Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

my computer is infected [Closed]

Started by shaz , Aug 11 2015 03:54 AM

virus win7 toshibalaptop malware

This topic is locked

#1
shaz

Posted 11 August 2015 - 03:54 AM

Member

Member
147 posts

Hi, I think my computer has been infected..everything was running fine, up until 3 days ago...I watch a lot of Netflix and now its almost impossible to watch cos of constant buffering, and in some cases, the movie is just a total fail....I have run my normal antivirus (avast) which comes up with 0 results..I used the adw cleaner and ccleaner....also ive gone and downloaded the malwarebytes software but haven't used it as of it......I use google chrome and after trying the different cleaners, nothing much had changed, actually my laptop started to run even slower, not just with online movies but any site I try to pull up so I thot I wud try firefox, and that seemed to work ok for a bit but then same thing started happening, I was getting a lot of buffering and pages started loading slow or not load at all....so now ive turned to using I.E...haven't tried watching any movies from it, just using it now to try resolve problems with pc and be able to come visit this site with my problems...I d/l that frst program and ran the scan so will post the notes here....hope ive been somewhat informative and you guys can help me out

Cheers

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-08-2015
Ran by sharon (administrator) on LASTXP22 (11-08-2015 18:11:57)
Running from C:\Users\sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRN2FME5
Loaded Profiles: sharon (Available Profiles: sharon)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
(Dropbox, Inc.) C:\Users\sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742712 2010-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [30040 2010-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-05] (Avast Software s.r.o.)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [1626240 2015-07-23] (Hola Networks Ltd.)
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\Run: [Dropbox Update] => C:\Users\sharon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\MountPoints2: {69b90171-35cf-11e1-9717-0016dd132787} - autorun.exe
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\MountPoints2: {957305a1-a51e-11e0-8667-00266c865173} - E:\AutoRun.exe
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\MountPoints2: {c41f80a1-665d-11e1-a0e0-0016dd132787} - E:\AutoRun.exe
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\MountPoints2: {c41f80ae-665d-11e1-a0e0-0016dd132787} - E:\AutoRun.exe
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\MountPoints2: {e76e1bc8-2eeb-11e0-82e1-00266c865173} - E:\WIN\setup.exe
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\MountPoints2: {f2f7b9d2-e5d4-11e2-9850-0016dd132787} - E:\LGAutoRun.exe
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\MountPoints2: {fc4a0471-2bf2-11e0-86d6-00266c865173} - E:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-22] (Microsoft Corporation)
Startup: C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-03] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2011-08-05] (SmartSoft Ltd.)
CHR HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004 -> {3D41F773-C2A2-4541-8F58-DF94FA1311D3} URL = http://search.yahoo....&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004 -> {E5AF4E5C-7449-41BC-AF0A-298BA0217703} URL = http://au.search.yah...&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-28] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-03] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-03] (<TOSHIBA>)
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0D3E7034-3953-465F-96FC-419D500D1F3E}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{4898F6A2-6BA8-47CA-8232-59779CB23BD5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{559E228B-C392-48BD-B761-1A3863F398D8}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58335CA9-FA95-475C-B183-FC69CD05157B}: [DhcpNameServer] 211.29.132.12 198.142.0.51
Tcpip\..\Interfaces\{F4159DB1-8BE2-4178-9248-53AC662157B9}: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF ProfilePath: C:\Users\sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uk8tw8m8.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1:
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-07-11] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-28] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\sharon\AppData\Local\Hola\firefox_hola\app\vlc [2015-08-10] ()
FF Plugin HKU\S-1-5-21-3894173187-2114546848-3451514324-1004: @hola.org/vlc,version=1.8.369 -> C:\Users\sharon\AppData\Local\Hola\firefox\app\vlc [2015-08-10] ()
FF Plugin HKU\S-1-5-21-3894173187-2114546848-3451514324-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\sharon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-07-05] (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-03-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-12-12]

Chrome:
=======
CHR Profile: C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-09]
CHR Extension: (Google Search) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-09]
CHR Extension: (Easy Youtube Video Downloader) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem [2012-07-19]
CHR Extension: (AdBlock) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-04-09]
CHR Extension: (Gmail) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-09]
CHR Profile: C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]
CHR Extension: (Google Docs) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]
CHR Extension: (Google Drive) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-21]
CHR Extension: (YouTube) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]
CHR Extension: (Google Search) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-01-21]
CHR Extension: (Gmail) - C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-03]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-03] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-07-11] (WildTangent)
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [6718080 2015-07-23] (Hola Networks Ltd.)
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [6727112 2015-06-24] (Hola Networks Ltd.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24144 2015-06-03] ()
R1 aswKbd; C:\windows\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [74976 2015-06-03] (Avast Software s.r.o.)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81728 2015-06-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49904 2015-06-03] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787760 2015-06-03] (Avast Software s.r.o.)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [428120 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [106912 2015-06-03] (Avast Software s.r.o.)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [209048 2015-06-03] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-08-15] (AVG Technologies)
R2 AVWEBCAM; C:\windows\System32\DRIVERS\avwebcam.sys [13696 2008-01-11] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2015-08-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S3 NPF; C:\windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 paeusbaudio; C:\windows\System32\DRIVERS\paeusbaudio.sys [200704 2014-03-04] () [File not signed]
S3 paeusbaudiodsp; C:\windows\System32\DRIVERS\paeusbaudiodsp.sys [51712 2014-03-11] () [File not signed]
S3 paeusbaudioks; C:\windows\System32\DRIVERS\paeusbaudioks.sys [34816 2014-03-04] () [File not signed]
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
S3 qcusbser; C:\windows\System32\DRIVERS\qcusbser.sys [103552 2010-07-28] (TCT International Mobile Ltd)
R0 SCMNdisP; C:\windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
R3 SCREAMINGBDRIVER; C:\windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-02] (Screaming Bee LLC)
S3 swiwdmbus; C:\windows\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-22] (Sierra Wireless Inc.) [File not signed]
S3 SWNC8UA3; C:\windows\System32\DRIVERS\swnc8ua3.sys [201088 2010-06-22] (Sierra Wireless Inc.) [File not signed]
S3 SWUMXA3; C:\windows\System32\DRIVERS\swumxa3.sys [156544 2010-06-22] (Sierra Wireless Inc.) [File not signed]
S3 taphss; C:\windows\System32\DRIVERS\taphss.sys [32768 2011-05-25] (AnchorFree Inc)
S3 VCam_WDM; C:\windows\System32\DRIVERS\VCam_WDM.sys [104376 2011-02-03] (e2eSoft)
R3 VCSVADHWSer; C:\windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-27] (Avnex)
R2 WebCamHelper; C:\Program Files\AV WebCam Morpher\WebCamHelper.sys [2688 2008-08-18] () [File not signed]
S3 Xponaut_WBD; C:\windows\System32\drivers\xpntwbd.sys [13184 2007-01-19] (Xponaut)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 Tosrfcom; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 18:08 - 2015-08-11 18:12 - 00000000 ____D C:\FRST
2015-08-11 17:53 - 2015-08-11 18:00 - 00000454 _____ C:\windows\Tasks\MyTurboPC.com Registration3.job
2015-08-11 17:53 - 2015-08-11 17:53 - 00000000 ____D C:\Users\sharon\AppData\Roaming\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00001093 _____ C:\Users\sharon\Desktop\MyTurboPC.lnk
2015-08-11 17:52 - 2015-08-11 17:52 - 00000529 _____ C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000418 _____ C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000418 _____ C:\windows\Tasks\MyTurboPC.com Update3.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000410 _____ C:\windows\Tasks\MyTurboPC Startup.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\ProgramData\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Program Files\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Program Files\Common Files\MyTurboPC.com
2015-08-10 23:55 - 2015-08-10 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-10 23:54 - 2015-06-03 23:09 - 00291312 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-08-10 23:52 - 2015-08-10 23:52 - 00000000 ____D C:\Hola
2015-08-10 18:19 - 2015-08-10 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-10 17:30 - 2015-08-10 17:33 - 00005958 _____ C:\Users\sharon\Desktop\clean start.txt
2015-07-30 15:20 - 2015-07-30 15:20 - 00000000 ____D C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-23 11:04 - 2015-07-23 11:04 - 00000000 ____D C:\ProgramData\BlueStacks
2015-07-19 21:07 - 2015-07-19 21:07 - 00147480 _____ C:\windows\Minidump\071915-26676-01.dmp
2015-07-19 21:06 - 2015-07-19 21:06 - 254160646 _____ C:\windows\MEMORY.DMP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 18:09 - 2015-06-17 19:58 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004UA.job
2015-08-11 18:09 - 2009-07-14 14:34 - 00016624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-11 18:09 - 2009-07-14 14:34 - 00016624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-11 17:55 - 2013-02-19 09:33 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-11 17:51 - 2012-02-10 20:41 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004UA.job
2015-08-11 17:41 - 2015-03-11 23:59 - 00000000 ___RD C:\Users\sharon\Dropbox
2015-08-11 17:41 - 2015-03-11 23:50 - 00000000 ____D C:\Users\sharon\AppData\Roaming\Dropbox
2015-08-11 17:41 - 2013-06-03 23:20 - 00000350 _____ C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-08-11 17:41 - 2011-08-14 11:39 - 01307057 _____ C:\windows\WindowsUpdate.log
2015-08-11 17:41 - 2011-02-11 13:56 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2015-08-11 17:41 - 2011-01-30 10:02 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 17:38 - 2012-06-05 02:25 - 00065536 _____ C:\windows\system32\Ikeext.etl
2015-08-11 17:38 - 2011-09-17 00:55 - 00000490 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-08-11 17:37 - 2014-12-05 20:57 - 00151172 _____ C:\windows\PFRO.log
2015-08-11 17:37 - 2014-12-05 20:57 - 00014614 _____ C:\windows\setupact.log
2015-08-11 17:37 - 2012-09-22 02:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-11 17:37 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-11 00:54 - 2011-02-12 15:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-11 00:18 - 2011-01-30 10:02 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 23:55 - 2015-06-03 23:10 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-10 23:52 - 2015-06-19 00:16 - 00000000 ____D C:\Program Files\Hola
2015-08-10 23:52 - 2011-01-30 07:59 - 00000000 ____D C:\Users\sharon
2015-08-10 23:51 - 2014-05-16 17:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-10 23:50 - 2015-06-19 00:18 - 00000000 ____D C:\Users\sharon\AppData\Local\Hola
2015-08-10 23:50 - 2015-06-19 00:17 - 00000000 ____D C:\Users\sharon\AppData\Roaming\Hola
2015-08-10 23:50 - 2014-05-16 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-10 23:50 - 2013-07-25 17:30 - 00000000 ____D C:\Users\sharon\AppData\Roaming\PhotoScape
2015-08-10 23:50 - 2011-08-14 11:16 - 00000000 ____D C:\Program Files\CCleaner
2015-08-10 23:50 - 2011-06-20 20:51 - 00000000 ____D C:\ProgramData\EmailNotifier
2015-08-10 23:50 - 2011-04-04 14:21 - 00000000 ____D C:\windows\Minidump
2015-08-10 23:50 - 2011-02-11 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-08-10 23:50 - 2011-02-11 13:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-08-10 23:50 - 2011-01-31 07:01 - 00000000 ____D C:\Users\sharon\AppData\Roaming\BitTorrent
2015-08-10 23:50 - 2009-07-14 12:37 - 00000000 ____D C:\windows\system32\wfp
2015-08-10 23:50 - 2009-07-14 12:37 - 00000000 ____D C:\windows\registration
2015-08-10 23:50 - 2009-07-14 12:37 - 00000000 ____D C:\windows\AppCompat
2015-08-10 23:06 - 2011-02-08 03:29 - 00000000 ____D C:\Users\sharon\AppData\Local\CrashDumps
2015-08-10 21:49 - 2014-12-06 14:24 - 00000000 ____D C:\AdwCleaner
2015-08-10 18:22 - 2010-07-12 16:22 - 00000000 ____D C:\windows\Panther
2015-08-06 22:09 - 2015-06-17 19:58 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004Core.job
2015-08-06 08:51 - 2012-02-10 20:41 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004Core.job
2015-08-05 00:00 - 2010-07-12 16:04 - 00862232 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-23 11:03 - 2012-05-17 16:43 - 00000000 ____D C:\Program Files\WildTangent Games
2015-07-16 01:08 - 2011-01-30 14:27 - 00000000 ____D C:\Users\sharon\AppData\Roaming\Skype
2015-07-16 00:55 - 2013-02-19 09:33 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-07-16 00:55 - 2011-06-04 18:16 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 11:14 - 2014-06-19 21:42 - 00001971 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-15 11:14 - 2014-06-19 21:42 - 00001969 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-15 11:14 - 2014-06-19 21:42 - 00001959 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-15 11:14 - 2014-06-19 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-05-16 17:09 - 2014-05-16 17:09 - 0016384 _____ () C:\Users\sharon\AppData\Roaming\HelloWorld2.exe
2015-08-11 17:53 - 2015-08-11 18:06 - 0000115 _____ () C:\Users\sharon\AppData\Roaming\LogFile.txt
2011-04-15 15:07 - 2011-01-04 10:26 - 0076407 _____ () C:\Users\sharon\AppData\Roaming\Smiley.ico
2011-01-30 08:29 - 2013-02-10 12:58 - 0000000 _____ () C:\Users\sharon\AppData\Roaming\WGC_Client Preferences
2011-07-10 03:36 - 2012-07-15 19:11 - 0003584 _____ () C:\Users\sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 08:57 - 2012-12-01 08:57 - 0027520 _____ () C:\Users\sharon\AppData\Local\dt.dat
2015-04-03 13:04 - 2015-04-03 13:04 - 0000875 _____ () C:\Users\sharon\AppData\Local\recently-used.xbel
2011-04-28 14:55 - 2011-04-28 14:55 - 0005082 _____ () C:\ProgramData\ojobkspa.ako

Some files in TEMP:
====================
C:\Users\sharon\AppData\Local\Temp\acbrznxu.dll
C:\Users\sharon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1sijgh.dll
C:\Users\sharon\AppData\Local\Temp\Hola-Setup-Plugin-1.8.328.exe
C:\Users\sharon\AppData\Local\Temp\Hola-Setup-Plugin-1.8.369.exe
C:\Users\sharon\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\sharon\AppData\Local\Temp\Quarantine.exe
C:\Users\sharon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sharon\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-02 03:27

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-08-2015
Ran by sharon (2015-08-11 18:13:36)
Running from C:\Users\sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRN2FME5
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3894173187-2114546848-3451514324-500 - Administrator - Disabled)
Guest (S-1-5-21-3894173187-2114546848-3451514324-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3894173187-2114546848-3451514324-1010 - Limited - Enabled)
sharon (S-1-5-21-3894173187-2114546848-3451514324-1004 - Administrator - Enabled) => C:\Users\sharon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.21 (HKLM\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Amazon Kindle For PC v1.1 (HKLM\...\Amazon Kindle For PC) (Version: - )
Ancient Tripeaks (Version: 2.2.0.95 - WildTangent) Hidden
Any Video Converter 3.2.2 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AV WebCam Morpher 2.0 (HKLM\...\AV WebCam Morpher 2.0) (Version: 2.0.41 - Avnex Ltd.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
avast! EasyPass (HKLM\...\AI RoboForm) (Version: 7-7-8-128 - AVAST Software)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
Bejeweled 2 Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.0 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.40.00(T) - TOSHIBA CORPORATION)
Build-a-lot 2 (Version: 2.2.0.95 - WildTangent) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
Christmas and New Year Frames Pack (HKLM\...\Christmas and New Year Frames Pack) (Version: 1.0 - PowerOfSoftware Ltd.)
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
Empty Temp Folders 2.8.3 (HKLM\...\Empty Temp Folders 2.8.3) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (Version: 2.2.0.95 - WildTangent) Hidden
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 4.70 - Philipp Winterberg)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hola™ 1.8.747 - Better Internet (HKLM\...\Hola) (Version: 1.8.747 - Hola Networks Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest - Heritage (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
ManyCam 2.6.60 (remove only) (HKLM\...\ManyCam) (Version: 2.6.60 - ManyCam LLC)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MorphVOX Junior (HKLM\...\{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}) (Version: 2.7.5 - Screaming Bee)
MorphVOX Pro (HKLM\...\{2D7CF073-6583-464A-84D4-F86DE59DCA42}) (Version: 4.4.8 - Screaming Bee)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyTurboPC (HKLM\...\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}) (Version: 3.2.15.0 - MyTurboPC.com)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Norton Internet Security (Version: 17.5.0.127 - Symantec Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photo Pos Pro (HKLM\...\Photo Pos Pro) (Version: 1.89.5 - PowerOfSoftware Ltd.)
Photo Pos Pro Collage Templates Pack (HKLM\...\Photo Pos Pro Collage Templates Pack) (Version: 1.0 - PowerOfSoftware Ltd.)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Plants vs. Zombies (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
SAGEM F@st 1201 (HKLM\...\{C5F1D23A-5282-467D-B0DA-B0D6F661D587}) (Version: 1.00.000 - SAGEM)
SHG Installation (HKLM\...\{5D906048-02D2-4309-BAFA-FC94B6CE88C2}) (Version: 1.4.51 - SafeHarborGames.net)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{D422F022-98BB-4ED9-B40A-37C74F1BBADB}) (Version: 4.0.1209.0 - SmartSoft Ltd.)
Smilebox (HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.13 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}) (Version: 1.6.07.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.3 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}) (Version: 1.6.06.32 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Wheel of Fortune 2 (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.15 - WildTangent)
WildTangent Games App (Toshiba Games) (Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101) (HKLM\...\94703D1C50646DF5FB8D0FB50EB2216330EB89C9) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327) (HKLM\...\3B7076EB3C51070DE9D6902E9696507D9B471345) (Version: 03/27/2006 5.1213.06.0327 - NETGEAR Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 5.11 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
WinZip 15.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9510 - WinZip Computing, S.L. )
Word Symphony (Version: 2.2.0.95 - WildTangent) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
Zuma's Revenge (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\xvid.ax ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\MP3Writer.dll ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\sharon\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\xvid.ax ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{7CE55CCC-403E-4A29-8281-BF8542A0C37D}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\QTSourcePXT.dll (MediaLooks Company)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\sharon\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\MP3Encoder.dll ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{B46CB06F-17AE-11DD-8072-00508DEB8300}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\flixsdk.dll ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{C4456CCB-0BB2-44CB-B82D-296FF267FB8A}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\QTSourcePXT.dll (MediaLooks Company)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\sharon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\sharon\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\sharon\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-08-2015 01:00:50 Scheduled Checkpoint
10-08-2015 23:42:32 Restore Operation
10-08-2015 23:52:38 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2014-12-05 20:55 - 00000000 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1719C331-DA90-47CF-B222-7A8E0E96B13E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-10] (Avast Software s.r.o.)
Task: {2DAACBC3-C415-4270-B22E-826E5A2CEF92} - System32\Tasks\{FCB3088E-BD9E-4DF2-A831-24206DCA6121} => Firefox.exe http://ui.skype.com/...ffered;disabled
Task: {4B5B209A-A709-40A0-B228-9E3E9470633F} - System32\Tasks\{C95CA9DE-CE5D-422E-A2C5-841166782CFF} => pcalua.exe -a C:\Users\sharon\Downloads\VP-Male_Install-1.exe -d C:\Users\sharon\Downloads
Task: {4E24C537-3D83-43BF-B032-36E94649E0E7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004UA => C:\Users\sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {4E32F1F0-CC4C-4184-8751-748F6766B9F1} - System32\Tasks\MyTurboPC.com Update3_triggeronce => c:\program files\common files\myturbopc.com\uus3\Update3.exe [2015-01-06] (MyTurboPC.com)
Task: {71DCB72A-26D8-4FB6-9023-D040694CF3AD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {8518A107-F4CB-44A5-8F89-5061E584904E} - System32\Tasks\{6F2179C1-1BD8-4F3F-B271-26D3A7FF5B2B} => pcalua.exe -a "C:\Users\sharon\Downloads\Facebook Password Finder V3.08.exe" -d C:\Users\sharon\Downloads
Task: {8B120285-6186-43D4-A1C1-39655570F375} - System32\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787 => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe [2015-01-06] (MyTurboPC.com) <==== ATTENTION
Task: {8D31B0E2-6AE8-43F2-8A7B-27F35EDD780F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {8F2919A0-F3A6-42F0-A79B-F2359A9391A3} - System32\Tasks\MyTurboPC.com Registration3 => Rundll32.exe "C:\Program Files\Common Files\MyTurboPC.com\UUS3\UUS3.dll" RunUns
Task: {9FFAED33-926B-49AB-926D-A478C222963F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004Core => C:\Users\sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {A1401892-0EF7-4630-A1EF-5610CB776EF4} - System32\Tasks\{1ACE554A-5698-4CE3-8C2A-ACD82369FED8} => pcalua.exe -a "C:\Users\sharon\Downloads\Facebook Password Finder V3.08.exe" -d C:\Users\sharon\Downloads
Task: {A69EDBA1-401D-4BC9-8E49-3C1464AA9378} - System32\Tasks\{1C2AEC05-EB60-42DB-BE09-29A1889D07D6} => pcalua.exe -a C:\PROGRA~1\BITTOR~2\UNWISE.EXE -c /U C:\PROGRA~1\BITTOR~2\INSTALL.LOG
Task: {B9DF2620-23D3-45FA-8FD3-1A8A48A8B043} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {BA28D786-4303-4025-A5A8-32DCC38B24F1} - System32\Tasks\MyTurboPC.com Update3 => c:\program files\common files\myturbopc.com\uus3\Update3.exe [2015-01-06] (MyTurboPC.com)
Task: {C7D38D04-732D-4950-9937-7B6E58D298B7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004UA => C:\Users\sharon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {CB22A0E0-E970-4076-AB6F-4F0ABA061A32} - System32\Tasks\MyTurboPC Startup => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe [2015-01-06] (MyTurboPC.com)
Task: {DD2FBE34-FEF5-4F8B-943B-566D1A27C6E4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{702DC99D-00A2-43E8-A1F5-F0470C991E6E}.exe
Task: {F837619E-352B-4B1D-BB32-B2E25110D15C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-23] (TOSHIBA CORPORATION)
Task: {FE6532BD-E647-4EF0-A28F-B9213DCA5315} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004Core => C:\Users\sharon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{702DC99D-00A2-43E8-A1F5-F0470C991E6E}.exe <==== ATTENTION
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004Core.job => C:\Users\sharon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004UA.job => C:\Users\sharon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004Core.job => C:\Users\sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3894173187-2114546848-3451514324-1004UA.job => C:\Users\sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MyTurboPC Startup.job => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe2C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe
Task: C:\windows\Tasks\MyTurboPC.com Registration3.job => C:\windows\system32\rundll32.exeCC:\Program Files\Common Files\MyTurboPC.com\UUS3\UUS3.dll RunUns1C:\Program Files\Common Files\MyTurboPC.com
Task: C:\windows\Tasks\MyTurboPC.com Update3.job => c:\program files\common files\myturbopc.com\uus3\Update3.exe1c:\program files\common files\myturbopc.com\uus3sharonMyTurboPC.com
Task: C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job => c:\program files\common files\myturbopc.com\uus3\Update3.exe1c:\program files\common files\myturbopc.com\uus3sharonMyTurboPC.com
Task: C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe2 /schedule:F97FF270-3FFD-11E5-9243-0016DD132787 C:\Program Files\MyTurboPC.com <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-06-03 23:09 - 2015-06-03 23:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-03 23:09 - 2015-06-03 23:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-10 23:57 - 2015-08-10 23:57 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15081002\algo.dll
2015-08-11 17:38 - 2015-08-11 17:38 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15081003\algo.dll
2013-05-02 20:17 - 2001-10-28 16:42 - 00116224 _____ () C:\windows\System32\pdfcmnnt.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-04 07:14 - 2010-03-04 07:14 - 08783160 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-04 06:26 - 2009-11-04 06:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 07:14 - 2010-03-04 07:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 07:14 - 2010-03-04 07:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-07-12 15:53 - 2009-06-23 08:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-13 12:08 - 2009-03-13 12:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 04:07 - 2009-07-26 04:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2015-06-03 23:09 - 2015-06-03 23:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-11 17:41 - 2015-08-11 17:41 - 00071168 _____ () c:\users\sharon\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1sijgh.dll
2015-07-30 15:20 - 2015-07-17 10:31 - 00012800 _____ () C:\Users\sharon\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-30 15:20 - 2015-07-17 10:31 - 00779776 _____ () C:\Users\sharon\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 15:20 - 2015-07-17 10:31 - 00056320 _____ () C:\Users\sharon\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-30 15:20 - 2015-07-17 10:31 - 00012288 _____ () C:\Users\sharon\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\hola.org -> hxxp://hola.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk => C:\windows\pss\Microsoft SharePoint Workspace.lnk.Startup
MSCONFIG\startupfolder: C:^Users^sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bing Bar => "C:\Program Files\MSN Toolbar\Platform\5.0.1407.0\mswinext.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EPSON TX110 Series => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE /FU "C:\windows\TEMP\E_S2365.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON TX110 Series (Copy 1) => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBP.EXE /FU "C:\windows\TEMP\E_S2348.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Users\sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoboForm => "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5463394-0B7A-439E-A064-3ED16714E5A4}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3113AC7F-9448-4D3D-BB7A-562FB3B348AE}] => (Allow) svchost.exe
FirewallRules: [{6DA1A55F-45E7-425E-A584-D411670043E9}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{24F592D1-4F0D-462A-B87D-7D371849B3D9}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{C43D9A13-D092-49E5-8049-3540DF6473D1}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{FB951829-3F3E-41A7-8C5D-CCB629060EDB}] => (Allow) LPort=10255
FirewallRules: [{2D3550F4-78D8-44F0-95A2-81443FE54484}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{6AF4C7AB-E72E-4E17-A6CF-7D94D33D7C52}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{5E375AEE-D4E3-4DE8-B0E7-2711671A25DD}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2F6A0FB4-9E21-439D-868D-AA10D3C33FB5}] => (Allow) C:\Program Files\SafeHarborGames.net\SHG Installation\HarborGames.EXE
FirewallRules: [{B2D01B01-ED52-4F23-9E02-A0F17E3BEF2C}] => (Allow) C:\Program Files\SafeHarborGames.net\SHG Installation\HarborGames.EXE
FirewallRules: [{9B049121-E13B-44EA-8728-BB284585885C}] => (Allow) C:\Program Files\SafeHarborGames.net\SHG Installation\HarborGames.EXE
FirewallRules: [{10A31772-FC29-4C69-8ED7-CCFD38ACBF0C}] => (Allow) C:\Program Files\SafeHarborGames.net\SHG Installation\HarborGames.EXE
FirewallRules: [{ABF1D411-A0B9-4AE7-8567-A97FB35211CA}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{504C9A06-3106-4284-9467-BB968DD9EF3A}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{41525CD8-78A9-43E2-8882-92A6FE122597}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{6D33CAAB-F156-44F6-B63C-C5AC7A08AFC7}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{2D831084-9C3B-4798-87D5-12256731896A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{269BBD64-4091-45D4-AEAD-FC30431251EC}] => (Allow) LPort=2869
FirewallRules: [{CE87F161-0F5E-420C-82CD-326B4F1D3D47}] => (Allow) LPort=1900
FirewallRules: [{D05AEC68-D24A-4A6E-9C5B-B787351A9BAF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{74515605-8C38-415E-BED8-0DFB97B0716A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{79ECF8F5-8156-467D-A414-708F9F740263}C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => (Block) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [UDP Query User{BF5A4549-C6E8-4C33-B3FD-2507CD0E2EF1}C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => (Block) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [TCP Query User{915A7778-CB96-4DD9-B2B0-B96B0F58EBEA}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{B987B517-4D19-4F59-8FE3-7EB56AEA99EB}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{30CE46F3-E16D-4651-BFEF-504AB7DD130F}] => (Allow) C:\Users\sharon\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{58D339F7-CEDD-4882-9C69-66E0B04869C9}] => (Allow) LPort=22001
FirewallRules: [{2B9CE78B-8D68-4DAF-A415-1153F294E7BB}] => (Allow) C:\Users\sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F993630-F74E-4A85-A058-A37C37BF75F9}] => (Allow) C:\Users\sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{720933F7-9304-4A4B-A464-0FCEE023EC2B}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{D5682084-8B59-43B9-8106-439B0B4ECFFD}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{09016DFF-521E-427A-BB94-CD3837A8842C}] => (Allow) C:\Users\sharon\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{E38278B8-96F0-43EC-BC52-44A870005DBA}] => (Allow) C:\Users\sharon\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{A6991E9A-E580-45EC-AFA9-B9A54C09FF72}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{51443EFF-9702-4B21-AE70-78A04921877A}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{31B86358-853B-49C4-A257-ADFDF840CE20}] => (Allow) C:\Users\sharon\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{5EC603E4-FE26-4EA3-8E59-A7CC1EA43A93}] => (Allow) C:\Users\sharon\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{002D5C8F-6B4F-4069-89B1-3D8A107FE49F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9B30887F-B2A8-4974-9C0E-CA2F4C3F405C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D403D7E5-37AA-45F0-AEB4-0D62DE5889F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Telstra\Mobile Broadband Manager\SwiApiMuxX.exe] => Enabled:SwiApiMuxX

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2015 11:52:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2ee591ae-ad22-45ae-ab58-b72d7b9ed366}

Error: (08/10/2015 11:52:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0xc0000022.

Error: (08/10/2015 11:06:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1144
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/10/2015 10:37:09 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.1008 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4856. Message ID: [0x2509].

Error: (08/10/2015 10:28:43 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.1008 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4156. Message ID: [0x2509].

Error: (08/10/2015 10:19:31 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.1008 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 460. Message ID: [0x2509].

Error: (08/10/2015 09:58:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL (1).exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17c4

Start Time: 01d0d3637bcd0be8

Termination Time: 15

Application Path: C:\Users\sharon\Downloads\OTL (1).exe

Report Id: 15694a88-3f57-11e5-a459-0016dd132787

Error: (08/10/2015 09:48:44 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/10/2015 09:48:44 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/10/2015 09:48:44 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (08/10/2015 09:49:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/10/2015 09:49:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/10/2015 09:49:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/10/2015 09:49:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).

Error: (08/10/2015 09:49:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/10/2015 09:49:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/10/2015 09:49:08 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/10/2015 09:48:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/10/2015 09:48:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/10/2015 09:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office:
=========================
Error: (08/10/2015 11:52:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2ee591ae-ad22-45ae-ab58-b72d7b9ed366}

Error: (08/10/2015 11:52:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0xc0000022

Error: (08/10/2015 11:06:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd114401d0d36d4ce9b07fC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dll8ce6f203-3f60-11e5-9638-0016dd132787

Error: (08/10/2015 09:58:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL (1).exe3.2.69.017c401d0d3637bcd0be815C:\Users\sharon\Downloads\OTL (1).exe15694a88-3f57-11e5-a459-0016dd132787

Error: (08/10/2015 09:48:44 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/10/2015 09:48:44 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/10/2015 09:48:44 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 74%
Total physical RAM: 1909.86 MB
Available physical RAM: 490.29 MB
Total Virtual: 3819.72 MB
Available Virtual: 2124.46 MB

==================== Drives ================================

Drive c: (S3A8924D005) (Fixed) (Total:286.55 GB) (Free:155.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End of log ============================

#2
Essexboy

Posted 11 August 2015 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there your first priority must be to uninstall Hola http://adios-hola.org/ as it is using your bandwidth

Hola is a "peer-to-peer" VPN. This may sound nice, but what it actually means is that other people browse the web through your internet connection. To a website, it seems like it's you browsing the site.
Perhaps that doesn't seem bad to you. However, imagine that somebody uploaded child pornography through your connection, for example. To everybody else, it seems as if it was your computer that did it, and you can't really prove otherwise.
The operators of "exit nodes" for the Tor anonymity network have had similar issues. Being a Hola peer is more or less equivalent to running a Tor exit from home - something the EFF even explicitly recommends against.
And even if you can prove your innocence, you can still get raided and tangled up in a long legal process. And as a bonus, it'll use your bandwidth - not exactly desirable if you have a slow connection, or a low data cap.
This is an unfixable problem, that Hola doesn't disclose transparently. It's how Hola is designed to work, and it cannot function without it.

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
CHR HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-08-11 17:53 - 2015-08-11 18:00 - 00000454 _____ C:\windows\Tasks\MyTurboPC.com Registration3.job
2015-08-11 17:53 - 2015-08-11 17:53 - 00000000 ____D C:\Users\sharon\AppData\Roaming\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00001093 _____ C:\Users\sharon\Desktop\MyTurboPC.lnk
2015-08-11 17:52 - 2015-08-11 17:52 - 00000529 _____ C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000418 _____ C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000418 _____ C:\windows\Tasks\MyTurboPC.com Update3.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000410 _____ C:\windows\Tasks\MyTurboPC Startup.job
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\ProgramData\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Program Files\MyTurboPC.com
2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Program Files\Common Files\MyTurboPC.com
Task: {4E32F1F0-CC4C-4184-8751-748F6766B9F1} - System32\Tasks\MyTurboPC.com Update3_triggeronce => c:\program files\common files\myturbopc.com\uus3\Update3.exe [2015-01-06] (MyTurboPC.com)
Task: {8B120285-6186-43D4-A1C1-39655570F375} - System32\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787 => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe [2015-01-06] (MyTurboPC.com) <==== ATTENTION
Task: {8F2919A0-F3A6-42F0-A79B-F2359A9391A3} - System32\Tasks\MyTurboPC.com Registration3 => Rundll32.exe "C:\Program Files\Common Files\MyTurboPC.com\UUS3\UUS3.dll" RunUns
Task: {BA28D786-4303-4025-A5A8-32DCC38B24F1} - System32\Tasks\MyTurboPC.com Update3 => c:\program files\common files\myturbopc.com\uus3\Update3.exe [2015-01-06] (MyTurboPC.com)
Task: {CB22A0E0-E970-4076-AB6F-4F0ABA061A32} - System32\Tasks\MyTurboPC Startup => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe [2015-01-06] (MyTurboPC.com)
Task: {DD2FBE34-FEF5-4F8B-943B-566D1A27C6E4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{702DC99D-00A2-43E8-A1F5-F0470C991E6E}.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{702DC99D-00A2-43E8-A1F5-F0470C991E6E}.exe <==== ATTENTION
Task: C:\windows\Tasks\MyTurboPC Startup.job => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe2C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe
Task: C:\windows\Tasks\MyTurboPC.com Registration3.job => C:\windows\system32\rundll32.exeCC:\Program Files\Common Files\MyTurboPC.com\UUS3\UUS3.dll RunUns1C:\Program Files\Common Files\MyTurboPC.com
Task: C:\windows\Tasks\MyTurboPC.com Update3.job => c:\program files\common files\myturbopc.com\uus3\Update3.exe1c:\program files\common files\myturbopc.com\uus3sharonMyTurboPC.com
Task: C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job => c:\program files\common files\myturbopc.com\uus3\Update3.exe1c:\program files\common files\myturbopc.com\uus3sharonMyTurboPC.com
Task: C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe2 /schedule:F97FF270-3FFD-11E5-9243-0016DD132787 C:\Program Files\MyTurboPC.com <==== ATTENTION
IE trusted site: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\hola.org -> hxxp://hola.org
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#3
shaz

Posted 12 August 2015 - 12:43 AM

Member

Topic Starter
Member
147 posts

tks for replying

Edited by shaz, 12 August 2015 - 12:51 AM.

#4
shaz

Posted 12 August 2015 - 12:48 AM

Member

Topic Starter
Member
147 posts

hmmm. i posted then looks like it disappeared, so here are the files again

Fix result of Farbar Recovery Scan Tool (x86) Version:11-08-2015 02

Ran by sharon (2015-08-12 16:15:44) Run:1

Running from C:\Users\sharon\Desktop

Loaded Profiles: sharon (Available Profiles: sharon)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CHR HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

2015-08-11 17:53 - 2015-08-11 18:00 - 00000454 _____ C:\windows\Tasks\MyTurboPC.com Registration3.job

2015-08-11 17:53 - 2015-08-11 17:53 - 00000000 ____D C:\Users\sharon\AppData\Roaming\MyTurboPC.com

2015-08-11 17:52 - 2015-08-11 17:52 - 00001093 _____ C:\Users\sharon\Desktop\MyTurboPC.lnk

2015-08-11 17:52 - 2015-08-11 17:52 - 00000529 _____ C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job

2015-08-11 17:52 - 2015-08-11 17:52 - 00000418 _____ C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job

2015-08-11 17:52 - 2015-08-11 17:52 - 00000418 _____ C:\windows\Tasks\MyTurboPC.com Update3.job

2015-08-11 17:52 - 2015-08-11 17:52 - 00000410 _____ C:\windows\Tasks\MyTurboPC Startup.job

2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com

2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\ProgramData\MyTurboPC.com

2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Program Files\MyTurboPC.com

2015-08-11 17:52 - 2015-08-11 17:52 - 00000000 ____D C:\Program Files\Common Files\MyTurboPC.com

Task: {4E32F1F0-CC4C-4184-8751-748F6766B9F1} - System32\Tasks\MyTurboPC.com Update3_triggeronce => c:\program files\common files\myturbopc.com\uus3\Update3.exe [2015-01-06] (MyTurboPC.com)

Task: {8B120285-6186-43D4-A1C1-39655570F375} - System32\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787 => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe [2015-01-06] (MyTurboPC.com) <==== ATTENTION

Task: {8F2919A0-F3A6-42F0-A79B-F2359A9391A3} - System32\Tasks\MyTurboPC.com Registration3 => Rundll32.exe "C:\Program Files\Common Files\MyTurboPC.com\UUS3\UUS3.dll" RunUns

Task: {BA28D786-4303-4025-A5A8-32DCC38B24F1} - System32\Tasks\MyTurboPC.com Update3 => c:\program files\common files\myturbopc.com\uus3\Update3.exe [2015-01-06] (MyTurboPC.com)

Task: {CB22A0E0-E970-4076-AB6F-4F0ABA061A32} - System32\Tasks\MyTurboPC Startup => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe [2015-01-06] (MyTurboPC.com)

Task: {DD2FBE34-FEF5-4F8B-943B-566D1A27C6E4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{702DC99D-00A2-43E8-A1F5-F0470C991E6E}.exe

Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{702DC99D-00A2-43E8-A1F5-F0470C991E6E}.exe <==== ATTENTION

Task: C:\windows\Tasks\MyTurboPC Startup.job => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe2C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe

Task: C:\windows\Tasks\MyTurboPC.com Registration3.job => C:\windows\system32\rundll32.exeCC:\Program Files\Common Files\MyTurboPC.com\UUS3\UUS3.dll RunUns1C:\Program Files\Common Files\MyTurboPC.com

Task: C:\windows\Tasks\MyTurboPC.com Update3.job => c:\program files\common files\myturbopc.com\uus3\Update3.exe1c:\program files\common files\myturbopc.com\uus3sharonMyTurboPC.com

Task: C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job => c:\program files\common files\myturbopc.com\uus3\Update3.exe1c:\program files\common files\myturbopc.com\uus3sharonMyTurboPC.com

Task: C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job => C:\Program Files\MyTurboPC.com\MyTurboPC\mtpc.exe2 /schedule:F97FF270-3FFD-11E5-9243-0016DD132787 C:\Program Files\MyTurboPC.com <==== ATTENTION

IE trusted site: HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\...\hola.org -> hxxp://hola.org

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

"HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\SOFTWARE\Policies\Google" => key removed successfully.

C:\windows\Tasks\MyTurboPC.com Registration3.job => moved successfully.

C:\Users\sharon\AppData\Roaming\MyTurboPC.com => moved successfully.

C:\Users\sharon\Desktop\MyTurboPC.lnk => moved successfully.

C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job => moved successfully.

C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job => moved successfully.

C:\windows\Tasks\MyTurboPC.com Update3.job => moved successfully.

C:\windows\Tasks\MyTurboPC Startup.job => moved successfully.

C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com => moved successfully.

C:\ProgramData\MyTurboPC.com => moved successfully.

C:\Program Files\MyTurboPC.com => moved successfully.

C:\Program Files\Common Files\MyTurboPC.com => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E32F1F0-CC4C-4184-8751-748F6766B9F1}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E32F1F0-CC4C-4184-8751-748F6766B9F1}" => key removed successfully.

C:\Windows\System32\Tasks\MyTurboPC.com Update3_triggeronce => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Update3_triggeronce" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B120285-6186-43D4-A1C1-39655570F375}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B120285-6186-43D4-A1C1-39655570F375}" => key removed successfully.

C:\Windows\System32\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F2919A0-F3A6-42F0-A79B-F2359A9391A3}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F2919A0-F3A6-42F0-A79B-F2359A9391A3}" => key removed successfully.

C:\Windows\System32\Tasks\MyTurboPC.com Registration3 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Registration3" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA28D786-4303-4025-A5A8-32DCC38B24F1}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA28D786-4303-4025-A5A8-32DCC38B24F1}" => key removed successfully.

C:\Windows\System32\Tasks\MyTurboPC.com Update3 => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Update3" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB22A0E0-E970-4076-AB6F-4F0ABA061A32}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB22A0E0-E970-4076-AB6F-4F0ABA061A32}" => key removed successfully.

C:\Windows\System32\Tasks\MyTurboPC Startup => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC Startup" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD2FBE34-FEF5-4F8B-943B-566D1A27C6E4}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD2FBE34-FEF5-4F8B-943B-566D1A27C6E4}" => key removed successfully.

C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => key removed successfully.

C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully.

C:\windows\Tasks\MyTurboPC Startup.job not found.

C:\windows\Tasks\MyTurboPC.com Registration3.job not found.

C:\windows\Tasks\MyTurboPC.com Update3.job not found.

C:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job not found.

C:\windows\Tasks\MyTurboPC_sch_F97FF270-3FFD-11E5-9243-0016DD132787.job not found.

"HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org" => key removed successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!

Reseting Interface, OK!

Reseting Unicast Address, OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::a9df:9767:5e45:ac9d%10

Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter isatap.{4898F6A2-6BA8-47CA-8232-59779CB23BD5}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter isatap.{0D3E7034-3953-465F-96FC-419D500D1F3E}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::a9df:9767:5e45:ac9d%10

IPv4 Address. . . . . . . . . . . : 192.168.0.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter isatap.{4898F6A2-6BA8-47CA-8232-59779CB23BD5}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter isatap.{0D3E7034-3953-465F-96FC-419D500D1F3E}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Interface, OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Interface, OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.

HKU\S-1-5-21-3894173187-2114546848-3451514324-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {808BE818-BE70-4652-8AB8-2929D8FD5B53}.

Unable to cancel {239F9C2A-13E4-4DAE-8E87-3C6A9EEFBD78}.

{1C4BA17E-1681-4D6F-8555-90ADEEE4EF3E} canceled.

1 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 779.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:17:54 ====

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 21:48:37

# Updated 09/07/2015 by Xplode

# Database : 2015-08-01.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x86)

# Username : sharon - LASTXP22

# Running from : C:\Users\sharon\Downloads\AdwCleaner (1).exe

# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : hola_svc

[#] Service Deleted : hola_updater

[#] Service Deleted : ManyCam

***** [ Files / Folders ] *****

Folder Deleted : C:\Hola

Folder Deleted : C:\ProgramData\EmailNotifier

Folder Deleted : C:\Program Files\Hola

Folder Deleted : C:\Users\sharon\AppData\Local\Hola

Folder Deleted : C:\Users\sharon\AppData\LocalLow\EmailNotifier

Folder Deleted : C:\Users\sharon\AppData\Roaming\Hola

File Deleted : C:\Users\sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****

Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v12.0 (en-US)

-\\ Google Chrome v44.0.2403.130

*************************

AdwCleaner[R0].txt - [2652 bytes] - [06/12/2014 14:24:56]

AdwCleaner[R1].txt - [1954 bytes] - [10/08/2015 21:46:45]

AdwCleaner[S0].txt - [2745 bytes] - [06/12/2014 14:30:31]

AdwCleaner[S1].txt - [1711 bytes] - [10/08/2015 21:48:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1770 bytes] ##########

# AdwCleaner v4.104 - Report created 12/08/2015 at 16:43:54

# Updated 05/12/2014 by Xplode

# Database : 2015-08-11.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : sharon - LASTXP22

# Running from : C:\Users\sharon\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

[x] Not Deleted : ManyCam

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\EmailNotifier

Folder Deleted : C:\Users\sharon\AppData\Local\Hola

Folder Deleted : C:\Users\sharon\AppData\Roaming\Hola

File Deleted : C:\Users\sharon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MyTurboPC.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKCU\Software\MyTurboPC.com

Key Deleted : HKLM\SOFTWARE\MyTurboPC.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v39.0.3 (x86 en-US)

-\\ Google Chrome v44.0.2403.130

*************************

AdwCleaner[R0].txt - [2652 octets] - [06/12/2014 14:24:56]

AdwCleaner[R1].txt - [3522 octets] - [10/08/2015 21:46:45]

AdwCleaner[S0].txt - [2745 octets] - [06/12/2014 14:30:31]

AdwCleaner[S1].txt - [3299 octets] - [10/08/2015 21:48:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3359 octets] ##########

#5
Essexboy

Posted 12 August 2015 - 07:33 AM

GeekU Moderator

Retired Staff
69,964 posts

How is your network connection behaving now ?

#6
shaz

Posted 13 August 2015 - 02:35 AM

Member

Topic Starter
Member
147 posts

its still doing same....pages loading very slow..and still cant watch any online movies without buffering or freezing

#7
Essexboy

Posted 13 August 2015 - 07:10 AM

GeekU Moderator

Retired Staff
69,964 posts

OK next trick is to run a clean boot and see if that makes a difference

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

#8
Essexboy

Posted 17 August 2015 - 07:46 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: virus, win7, toshibalaptop, malware

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,671 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,290 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,728 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,801 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Virus Infection Started by ForrestGump , 05 Oct 2022 Virus 1 2 3 8 →	Hot 110 replies 15,992 views	RKinner 14 Nov 2022