16:04 - 2014-06-27 19:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-10 16:04 - 2014-06-27 19:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 12:39 - 2009-07-13 23:34 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 12:39 - 2009-07-13 23:34 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 12:35 - 2011-12-27 12:37 - 01206004 _____ () C:\windows\WindowsUpdate.log
2015-03-29 12:33 - 2012-08-20 00:07 - 00000980 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-29 12:32 - 2012-08-20 00:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 12:31 - 2012-08-19 12:52 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000UA.job
2015-03-29 12:22 - 2013-09-07 10:18 - 00000000 ____D () C:\Users\Marcelino_4\Desktop\Geeks To Go
2015-03-29 12:16 - 2014-07-14 15:10 - 00068608 ___SH () C:\Users\Marcelino_4\Desktop\Thumbs.db
2015-03-29 12:14 - 2014-09-01 11:04 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Local\Adobe
2015-03-29 12:13 - 2012-06-25 22:36 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-03-29 12:13 - 2012-06-25 22:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 12:13 - 2012-02-09 21:20 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-29 11:48 - 2012-06-10 03:34 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Roaming\uTorrent
2015-03-29 11:48 - 2012-03-03 18:02 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Local\CrashDumps
2015-03-29 11:11 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-29 10:52 - 2011-12-27 16:43 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Roaming\Skype
2015-03-29 01:49 - 2012-08-19 12:52 - 00000880 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000Core.job
2015-03-28 22:32 - 2015-01-20 13:26 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 22:29 - 2010-11-20 16:01 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-27 00:05 - 2013-12-04 09:04 - 00000000 ____D () C:\Users\Marcelino_4\Documents\ProlinePlayer
2015-03-26 18:33 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Marcelino_4\Downloads\DONE
2015-03-26 16:57 - 2013-02-10 23:36 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Local\Deployment
2015-03-25 21:28 - 2014-12-10 13:11 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-25 21:28 - 2014-05-08 16:22 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-24 20:00 - 2012-05-10 00:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 12:25 - 2013-01-29 18:55 - 00000000 ____D () C:\Users\Marcelino_4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-03-21 16:21 - 2012-08-19 12:53 - 00002410 _____ () C:\Users\Marcelino_4\Desktop\Google Chrome.lnk
2015-03-19 13:47 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-03-18 21:40 - 2012-09-26 10:05 - 00002273 _____ () C:\Users\Marcelino_4\Desktop\Kindle.lnk
2015-03-18 21:26 - 2011-12-27 13:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-18 21:24 - 2011-12-27 13:25 - 00001415 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-03-18 21:23 - 2011-12-27 13:25 - 00002443 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-03-18 21:22 - 2011-12-27 13:24 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-18 21:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-18 21:16 - 2011-12-26 09:13 - 00000000 ____D () C:\Users\Marcelino_4
2015-03-18 21:06 - 2013-09-29 01:22 - 00001039 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-18 20:56 - 2014-10-16 10:50 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-03-18 20:56 - 2014-01-25 02:23 - 00000000 ____D () C:\Program Files\Java
2015-03-18 20:43 - 2011-12-27 13:35 - 00000000 ___RD () C:\Program Files\Skype
2015-03-18 20:43 - 2011-12-27 13:35 - 00000000 ____D () C:\ProgramData\Skype
2015-03-13 12:04 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\rescache
2015-03-11 21:24 - 2012-07-23 13:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 21:22 - 2009-07-13 21:04 - 00000478 _____ () C:\windows\win.ini
2015-03-11 21:17 - 2013-07-12 20:20 - 00000000 ____D () C:\windows\system32\MRT
2015-03-11 10:16 - 2012-02-27 18:16 - 119837696 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-04 00:22 - 2013-12-08 14:42 - 00000000 ____D () C:\Users\Marcelino_4\Desktop\Melanie's work folder
2015-03-03 08:16 - 2012-02-02 18:51 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-11-29 18:38 - 2015-01-20 08:16 - 0000165 _____ () C:\Users\Marcelino_4\AppData\Roaming\WB.CFG
2014-12-01 19:46 - 2014-12-16 17:50 - 0000001 _____ () C:\Users\Marcelino_4\AppData\Local\DSI.DAT
2014-12-16 17:50 - 2014-12-16 17:50 - 0022528 _____ () C:\Users\Marcelino_4\AppData\Local\dsisetup2451984872.exe
2014-12-01 19:46 - 2014-12-01 19:46 - 0022528 _____ () C:\Users\Marcelino_4\AppData\Local\dsisetup760187102.exe
2012-01-07 14:34 - 2012-01-07 14:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-25 22:02

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Marcelino_4 at 2015-03-29 12:45:48
Running from C:\Users\Marcelino_4\Desktop\FarBar
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1735.41615 - ABBYY Software House)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{36141ABA-C8A4-D4A8-2960-20D40DBBA95D}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (Version: 2011.0216.726.13233 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell PC Fax (HKLM\...\Dell PC Fax) (Version: - )
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version: - Dell, Inc.)
ETDWare PS/2-X86 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
FATE (Version: 2.2.0.95 - WildTangent) Hidden
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Quest - Heritage (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (Version: 18.1.0.37 - Symantec Corporation) Hidden
Plants vs. Zombies (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (Version: 2.2.0.95 - WildTangent) Hidden
Proline Parlay Maker (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\9b1bc7b86233e4ce) (Version: 1.5.0.5 - ProlinePlayer)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RebelBetting 4.10 (HKLM\...\RebelBetting) (Version: 4.10 - ClaroBet AB)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROBLOX Player for Marcelino_4 (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Marcelino_4 (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Sandboxie 4.16 (32-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Sandboxie Packages (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\Sandboxie Packages) (Version: - ) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
TOSHIBA Assist (HKLM\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{E16F083B-F124-4AB0-85F8-A1E6EA6665F7}) (Version: 2.0.16.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.8 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}) (Version: 1.7.16.32 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.22 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
Unity Web Player (HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Wheel of Fortune 2 (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
WildTangent ORB Game Console (Version: - WildTangent) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WMV9/VC-1 Video Playback (Version: 1.0.60216.0728 - ATI Technologies Inc.) Hidden
Zuma's Revenge (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Marcelino_4\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Chrome\Application\41.0.2272.89\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3c333d16b2ee4af9\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Roblox\Versions\version-3c333d16b2ee4af9\RobloxProxy64.dll No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

18-03-2015 21:12:52 Windows Live Essentials
18-03-2015 21:17:43 Installed DirectX
18-03-2015 21:18:53 Installed DirectX
18-03-2015 21:19:43 Installed DirectX
18-03-2015 21:21:39 WLSetup
19-03-2015 18:19:49 Windows Update
23-03-2015 21:22:02 Windows Update
25-03-2015 08:57:41 Windows Update
28-03-2015 13:18:47 Windows Update
29-03-2015 12:22:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2013-09-20 01:49 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A88487F-F72D-427F-BA20-53DA448DBB08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1F62CF7C-34A0-49BF-800A-2B6F815B873D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3BCBB56C-2E28-46AA-873C-A8552F6718ED} - System32\Tasks\{1E7A8891-3C46-42F9-95AB-45A26EB7C014} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {3E6588A3-0607-4E0C-89C2-F540E11244D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {42B00DD9-3052-4503-AAC1-A9F0B44AE50B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000UA => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19] (Google Inc.)
Task: {60E2B6A1-A749-4E21-B494-5019D9CB7B46} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-29] (Adobe Systems Incorporated)
Task: {8408FA05-1A8C-4492-8F58-270A1E1F3E10} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {84D6A7F2-27C3-4BC0-81D9-B2A47DB7AF82} - System32\Tasks\{350D2014-51B2-42BA-8107-712178D2CF39} => Firefox.exe http://ui.skype.com/...;LastError=1618
Task: {8E1FAD92-DD51-44F7-AFDF-8CC996DC7B27} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A4532228-5D52-43D2-BB44-0CF1EAFFA133} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000Core => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19] (Google Inc.)
Task: {D008E139-F24A-4691-BE9B-73E880AD23B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {D6EE5745-5338-4B32-9EB0-26BB72DB59F1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {EE51F9FA-41C5-4884-9033-7BDDE70184EF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {F2DC691B-8F7A-4F89-9B9B-EBA4623100C8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000Core.job => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753955863-2307342207-4068506165-1000UA.job => C:\Users\Marcelino_4\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-27 18:13 - 2006-06-15 05:04 - 00040960 _____ () C:\windows\System32\DLPRMON.DLL
2014-04-27 18:12 - 2006-06-15 05:28 - 00012288 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2014-04-27 18:12 - 2006-06-15 05:01 - 00032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2014-04-27 18:24 - 2006-06-29 01:00 - 00114688 _____ () C:\windows\system32\spool\PRTPROCS\W32X86\dlcxdrpp.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-04-07 19:06 - 2010-04-07 19:06 - 09487672 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 17:14 - 2010-03-03 17:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:14 - 2010-03-03 17:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-03-02 21:54 - 2009-06-22 18:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 14:07 - 2009-07-25 14:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-02-16 10:25 - 2011-02-16 10:25 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-10-19 17:15 - 2010-10-19 17:15 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-27 18:14 - 2006-06-14 07:51 - 00286720 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
2014-04-27 18:14 - 2006-06-14 07:50 - 00278528 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll
2014-04-27 18:14 - 2006-05-29 03:49 - 00073728 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxcfg.dll
2014-04-27 18:14 - 2006-02-20 11:08 - 00143360 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll
2014-04-27 18:14 - 2006-06-27 06:34 - 00299008 _____ () C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
2010-02-05 20:40 - 2010-02-05 20:40 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcelino_4\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3753955863-2307342207-4068506165-500 - Administrator - Disabled)
Guest (S-1-5-21-3753955863-2307342207-4068506165-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3753955863-2307342207-4068506165-1002 - Limited - Enabled)
Marcelino_4 (S-1-5-21-3753955863-2307342207-4068506165-1000 - Administrator - Enabled) => C:\Users\Marcelino_4

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 08:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2761

Error: (03/28/2015 08:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2761

Error: (03/28/2015 08:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 08:51:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (03/28/2015 08:51:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (03/28/2015 08:51:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 08:21:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8455

Error: (03/28/2015 08:21:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8455

Error: (03/28/2015 05:48:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 05:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7457

System errors:
=============
Error: (03/29/2015 11:21:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/29/2015 11:21:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/29/2015 11:20:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/29/2015 11:19:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/29/2015 11:11:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/29/2015 11:11:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:05:31 AM on ‎29/‎03/‎2015 was unexpected.

Error: (03/29/2015 10:55:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/29/2015 10:55:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:53:48 AM on ‎29/‎03/‎2015 was unexpected.

Error: (03/28/2015 03:40:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.

Error: (03/28/2015 03:40:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

Microsoft Office Sessions:
=========================
Error: (03/28/2015 08:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2761

Error: (03/28/2015 08:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2761

Error: (03/28/2015 08:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 08:51:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (03/28/2015 08:51:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (03/28/2015 08:51:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 08:21:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8455

Error: (03/28/2015 08:21:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8455

Error: (03/28/2015 05:48:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 05:48:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7457

==================== Memory info ===========================

Processor: AMD C-50 Processor
Percentage of memory in use: 44%
Total physical RAM: 2662.87 MB
Available physical RAM: 1476.5 MB
Total Pagefile: 5324.03 MB
Available Pagefile: 3790 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.29 MB

==================== Drives ================================

Drive c: (S3A8665D005) (Fixed) (Total:270.72 GB) (Free:67.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: AD30EA02)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=270.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.6 GB) - (Type=17)
Partition 4: (Not Active) - (Size=9.3 GB) - (Type=17)

==================== End Of Log ============================

Thanks again for your help!! I really appreciate this.

Jing

#4
zep516

Posted 29 March 2015 - 12:33 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

I have also noticed in your log file you are using µTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?p...97DHP&dt=071313
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {2DA625FF-EA50-47FA-A8A4-A88C6A01421A} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SelectedSearchEngine: Vosteran
FF Homepage: https://www.google.c...HABg&gws_rd=ssl
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post;
1- Fixlog.txt, That log will be found on desktop after fix is run.

Thanks
Joe

#5
Jing2x

Posted 29 March 2015 - 02:01 PM

Member

Topic Starter
Member
23 posts

Hello,

I have also noticed in your log file you are using µTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?p...97DHP&dt=071313
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {2DA625FF-EA50-47FA-A8A4-A88C6A01421A} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SelectedSearchEngine: Vosteran
FF Homepage: https://www.google.c...HABg&gws_rd=ssl
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post;
1- Fixlog.txt, That log will be found on desktop after fix is run.

Thanks
Joe

Thanks Joe..here's the log you requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Marcelino_4 at 2015-03-29 14:43:17 Run:1
Running from C:\Users\Marcelino_4\Desktop
Loaded Profiles: Marcelino_4 (Available profiles: Marcelino_4)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?p...97DHP&dt=071313
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {2DA625FF-EA50-47FA-A8A4-A88C6A01421A} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF SelectedSearchEngine: Vosteran
FF Homepage: https://www.google.c...HABg&gws_rd=ssl
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2DA625FF-EA50-47FA-A8A4-A88C6A01421A}" => Key deleted successfully.
HKCR\CLSID\{2DA625FF-EA50-47FA-A8A4-A88C6A01421A} => Key not found.
"HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
"HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
"HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 172.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:44:29 ====

#6
Jing2x

Posted 29 March 2015 - 02:03 PM

Member

Topic Starter
Member
23 posts

Thanks Joe..here's the log you resquested:

#7
Jing2x

Posted 29 March 2015 - 02:08 PM

Member

Topic Starter
Member
23 posts

Hello,

I have also noticed in your log file you are using µTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?p...97DHP&dt=071313
HKU\S-1-5-21-3753955863-2307342207-4068506165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {2DA625FF-EA50-47FA-A8A4-A88C6A01421A} URL = http://ca.search.yah...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://Vosteran.com/...r=649854237&ir=
SearchScopes: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SelectedSearchEngine: Vosteran
FF Homepage: https://www.google.c...HABg&gws_rd=ssl
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-3753955863-2307342207-4068506165-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcelino_4\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post;
1- Fixlog.txt, That log will be found on desktop after fix is run.

Thanks
Joe

Thanks Joe..here is the log you requested.

#8
zep516

Posted 29 March 2015 - 02:23 PM

Trusted Helper

Malware Removal
8,090 posts

Test posting

#9
Jing2x

Posted 29 March 2015 - 02:56 PM

Member

Topic Starter
Member
23 posts

Test posting

Thanks Joe..here's the log you requested.

#10
zep516

Posted 29 March 2015 - 03:06 PM

Trusted Helper

Malware Removal
8,090 posts

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
- The AdwCleaner [SO].txt Log
- The JRT.txt Log
Thanks
Joe

#11
Jing2x

Posted 29 March 2015 - 06:54 PM

Member

Topic Starter
Member
23 posts

Hi Joe,

Below are the logs that you requested. Thanks again.

# AdwCleaner v4.200 - Logfile created 29/03/2015 at 19:32:33
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Marcelino_4 - ONEALMAR
# Running from : C:\Users\Marcelino_4\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[suikxs6e.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1[...]
[suikxs6e.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1[...]
[suikxs6e.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0[...]

-\\ Google Chrome v

[C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1BtN1L1G1B1V1N2Y1L1Qzu2SyBtA0Dzz0CtAzz0EtGyEtCtC0BtGyCtD0ByCtG0D0DtAyCtGyCyBzyyB0ByD0AyEtAtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAyD0A0FtC0BtGtByBtDtAtGyE0BtAzztGzy0ByBzztG0FtCyByCtByB0C0CyD0E0CtC2Q&cr=649854237&ir=
[C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://Vosteran.com/?f=1&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1BtN1L1G1B1V1N2Y1L1Qzu2SyBtA0Dzz0CtAzz0EtGyEtCtC0BtGyCtD0ByCtG0D0DtAyCtGyCyBzyyB0ByD0AyEtAtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAyD0A0FtC0BtGtByBtDtAtGyE0BtAzztGzy0ByBzztG0FtCyByCtByB0C0CyD0E0CtC2Q&cr=649854237&ir=
[C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://Vosteran.com/?f=7&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1BtN1L1G1B1V1N2Y1L1Qzu2SyBtA0Dzz0CtAzz0EtGyEtCtC0BtGyCtD0ByCtG0D0DtAyCtGyCyBzyyB0ByD0AyEtAtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAyD0A0FtC0BtGtByBtDtAtGyE0BtAzztGzy0ByBzztG0FtCyByCtByB0C0CyD0E0CtC2Q&cr=649854237&ir=
[C:\Users\Marcelino_4\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtFtDtN1L1Czu0C0I0S0V0E0R1V1BtN1L1G1B1V1N2Y1L1Qzu2SyBtA0Dzz0CtAzz0EtGyEtCtC0BtGyCtD0ByCtG0D0DtAyCtGyCyBzyyB0ByD0AyEtAtCzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAyD0A0FtC0BtGtByBtDtAtGyE0BtAzztGzy0ByBzztG0FtCyByCtByB0C0CyD0E0CtC2Q&cr=649854237&ir=

*************************

AdwCleaner[R1].txt - [4204 bytes] - [29/03/2015 19:21:34]
AdwCleaner[S1].txt - [4182 bytes] - [29/03/2015 19:32:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4241 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Home Premium x86
Ran by Marcelino_4 on Sun 03/29/2015 at 19:38:33.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm startup
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\isusscheduler

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Marcelino_4\AppData\Roaming\mozilla\firefox\profiles\suikxs6e.default\prefs.js

user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyCtF
user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtFyC
user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_aw_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyD0CyB0D0BtDyDyBtCtCtN0D0Tzu0StCtDyCtAtN1L2XzutAtFyCtF
Emptied folder: C:\Users\Marcelino_4\AppData\Roaming\mozilla\firefox\profiles\suikxs6e.default\minidumps [94 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/29/2015 at 19:49:20.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12
zep516

Posted 29 March 2015 - 07:38 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

You have Malwarebytes installed can you please run a scan and post a log file from Malwarebytes.

Thanks
Joe

#13
Jing2x

Posted 29 March 2015 - 07:43 PM

Member

Topic Starter
Member
23 posts

Hello,

You have Malwarebytes installed can you please run a scan and post a log file from Malwarebytes.

Thanks
Joe

Hi Joe,

Did you want me to run a full scan or a quick scan?

Thanks,

Jing

#14
zep516

Posted 29 March 2015 - 07:54 PM

Trusted Helper

Malware Removal
8,090 posts

Quick scan

#15
Jing2x

Posted 29 March 2015 - 10:33 PM

Member

Topic Starter
Member
23 posts

Hello,

You have Malwarebytes installed can you please run a scan and post a log file from Malwarebytes.

Thanks
Joe

Hi Joe,

Did you want me to run a full scan or a quick scan?

Thanks,

Jing

Hello Joe,

Here is the result of the malware scan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2015
Scan Time: 9:57:30 PM
Logfile: mal log.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.30.01
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Marcelino_4

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358891
Time Elapsed: 58 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 3/29/2015 2:46:16 PM, SYSTEM, ONEALMAR, Protection, IsLicensed, 13,
Protection, 3/29/2015 2:46:16 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopping,
Protection, 3/29/2015 2:46:16 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopped,
Error, 3/29/2015 7:34:05 PM, SYSTEM, ONEALMAR, Protection, IsLicensed, 13,
Protection, 3/29/2015 7:34:05 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopping,
Protection, 3/29/2015 7:34:05 PM, SYSTEM, ONEALMAR, Protection, Malware Protection, Stopped,
Update, 3/29/2015 8:42:29 PM, SYSTEM, ONEALMAR, Manual, Rootkit Database, 2015.2.25.1, 2015.3.26.1,
Update, 3/29/2015 8:43:52 PM, SYSTEM, ONEALMAR, Manual, Malware Database, 2015.3.9.5, 2015.3.30.1,
Scan, 3/29/2015 9:56:59 PM, SYSTEM, ONEALMAR, Manual, Start:3/29/2015 9:47:22 PM, Duration:9 min 37 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections,
Scan, 3/29/2015 10:55:56 PM, SYSTEM, ONEALMAR, Manual, Start:3/29/2015 9:57:30 PM, Duration:58 min 25 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2015
Scan Time: 9:47:22 PM
Logfile: mal log 3.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.30.01
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Marcelino_4

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 49749
Time Elapsed: 9 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)