Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i would greatly appreciate some help [Closed]

malware. popups.

  • This topic is locked This topic is locked

#1
complete-noob

complete-noob

    New Member

  • Member
  • Pip
  • 9 posts

every new window i open has an 80 percent chance to be auto-redirected to a warning site. this site is by salesprises, and very loudly says security warning. it cant be muted or closed with closing a bunch of dialogue boxes first. here are the frst logs. i greatly appreciate any help you can offer.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-10-2015
Ran by brenda (administrator) on BRENDA-PC (07-10-2015 11:33:37)
Running from C:\Users\brenda\Downloads
Loaded Profiles: brenda (Available Profiles: brenda & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\GoogleGGupdate.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\MountPoints2: {6c16f8bf-3af1-11e2-995b-00266c95841a} - E:\TL_Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-23] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~2\search~2\datamngr\mgrldr.dll => No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
BootExecute: sasnative64autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}: [NameServer] 199.203.131.152,82.163.143.182
Tcpip\..\Interfaces\{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DD1B6914-D146-4751-B428-6A063D30C07C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://start.toshiba.com/g/
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {8DBAF1CE-0DAB-4912-BF80-9BFAA63648F9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {B61FFA0A-EE25-4E35-812E-6D99CC64D029} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> DefaultScope {6E99DEE0-C61F-4873-9BA5-AA3999150ED9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS422
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> {6E99DEE0-C61F-4873-9BA5-AA3999150ED9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS422
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> {8DBAF1CE-0DAB-4912-BF80-9BFAA63648F9} URL = 
BHO: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.x64.dll [2015-08-16] ()
BHO-x32: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.dll [2015-08-16] ()
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll [2013-02-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll [2013-02-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files (x86)\AVG\AVG10\Firefox
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (missing e) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2015-08-16]
CHR Extension: (AVG Safe Search) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2015-07-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a9cff455; c:\Program Files (x86)\ReactorExtender\ReactorExtender.dll [2271744 2015-07-26] () [File not signed]
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 PCKeeper2Service; C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [156336 2014-10-10] (Kromtech) <==== ATTENTION
R2 PCKeeperOcfService; C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [1155352 2014-10-10] (Kromtech) <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32440 2014-10-10] () <==== ATTENTION
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 11:33 - 2015-10-07 11:35 - 00016624 _____ C:\Users\brenda\Downloads\FRST.txt
2015-10-07 11:30 - 2015-10-07 11:34 - 00000000 ____D C:\FRST
2015-10-07 11:29 - 2015-10-07 11:30 - 02193920 _____ (Farbar) C:\Users\brenda\Desktop\FRST64.exe
2015-10-07 11:25 - 2015-10-07 11:25 - 00000000 _____ C:\windows\setuperr.log
2015-10-07 11:25 - 2015-10-07 11:25 - 00000000 _____ C:\windows\setupact.log
2015-10-07 10:53 - 2015-10-07 10:53 - 00026356 _____ C:\windows\System32\Tasks\DNSQUINTANA
2015-10-07 10:53 - 2015-10-07 10:53 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-09-07 13:41 - 2015-09-07 13:41 - 00002968 _____ C:\windows\System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702}
2015-09-07 13:35 - 2015-09-07 13:35 - 00893924 _____ C:\Users\brenda\Downloads\vox_package.zip
2015-09-07 13:35 - 2015-09-07 13:35 - 00000000 ____D C:\Users\brenda\Downloads\vox_package
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 11:31 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-07 11:31 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-07 10:53 - 2015-07-03 09:09 - 00000000 ____D C:\ProgramData\2705565024740908460
2015-10-07 10:42 - 2011-08-29 08:59 - 00000000 _____ C:\Users\brenda\AppData\LocalLow\prvlcl.dat
2015-10-07 10:33 - 2015-07-23 18:17 - 00000024 _____ C:\Users\brenda\AppData\Roaming\appdataFr25.bin
2015-10-07 10:33 - 2010-11-19 00:21 - 01850378 _____ C:\windows\WindowsUpdate.log
2015-10-06 00:57 - 2015-08-15 06:57 - 00000342 _____ C:\windows\Tasks\Superclean.job
2015-09-09 22:36 - 2011-03-08 19:30 - 00000000 ____D C:\Users\brenda\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2012-03-23 03:45 - 2012-03-23 03:45 - 3993600 _____ () C:\Program Files (x86)\GUTE058.tmp
2015-07-24 16:24 - 2015-08-15 06:56 - 0000020 _____ () C:\Users\brenda\AppData\Roaming\appdataFr2.bin
2015-07-23 18:17 - 2015-10-07 10:33 - 0000024 _____ () C:\Users\brenda\AppData\Roaming\appdataFr25.bin
2012-09-28 00:01 - 2012-09-28 00:01 - 0008428 _____ () C:\Users\brenda\AppData\Roaming\UserTile.png
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-04 16:52
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-10-2015
Ran by brenda (2015-10-07 11:36:56)
Running from C:\Users\brenda\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-08 23:24:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2944084441-1480808141-3925479954-500 - Administrator - Enabled) => C:\Users\Administrator
brenda (S-1-5-21-2944084441-1480808141-3925479954-1001 - Administrator - Enabled) => C:\Users\brenda
Guest (S-1-5-21-2944084441-1480808141-3925479954-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2944084441-1480808141-3925479954-1020 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.149 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.1.1000.15664 - systweak.com) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1520 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Google Chrome (HKLM-x32\...\{B9A82C41-4F48-3C15-8A84-1A84582BE03E}) (Version: 66.88.49307 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Rescue Calling Card (HKLM-x32\...\{A22B8513-EA8C-46A1-9735-F5BE971C368D}) (Version: 7.4.515 - LogMeIn, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
missing e (HKLM-x32\...\{450F78BE-2B5E-C81D-0656-897759985405}) (Version:  - "") <==== ATTENTION
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
PCKeeper (HKLM\...\{22FB50CC-F204-46D3-AE33-C6F94441FB0A}) (Version: 2.1.181 - Kromtech) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ReactorExtender (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a9cff455}) (Version:  - Software Publisher) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
The Phone Support Dock (HKLM-x32\...\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1) (Version: 2.1.100.15944 - The Phone Support Pvt. Ltd.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WinClean Pro (HKLM-x32\...\{00CF08C3-ED21-49fa-9263-5492CAEA92C2}_is1) (Version: 2.5.1001.563 - Systweak Software) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
29-07-2015 16:42:54 Windows Update
04-08-2015 18:11:28 Windows Update
16-08-2015 13:00:00 Scheduled Checkpoint
18-08-2015 21:43:13 WinClean Pro - Restore Point Before Cleaning
27-08-2015 21:35:40 Scheduled Checkpoint
16-09-2015 17:58:31 Scheduled Checkpoint
04-10-2015 16:59:22 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {038CCE79-761E-4511-9EF0-507A0DB6A686} - System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {0C0ECCC5-1326-4F75-824F-59B5B3B11BAF} - System32\Tasks\Superclean => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe [2014-08-15] (Super PC Tools Ltd) <==== ATTENTION
Task: {4A21C2DE-83B2-4DD3-BA6D-CA3124F5E518} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73F177E0-B844-404B-985B-7D225E92C3C9} - System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {AEDCE73C-F6F7-4429-A9BB-79A1B0ACC1E5} - System32\Tasks\DNSQUINTANA => C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe [2015-09-24] ()
Task: {D61D6359-D0FA-479C-85AA-7811EE3DDBFB} - System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {DE645644-AE01-4BA5-BAA6-18A73BCF018A} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Superclean.job => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-10 17:59 - 2014-10-10 17:59 - 00048920 _____ () C:\Program Files\Kromtech\PCKeeper\SharedNativeLibraryPS.dll
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-15 13:32 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-10-07 10:53 - 2015-09-24 18:43 - 00537088 _____ () C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\brenda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.152 - 82.163.143.182
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: DatamngrCoordinator => 2
MSCONFIG\Services: FastFreeConverterUpdt => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IBUpdaterService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MyWebSearchService => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: vToolbarUpdater11.2.0 => 2
MSCONFIG\Services: WajamUpdater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^brenda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~2.EXE
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: RebateInformer => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
MSCONFIG\startupreg: SearchProtect => C:\Users\brenda\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SelectRebates => C:\Program Files (x86)\SelectRebates\SelectRebates.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\brenda\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB20C4E5-739F-4FEF-9849-D5923D807933}] => (Allow) LPort=2869
FirewallRules: [{A17F1F14-DA92-474F-8B09-17ADE5CE7063}] => (Allow) LPort=1900
FirewallRules: [{67E9151E-F6F6-42A5-9CE2-3343EF13571B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{67D0A84E-6AAD-41DD-BC33-96EEA32E9FFA}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{94E4FCC3-70AB-457A-BD38-7D9F6250751A}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{24648242-47FE-4E41-ABD8-DA881A89F11E}] => (Allow) LPort=10255
FirewallRules: [{40E6EDAC-F195-43A4-A89F-D5D64B68C1C8}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{57E98F31-2026-4166-9D5C-11C5200B3706}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{363E4EC4-37F5-46E6-A938-1975F732A36A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{468D5EFC-2ABF-402D-8F77-D7DFD70004CC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{34CBEC96-002D-4D0A-85EA-1521F3A5EFC1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{EC4F6940-DD88-45AE-A78F-7B8773673A91}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [TCP Query User{039E4928-C100-4654-BC59-DC4E0BDF45FC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{747F9408-A3D3-4F3C-8D52-C887EE998CF3}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{DAD36BA6-A754-4E0D-AB4D-4E17FFD72486}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{28300583-0854-40C9-AB67-F26968524524}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{C9832213-4B55-4EDD-B406-B39217D2E41B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5502A73-883C-45B4-B48F-04E044A170C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{49EE852D-5843-486D-8C47-D515018E386F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7DC44BA-266F-4AD4-8302-8D49BCCBC70A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C075F3EB-7B11-4A21-A079-F0FCFB495845}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F3B62863-677B-4E45-B952-A997880DCCDB}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{D1E5C826-4D75-42EC-B360-65B5047AF58E}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{25C920A4-9EE3-4F6C-9C6E-F26987434FC4}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{98B2A31C-FE37-48FF-844A-D890439E8D73}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{919DDD15-04A8-404C-B380-AF67F7180F0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Avgldx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/06/2015 12:53:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1466
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1466
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1716
 
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1716
 
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/04/2015 07:00:25 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).
 
Error: (10/04/2015 04:59:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed
 
System Error:
The system cannot find the filearrow-10x10.png specified.
.
 
Error: (10/04/2015 04:59:36 PM) (Source: Microsoftarrow-10x10.png-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed
 
System Error:
The system cannotarrow-10x10.png find the file specified.
.
 
 
System errors:
=============
Error: (10/04/2015 05:07:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (10/04/2015 05:06:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (10/04/2015 05:05:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (10/04/2015 05:04:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (10/04/2015 05:04:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (10/04/2015 05:03:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (10/04/2015 05:03:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 2TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (09/30/2015 09:26:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (09/30/2015 09:26:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
Error: (09/30/2015 09:26:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2013-02-21 02:34:53.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-21 02:33:41.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-21 02:19:56.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 68%
Total physical RAM: 2939.98 MB
Available physical RAM: 915.91 MB
Total Virtual: 5878.16 MB
Available Virtual: 3000.32 MB
 
==================== Drives ================================
 
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:144.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7arrow-10x10.png or Vista) (Size: 232.9 GB) (Disk ID: 1BF86417)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get you sorted :)

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\MountPoints2: {6c16f8bf-3af1-11e2-995b-00266c95841a} - E:\TL_Bootstrap.exe
AppInit_DLLs-x32: c:\progra~2\search~2\datamngr\mgrldr.dll => No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.x64.dll [2015-08-16] ()
BHO-x32: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.dll [2015-08-16] ()
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
R2 a9cff455; c:\Program Files (x86)\ReactorExtender\ReactorExtender.dll [2271744 2015-07-26] () [File not signed]
R2 PCKeeper2Service; C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [156336 2014-10-10] (Kromtech) <==== ATTENTION
R2 PCKeeperOcfService; C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [1155352 2014-10-10] (Kromtech) <==== ATTENTION
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32440 2014-10-10] () <==== ATTENTION
2015-10-07 10:53 - 2015-10-07 10:53 - 00026356 _____ C:\windows\System32\Tasks\DNSQUINTANA
2015-10-07 10:53 - 2015-10-07 10:53 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-09-07 13:41 - 2015-09-07 13:41 - 00002968 _____ C:\windows\System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702}
2015-09-07 13:35 - 2015-09-07 13:35 - 00893924 _____ C:\Users\brenda\Downloads\vox_package.zip
2015-09-07 13:35 - 2015-09-07 13:35 - 00000000 ____D C:\Users\brenda\Downloads\vox_package
2015-10-07 10:53 - 2015-07-03 09:09 - 00000000 ____D C:\ProgramData\2705565024740908460
2015-10-07 10:42 - 2011-08-29 08:59 - 00000000 _____ C:\Users\brenda\AppData\LocalLow\prvlcl.dat
2015-10-06 00:57 - 2015-08-15 06:57 - 00000342 _____ C:\windows\Tasks\Superclean.job
Task: {038CCE79-761E-4511-9EF0-507A0DB6A686} - System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {0C0ECCC5-1326-4F75-824F-59B5B3B11BAF} - System32\Tasks\Superclean => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe [2014-08-15] (Super PC Tools Ltd) <==== ATTENTION
Task: {73F177E0-B844-404B-985B-7D225E92C3C9} - System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {AEDCE73C-F6F7-4429-A9BB-79A1B0ACC1E5} - System32\Tasks\DNSQUINTANA => C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe [2015-09-24] ()
Task: {D61D6359-D0FA-479C-85AA-7811EE3DDBFB} - System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {DE645644-AE01-4BA5-BAA6-18A73BCF018A} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: C:\windows\Tasks\Superclean.job => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe <==== ATTENTION
C:\Program Files (x86)\Super Optimizer
C:\Program Files (x86)\salEEprizeS
c:\Program Files (x86)\ReactorExtender
C:\Windows\System32\DRIVERS\fileHiders.sys
c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}
C:\Program Files (x86)\DNS Unlocker
C:\Program Files\Kromtech
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

here is the fixlog & adwcleaner report. i have successfully completed the steps provided, but even while writing this, the redirect problem persists.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-10-2015
Ran by brenda (2015-10-07 13:19:12) Run:1
Running from C:\Users\brenda\Desktop\frst64+fixlist.txt
Loaded Profiles: brenda (Available Profiles: brenda & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\MountPoints2: {6c16f8bf-3af1-11e2-995b-00266c95841a} - E:\TL_Bootstrap.exe
AppInit_DLLs-x32: c:\progra~2\search~2\datamngr\mgrldr.dll => No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.x64.dll [2015-08-16] ()
BHO-x32: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.dll [2015-08-16] ()
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
R2 a9cff455; c:\Program Files (x86)\ReactorExtender\ReactorExtender.dll [2271744 2015-07-26] () [File not signed]
R2 PCKeeper2Service; C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [156336 2014-10-10] (Kromtech) <==== ATTENTION
R2 PCKeeperOcfService; C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [1155352 2014-10-10] (Kromtech) <==== ATTENTION
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32440 2014-10-10] () <==== ATTENTION
2015-10-07 10:53 - 2015-10-07 10:53 - 00026356 _____ C:\windows\System32\Tasks\DNSQUINTANA
2015-10-07 10:53 - 2015-10-07 10:53 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-09-07 13:41 - 2015-09-07 13:41 - 00002968 _____ C:\windows\System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702}
2015-09-07 13:35 - 2015-09-07 13:35 - 00893924 _____ C:\Users\brenda\Downloads\vox_package.zip
2015-09-07 13:35 - 2015-09-07 13:35 - 00000000 ____D C:\Users\brenda\Downloads\vox_package
2015-10-07 10:53 - 2015-07-03 09:09 - 00000000 ____D C:\ProgramData\2705565024740908460
2015-10-07 10:42 - 2011-08-29 08:59 - 00000000 _____ C:\Users\brenda\AppData\LocalLow\prvlcl.dat
2015-10-06 00:57 - 2015-08-15 06:57 - 00000342 _____ C:\windows\Tasks\Superclean.job
Task: {038CCE79-761E-4511-9EF0-507A0DB6A686} - System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {0C0ECCC5-1326-4F75-824F-59B5B3B11BAF} - System32\Tasks\Superclean => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe [2014-08-15] (Super PC TOOLS Ltd) <==== ATTENTION
Task: {73F177E0-B844-404B-985B-7D225E92C3C9} - System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {AEDCE73C-F6F7-4429-A9BB-79A1B0ACC1E5} - System32\Tasks\DNSQUINTANA => C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe [2015-09-24] ()
Task: {D61D6359-D0FA-479C-85AA-7811EE3DDBFB} - System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {DE645644-AE01-4BA5-BAA6-18A73BCF018A} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: C:\windows\Tasks\Superclean.job => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe <==== ATTENTION
C:\Program Files (x86)\Super Optimizer
C:\Program Files (x86)\salEEprizeS
c:\Program Files (x86)\ReactorExtender
C:\Windows\System32\DRIVERS\fileHiders.sys
c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}
C:\Program Files (x86)\DNS Unlocker
C:\Program Files\Kromtech
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Super Optimizer => value removed successfully
"HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c16f8bf-3af1-11e2-995b-00266c95841a}" => key removed successfully
HKCR\CLSID\{6c16f8bf-3af1-11e2-995b-00266c95841a} => key not found. 
"c:\progra~2\search~2\datamngr\mgrldr.dll" => Value data removed successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => moved successfully
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81BBBF67-78BA-4C66-9098-C600E5C6810E}" => key removed successfully
"HKCR\CLSID\{81BBBF67-78BA-4C66-9098-C600E5C6810E}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81BBBF67-78BA-4C66-9098-C600E5C6810E}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{81BBBF67-78BA-4C66-9098-C600E5C6810E}" => key removed successfully
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
a9cff455 => Service stopped successfully.
a9cff455 => service removed successfully
PCKeeper2Service => Service stopped successfully.
PCKeeper2Service => service removed successfully
PCKeeperOcfService => Service stopped successfully.
PCKeeperOcfService => service removed successfully
fileHiders => service removed successfully
C:\windows\System32\Tasks\DNSQUINTANA => moved successfully
 
"C:\Program Files (x86)\DNS Unlocker" folder move:
 
Could not move "C:\Program Files (x86)\DNS Unlocker" => Scheduled to move on reboot.
 
C:\windows\System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31} => moved successfully
C:\windows\System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B} => moved successfully
C:\windows\System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702} => moved successfully
C:\Users\brenda\Downloads\vox_package.zip => moved successfully
C:\Users\brenda\Downloads\vox_package => moved successfully
C:\ProgramData\2705565024740908460 => moved successfully
C:\Users\brenda\AppData\LocalLow\prvlcl.dat => moved successfully
C:\windows\Tasks\Superclean.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{038CCE79-761E-4511-9EF0-507A0DB6A686}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{038CCE79-761E-4511-9EF0-507A0DB6A686}" => key removed successfully
C:\windows\System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C0ECCC5-1326-4F75-824F-59B5B3B11BAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C0ECCC5-1326-4F75-824F-59B5B3B11BAF}" => key removed successfully
C:\windows\System32\Tasks\Superclean => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73F177E0-B844-404B-985B-7D225E92C3C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F177E0-B844-404B-985B-7D225E92C3C9}" => key removed successfully
C:\windows\System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF325C64-A35E-4C25-88C4-952D79120A31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AEDCE73C-F6F7-4429-A9BB-79A1B0ACC1E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEDCE73C-F6F7-4429-A9BB-79A1B0ACC1E5}" => key removed successfully
C:\windows\System32\Tasks\DNSQUINTANA => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSQUINTANA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D61D6359-D0FA-479C-85AA-7811EE3DDBFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D61D6359-D0FA-479C-85AA-7811EE3DDBFB}" => key removed successfully
C:\windows\System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B4839A78-1808-411E-97C5-62884EAD6702}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE645644-AE01-4BA5-BAA6-18A73BCF018A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE645644-AE01-4BA5-BAA6-18A73BCF018A}" => key removed successfully
C:\windows\System32\Tasks\Super Optimizer Schedule => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => key removed successfully
C:\windows\Tasks\Superclean.job => not found.
C:\Program Files (x86)\Super Optimizer => moved successfully
C:\Program Files (x86)\salEEprizeS => moved successfully
c:\Program Files (x86)\ReactorExtender => moved successfully
C:\Windows\System32\DRIVERS\fileHiders.sys => moved successfully
c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28} => moved successfully
 
"C:\Program Files (x86)\DNS Unlocker" folder move:
 
Could not move "C:\Program Files (x86)\DNS Unlocker" => Scheduled to move on reboot.
 
C:\Program Files\Kromtech => moved successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::f08d:fb41:4d95:afe6%10
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.{F4F5C1B5-9128-4327-9CF6-A9D7B4530A98}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.hsd1.tn.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::f08d:fb41:4d95:afe6%10
   IPv4 Address. . . . . . . . . . . : 192.168.0.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Tunnel adapter isatap.{F4F5C1B5-9128-4327-9CF6-A9D7B4530A98}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.hsd1.tn.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {C32EB168-EEB5-4E53-ADFA-CF3358A2F0A6}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 188.2 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-07 13:24:03)
 
C:\Program Files (x86)\DNS Unlocker => Is moved successfully
C:\Program Files (x86)\DNS Unlocker => Is moved successfully
 
==== End of Fixlog 13:24:03 ====
 
# AdwCleaner v5.011 - Logfile created 07/10/2015 at 13:39:09
# Updated 07/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Administrator - BRENDA-PC
# Running from : C:\Users\Administrator\Downloads\adwcleaner_5.011.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : YahooAUService
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\ASP
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files (x86)\brooawseaandshoapu
[-] Folder Deleted : C:\Program Files (x86)\browseandsshop
[-] Folder Deleted : C:\Program Files (x86)\frreEdeliveerry
[-] Folder Deleted : C:\Program Files (x86)\fRReedoeelivery
[-] Folder Deleted : C:\Program Files (x86)\fureeedelIvery
[-] Folder Deleted : C:\Program Files (x86)\ooffeRsale
[-] Folder Deleted : C:\Program Files (x86)\salleeprizeesu
[-] Folder Deleted : C:\Program Files (x86)\ssAleeprIzeis
[-] Folder Deleted : C:\ProgramData\Systweak
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\Kromtech
[-] Folder Deleted : C:\ProgramData\61d5b14200004927
[-] Folder Deleted : C:\ProgramData\de2e68b0000035db
[-] Folder Deleted : C:\ProgramData\mjmhjpmmfkahkmgkicmiffcmbphpibmb
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\Kromtech
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
[!] Folder Not Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
[-] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\brenda\AppData\Local\Chromium\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
[-] Folder Deleted : C:\Users\brenda\AppData\Local\Chromium\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
[-] Folder Deleted : C:\Users\brenda\AppData\Local\Chromium\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[-] Folder Deleted : C:\Users\brenda\AppData\Local\Chromium\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
[-] Folder Deleted : C:\Users\brenda\AppData\Local\Chromium\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
[!] Folder Not Deleted : C:\Users\brenda\AppData\Local\Chromium\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
[-] Folder Deleted : C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[-] Folder Deleted : C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
[!] Folder Not Deleted : C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
[-] Folder Deleted : C:\Users\brenda\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\brenda\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\brenda\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\brenda\AppData\Roaming\Super Optimizer
[-] Folder Deleted : C:\Users\brenda\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\brenda\Documents\Super Optimizer
[-] Folder Deleted : C:\windows\SysNative\tprb
[-] Folder Deleted : C:\windows\SysWOW64\mjcm
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl
[-] File Deleted : C:\Users\brenda\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\brenda\Desktop\Super Optimizer.lnk
[-] File Deleted : C:\Users\Public\Desktop\Advanced System~Protector.lnk
[-] File Deleted : C:\windows\SysNative\sasnative64.exe
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
[-] Key Deleted : HKLM\SOFTWARE\Classes\MPCBContextMenu.ContextMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\MPCBContextMenu.IconGenerator
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper2]
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\P373BBCA7_34CB_4F72_9BD6_B797BBB7850E_.P373BBCA7_34CB_4F72_9BD6_B797BBB7850E_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P373BBCA7_34CB_4F72_9BD6_B797BBB7850E_.P373BBCA7_34CB_4F72_9BD6_B797BBB7850E_.9
[-] Key Deleted : HKLM\SOFTWARE\212ef06f-5553-09e9-8db9-ab9da84766a6
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a9cff455}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[-] Key Deleted : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{373BBCA7-34CB-4F72-9BD6-B797BBB7850E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BAB45F-0A8A-48B5-8C46-F2A8C7EEFAEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{829DD016-D322-481B-8BA3-10064B09EAC4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DE01332E-98E8-12B4-F903-E6ABC5665CF0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{373BBCA7-34CB-4F72-9BD6-B797BBB7850E}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{373BBCA7-34CB-4F72-9BD6-B797BBB7850E}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{373BBCA7-34CB-4F72-9BD6-B797BBB7850E}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\IGearSettings
[-] Key Deleted : HKU\.DEFAULT\Software\IM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\SweetIM
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\MyWebSearch
[-] Key Deleted : HKCU\Software\SearchProtect
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKCU\Software\WNLT
[-] Key Deleted : HKCU\Software\Kromtech
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ilividtoolbargaw
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\ImInstaller
[!] Key Not Deleted : [x64] HKCU\Software\MyWebSearch
[!] Key Not Deleted : [x64] HKCU\Software\SearchProtect
[!] Key Not Deleted : [x64] HKCU\Software\SweetIM
[!] Key Not Deleted : [x64] HKCU\Software\WNLT
[!] Key Not Deleted : [x64] HKCU\Software\Kromtech
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Kromtech
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[!] Key Not Deleted : HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\AppDataLow\Software\DynConIE
[!] Key Not Deleted : HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\AppDataLow\Software\MyWebSearch
[!] Key Not Deleted : HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\AppDataLow\Software\PriceGong
[!] Key Not Deleted : HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\AppDataLow\Software\ilividtoolbargaw
[!] Key Not Deleted : HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\AppDataLow\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\E5C2FB287A9731A45B805D6EA4B541E1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\E5C2FB287A9731A45B805D6EA4B541E1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5C2FB287A9731A45B805D6EA4B541E1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
 
***** [ Web browsers ] *****
 
[-] [C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bcjbagclppcgdbpobcpoojdjdmcjhpid
[-] [C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bcjbagclppcgdbpobcpoojdjdmcjhpid
[-] [C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jmfkcklnlgedgbglfkkgedjfmejoahla
[-] [C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jpmbfleldcgkldadpdinhjjopdfpjfjp
[-] [C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl
[-] [C:\Users\brenda\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jmfkcklnlgedgbglfkkgedjfmejoahla
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jpmbfleldcgkldadpdinhjjopdfpjfjp
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [23173 bytes] ##########
 

  • 0

#4
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

are there any other stepsarrow-10x10.png i could follow up with to try and fix the problem


Edited by complete-noob, 07 October 2015 - 12:05 PM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Where are you being redirected to and in what browser ? Did you uninstall Chrome ?

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#6
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

redirected sites-

bannersdontwork.com

targetedadertisements.com

 

mostly just ads and spam.

 

and just so im clear on the steps to take. i should download and scan my pc with malware bytes. then scan individual quarantined logs in malware bytes history. post scanned logs here after exporting to .txt in notepad.


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct quarantine anything it finds
  • 0

#8
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

other sitse are 

microsoft-security

and a couple different ones that begin in "severe." such as severe.targetingads.com

 

i unsynced google chrome, then uninstalled and redownloaded, yes.

 

And i will begin the download of anti-malware bytes momentarily, thank you so much ^.^


  • 0

#9
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

scan is finished. 27 detected. all quarantined. waiting on you instructions before i even close the box haha. ive exported the scan log as requested.

 

 Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 10/7/2015
Scan Time: 3:11 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.07.05
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397112
Time Elapsed: 27 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 13
PUP.Optional.PlayTopus, HKU\S-1-5-21-2944084441-1480808141-3925479954-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}, Quarantined, [61c0b69ec6c572c46a70378d04fecd33], 
PUP.Optional.InternetHelper, HKU\S-1-5-21-2944084441-1480808141-3925479954-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B920380D-FBE7-45C7-96AB-37E9870A566C}, Quarantined, [5cc5d77def9c5dd99e98886fad5531cf], 
PUP.Optional.InternetHelper, HKU\S-1-5-21-2944084441-1480808141-3925479954-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B920380D-FBE7-45C7-96AB-37E9870A566C}, Quarantined, [5cc5d77def9c5dd99e98886fad5531cf], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{450F78BE-2B5E-C81D-0656-897759985405}, Quarantined, [829fa7ad99f295a1005bab16aa57aa56], 
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [061b2f25a7e43afcabe327bf8d7708f8], 
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeperService_RASAPI32, Quarantined, [45dcce86523959ddb8c2cff3a95ba55b], 
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeperService_RASMANCS, Quarantined, [958c1e366d1e8babea903290e3217f81], 
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, Quarantined, [7ba6193b63283bfb2258fcc61fe59967], 
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, Quarantined, [d44d7ada325957dff1897949f410d22e], 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASAPI32, Quarantined, [bc65aaaa6f1cae887485e203b94b20e0], 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASMANCS, Quarantined, [9f82b2a2b8d360d611e8d0159c689769], 
PUP.Optional.PCKeeper, HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\KROMTECH\PCKeeper, Quarantined, [1e03d1830f7c4beb1166358df50fa858], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\SUPER OPTIMIZER, Quarantined, [9b86e17334573ef84eeb10c1897bc739], 
 
Registry Values: 2
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\brenda\AppData\Local\Temp\252dda73\178008.ftf, Quarantined, [9b86e17334573ef84eeb10c1897bc739]
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, http://supc.superpct...2A-4EFA66A90F09, Quarantined, [f42d0450a4e71b1b4aee9d34f60ee61a]
 
Registry Data: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}|NameServer, 199.203.131.152,82.163.143.182, Good: (), Bad: (199.203.131.152,82.163.143.182),Replaced,[74adc88cf5963ff7a21af79759ac7888]
 
Folders: 0
(No malicious items detected)
 
Files: 11
PUP.Optional.MultiPlug, C:\Program Files (x86)\missing e\missing e.exe, Quarantined, [829fa7ad99f295a1005bab16aa57aa56], 
PUP.Optional.ShopAtHome, C:\Users\brenda\Downloads\ShopAtHome_App_C88863839YZ.exe, Quarantined, [1a07b69edbb054e2409a873aeb1a9e62], 
PUP.Optional.InstallCore, C:\Users\brenda\Downloads\CCleaner_Setup.zip, Quarantined, [ce530054098281b57b3931ba30d1d927], 
PUP.Optional.Amonetize, C:\Users\brenda\Downloads\VERIFIED  Hack Setup V2 13 7 Downloader.zip, Quarantined, [968b5ef6f09b2e0892842bb83fc24ab6], 
PUP.Optional.PCKeeper, C:\Users\brenda\Downloads\PCKeeper Installer.exe, Quarantined, [79a8dd77058642f4d23cce1406fb0af6], 
PUP.Optional.PricePeep, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [b46d3f15395290a6041ffec7cc3807f9], 
PUP.Optional.PricePeep, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [2ef398bc97f4ea4cb46f4f7616eef40c], 
PUP.Optional.ReMarkable, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [ab769db7692284b20a3bbd0ae51f37c9], 
PUP.Optional.ReMarkable, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [50d1252f52394beb99aca12645bf07f9], 
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, Delete-on-Reboot, [2ef3c0943952c472aeaa6a7e15efc23e], 
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, Delete-on-Reboot, [57ca82d20982c86e67f19e4a21e32ed2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Quarantine the lot please :)  Then after the reboot run a fresh FRST scan for me please and  try the net out to see if it behaves


  • 0

#11
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

they are in quarantine now. should i not delete them... and ok ill scan frst again


  • 0

#12
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

ok i ran the FRST again, here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-10-2015
Ran by Administrator (administrator) on BRENDA-PC (07-10-2015 16:01:15)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brenda & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-23] (Microsoft Corporation)
BootExecute: sasnative64autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DD1B6914-D146-4751-B428-6A063D30C07C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {8DBAF1CE-0DAB-4912-BF80-9BFAA63648F9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {B61FFA0A-EE25-4E35-812E-6D99CC64D029} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-500 -> {3DBEE821-FD32-4E96-8D70-6DC002006F1C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll [2013-02-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll [2013-02-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files (x86)\AVG\AVG10\Firefox
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.toshiba.com/g/
CHR StartupUrls: Default -> "hxxp://start.toshiba.com/g/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 gupdate1d101236bb63018; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-07] (Google Inc.)
S3 gupdatem1d101236c1a4a8f; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-07] (Google Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 16:01 - 2015-10-07 16:02 - 00012998 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-10-07 15:08 - 2015-10-07 15:42 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-07 15:08 - 2015-10-07 15:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-07 15:08 - 2015-10-07 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-07 15:08 - 2015-10-07 15:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-07 15:08 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-07 15:08 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-07 15:08 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-10-07 15:07 - 2015-10-07 15:08 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-07 14:20 - 2015-10-07 14:23 - 00000988 _____ C:\Users\Administrator\Desktop\GEREMY- READ THIS... (joey).txt
2015-10-07 13:49 - 2015-10-07 14:14 - 00000000 ____D C:\Users\Administrator\Desktop\frst + fixlist.txt
2015-10-07 13:47 - 2015-10-07 13:47 - 00003288 ____N C:\bootsqm.dat
2015-10-07 13:36 - 2015-10-07 13:36 - 01681920 _____ C:\Users\Administrator\Downloads\adwcleaner_5.011.exe
2015-10-07 13:24 - 2015-10-07 13:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG10
2015-10-07 13:23 - 2015-10-07 15:41 - 00003602 _____ C:\windows\PFRO.log
2015-10-07 13:18 - 2015-10-07 13:51 - 00000000 ____D C:\Users\brenda\Desktop\frst64+fixlist.txt
2015-10-07 13:14 - 2015-10-07 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-07 13:13 - 2015-10-07 15:42 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 13:13 - 2015-10-07 15:18 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-07 13:13 - 2015-10-07 13:14 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-07 13:13 - 2015-10-07 13:13 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-07 13:13 - 2015-10-07 13:13 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-07 11:36 - 2015-10-07 11:37 - 00030797 _____ C:\Users\brenda\Downloads\Addition.txt
2015-10-07 11:33 - 2015-10-07 11:37 - 00020588 _____ C:\Users\brenda\Downloads\FRST.txt
2015-10-07 11:30 - 2015-10-07 16:01 - 00000000 ____D C:\FRST
2015-10-07 11:29 - 2015-10-07 11:30 - 02193920 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-10-07 11:25 - 2015-10-07 15:41 - 00000168 _____ C:\windows\setupact.log
2015-10-07 11:25 - 2015-10-07 11:25 - 00000000 _____ C:\windows\setuperr.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 15:50 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-07 15:50 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-07 15:45 - 2010-11-19 00:21 - 01861439 _____ C:\windows\WindowsUpdate.log
2015-10-07 15:42 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-07 15:40 - 2015-08-16 06:35 - 00000000 ____D C:\Program Files (x86)\missing e
2015-10-07 15:08 - 2015-07-26 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-07 13:39 - 2015-07-26 13:00 - 00000000 ____D C:\AdwCleaner
2015-10-07 13:39 - 2014-10-11 23:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2015-10-07 13:39 - 2014-10-11 23:02 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo!
2015-10-07 13:39 - 2012-02-09 16:50 - 00000000 ____D C:\Users\brenda\AppData\Roaming\Yahoo!
2015-10-07 13:39 - 2012-02-09 16:50 - 00000000 ____D C:\Users\brenda\AppData\LocalLow\Yahoo!
2015-10-07 13:39 - 2012-02-09 16:50 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-07 13:31 - 2014-10-16 10:45 - 00060336 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-07 13:27 - 2014-10-11 22:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2015-10-07 13:25 - 2014-10-11 22:57 - 00002225 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-07 13:24 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-07 13:20 - 2011-03-16 10:05 - 00000000 ___SD C:\Users\brenda\AppData\LocalLow\Temp
2015-10-07 13:19 - 2010-11-19 00:39 - 00000000 ____D C:\ProgramData\Best Buy pc app
2015-10-07 13:13 - 2010-10-15 13:41 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-07 10:33 - 2015-07-23 18:17 - 00000024 _____ C:\Users\brenda\AppData\Roaming\appdataFr25.bin
2015-09-09 22:36 - 2011-03-08 19:30 - 00000000 ____D C:\Users\brenda\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2012-03-23 03:45 - 2012-03-23 03:45 - 3993600 _____ () C:\Program Files (x86)\GUTE058.tmp
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-04 16:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-10-2015
Ran by Administrator (2015-10-07 16:02:39)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-08 23:24:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2944084441-1480808141-3925479954-500 - Administrator - Enabled) => C:\Users\Administrator
brenda (S-1-5-21-2944084441-1480808141-3925479954-1001 - Administrator - Enabled) => C:\Users\brenda
Guest (S-1-5-21-2944084441-1480808141-3925479954-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2944084441-1480808141-3925479954-1020 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.149 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.1.1000.15664 - systweak.com) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1520 - AVG Technologies) Hidden
Best Buy pc app (HKU\S-1-5-21-2944084441-1480808141-3925479954-500\...\48e4cff94f039634) (Version: 3.0.0.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Rescue Calling Card (HKLM-x32\...\{A22B8513-EA8C-46A1-9735-F5BE971C368D}) (Version: 7.4.515 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
PCKeeper (HKLM\...\{22FB50CC-F204-46D3-AE33-C6F94441FB0A}) (Version: 2.1.181 - Kromtech) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WinClean Pro (HKLM-x32\...\{00CF08C3-ED21-49fa-9263-5492CAEA92C2}_is1) (Version: 2.5.1001.563 - Systweak Software) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
29-07-2015 16:42:54 Windows Update
04-08-2015 18:11:28 Windows Update
16-08-2015 13:00:00 Scheduled Checkpoint
18-08-2015 21:43:13 WinClean Pro - Restore Point Before Cleaning
27-08-2015 21:35:40 Scheduled Checkpoint
16-09-2015 17:58:31 Scheduled Checkpoint
04-10-2015 16:59:22 Scheduled Checkpoint
07-10-2015 12:45:12 Removed Google Chrome
07-10-2015 13:19:14 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4A21C2DE-83B2-4DD3-BA6D-CA3124F5E518} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8BF443AA-79AE-4D75-9385-77C6FB1B6D98} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {AE87AFA8-18CE-4161-B02E-0ECD4EB0B07D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-15 13:32 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: DatamngrCoordinator => 2
MSCONFIG\Services: FastFreeConverterUpdt => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IBUpdaterService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MyWebSearchService => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: vToolbarUpdater11.2.0 => 2
MSCONFIG\Services: WajamUpdater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^brenda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~2.EXE
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: RebateInformer => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
MSCONFIG\startupreg: SearchProtect => C:\Users\brenda\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SelectRebates => C:\Program Files (x86)\SelectRebates\SelectRebates.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\brenda\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Avgldx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2015 01:11:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 12c0
 
Start Time: 01d10122c5fb1ab0
 
Termination Time: 94
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (10/07/2015 01:07:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17910 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 259c
 
Start Time: 01d101211df8102c
 
Termination Time: 827
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (10/07/2015 12:45:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/07/2015 12:45:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/06/2015 12:53:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1466
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1466
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1716
 
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1716
 
 
System errors:
=============
Error: (10/07/2015 03:43:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/07/2015 03:42:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
Error: (10/07/2015 01:49:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/07/2015 01:48:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
Error: (10/07/2015 01:39:38 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (10/07/2015 01:39:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/07/2015 01:39:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/07/2015 01:39:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/07/2015 01:39:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/07/2015 01:39:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2013-02-21 02:34:53.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-21 02:33:41.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-21 02:19:56.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 2939.98 MB
Available physical RAM: 1854.12 MB
Total Virtual: 5878.16 MB
Available Virtual: 4753.36 MB
 
==================== Drives ================================
 
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:145.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 1BF86417)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
 
==================== End of Addition.txt ============================

  • 0

#13
complete-noob

complete-noob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

the redirects are still occurring, but much much less frequently now :D you sir are awesome. i forgot to reboot before my last post, im not sure theres any difference but i re-ran FRST just to be sure, and are re-posting the logs. im sorry if my mistake a moment ago caused any delay.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-10-2015
Ran by Administrator (administrator) on BRENDA-PC (07-10-2015 16:11:40)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: brenda & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-23] (Microsoft Corporation)
BootExecute: sasnative64autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DD1B6914-D146-4751-B428-6A063D30C07C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {8DBAF1CE-0DAB-4912-BF80-9BFAA63648F9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {B61FFA0A-EE25-4E35-812E-6D99CC64D029} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-500 -> {3DBEE821-FD32-4E96-8D70-6DC002006F1C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll [2013-02-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll [2013-02-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files (x86)\AVG\AVG10\Firefox
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.toshiba.com/g/
CHR StartupUrls: Default -> "hxxp://start.toshiba.com/g/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 gupdate1d101236bb63018; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-07] (Google Inc.)
S3 gupdatem1d101236c1a4a8f; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-07] (Google Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 16:02 - 2015-10-07 16:06 - 00027626 _____ C:\Users\Administrator\Desktop\Addition.txt
2015-10-07 16:01 - 2015-10-07 16:11 - 00012584 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-10-07 15:08 - 2015-10-07 15:42 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-07 15:08 - 2015-10-07 15:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-07 15:08 - 2015-10-07 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-07 15:08 - 2015-10-07 15:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-07 15:08 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-07 15:08 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-07 15:08 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-10-07 15:07 - 2015-10-07 15:08 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-07 14:20 - 2015-10-07 14:23 - 00000988 _____ C:\Users\Administrator\Desktop\GEREMY- READ THIS... (joey).txt
2015-10-07 13:49 - 2015-10-07 14:14 - 00000000 ____D C:\Users\Administrator\Desktop\frst + fixlist.txt
2015-10-07 13:47 - 2015-10-07 13:47 - 00003288 ____N C:\bootsqm.dat
2015-10-07 13:36 - 2015-10-07 13:36 - 01681920 _____ C:\Users\Administrator\Downloads\adwcleaner_5.011.exe
2015-10-07 13:24 - 2015-10-07 13:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG10
2015-10-07 13:23 - 2015-10-07 16:08 - 00003952 _____ C:\windows\PFRO.log
2015-10-07 13:18 - 2015-10-07 13:51 - 00000000 ____D C:\Users\brenda\Desktop\frst64+fixlist.txt
2015-10-07 13:14 - 2015-10-07 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-07 13:13 - 2015-10-07 16:09 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 13:13 - 2015-10-07 15:18 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-07 13:13 - 2015-10-07 13:14 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-07 13:13 - 2015-10-07 13:13 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-07 13:13 - 2015-10-07 13:13 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-07 11:36 - 2015-10-07 11:37 - 00030797 _____ C:\Users\brenda\Downloads\Addition.txt
2015-10-07 11:33 - 2015-10-07 11:37 - 00020588 _____ C:\Users\brenda\Downloads\FRST.txt
2015-10-07 11:30 - 2015-10-07 16:11 - 00000000 ____D C:\FRST
2015-10-07 11:29 - 2015-10-07 11:30 - 02193920 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-10-07 11:25 - 2015-10-07 16:09 - 00000224 _____ C:\windows\setupact.log
2015-10-07 11:25 - 2015-10-07 11:25 - 00000000 _____ C:\windows\setuperr.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 16:09 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-07 16:08 - 2010-11-19 00:21 - 01862666 _____ C:\windows\WindowsUpdate.log
2015-10-07 15:50 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-07 15:50 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-07 15:40 - 2015-08-16 06:35 - 00000000 ____D C:\Program Files (x86)\missing e
2015-10-07 15:08 - 2015-07-26 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-07 13:39 - 2015-07-26 13:00 - 00000000 ____D C:\AdwCleaner
2015-10-07 13:39 - 2014-10-11 23:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Yahoo!
2015-10-07 13:39 - 2014-10-11 23:02 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Yahoo!
2015-10-07 13:39 - 2012-02-09 16:50 - 00000000 ____D C:\Users\brenda\AppData\Roaming\Yahoo!
2015-10-07 13:39 - 2012-02-09 16:50 - 00000000 ____D C:\Users\brenda\AppData\LocalLow\Yahoo!
2015-10-07 13:39 - 2012-02-09 16:50 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-07 13:31 - 2014-10-16 10:45 - 00060336 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-07 13:27 - 2014-10-11 22:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2015-10-07 13:25 - 2014-10-11 22:57 - 00002225 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-07 13:24 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-07 13:20 - 2011-03-16 10:05 - 00000000 ___SD C:\Users\brenda\AppData\LocalLow\Temp
2015-10-07 13:19 - 2010-11-19 00:39 - 00000000 ____D C:\ProgramData\Best Buy pc app
2015-10-07 13:13 - 2010-10-15 13:41 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-07 10:33 - 2015-07-23 18:17 - 00000024 _____ C:\Users\brenda\AppData\Roaming\appdataFr25.bin
2015-09-09 22:36 - 2011-03-08 19:30 - 00000000 ____D C:\Users\brenda\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2012-03-23 03:45 - 2012-03-23 03:45 - 3993600 _____ () C:\Program Files (x86)\GUTE058.tmp
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-04 16:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-10-2015
Ran by Administrator (2015-10-07 16:12:24)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-08 23:24:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2944084441-1480808141-3925479954-500 - Administrator - Enabled) => C:\Users\Administrator
brenda (S-1-5-21-2944084441-1480808141-3925479954-1001 - Administrator - Enabled) => C:\Users\brenda
Guest (S-1-5-21-2944084441-1480808141-3925479954-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2944084441-1480808141-3925479954-1020 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.149 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.1.1000.15664 - systweak.com) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1520 - AVG Technologies) Hidden
Best Buy pc app (HKU\S-1-5-21-2944084441-1480808141-3925479954-500\...\48e4cff94f039634) (Version: 3.0.0.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Rescue Calling Card (HKLM-x32\...\{A22B8513-EA8C-46A1-9735-F5BE971C368D}) (Version: 7.4.515 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
PCKeeper (HKLM\...\{22FB50CC-F204-46D3-AE33-C6F94441FB0A}) (Version: 2.1.181 - Kromtech) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WinClean Pro (HKLM-x32\...\{00CF08C3-ED21-49fa-9263-5492CAEA92C2}_is1) (Version: 2.5.1001.563 - Systweak Software) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
29-07-2015 16:42:54 Windows Update
04-08-2015 18:11:28 Windows Update
16-08-2015 13:00:00 Scheduled Checkpoint
18-08-2015 21:43:13 WinClean Pro - Restore Point Before Cleaning
27-08-2015 21:35:40 Scheduled Checkpoint
16-09-2015 17:58:31 Scheduled Checkpoint
04-10-2015 16:59:22 Scheduled Checkpoint
07-10-2015 12:45:12 Removed Google Chrome
07-10-2015 13:19:14 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4A21C2DE-83B2-4DD3-BA6D-CA3124F5E518} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8BF443AA-79AE-4D75-9385-77C6FB1B6D98} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {AE87AFA8-18CE-4161-B02E-0ECD4EB0B07D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-15 13:32 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2944084441-1480808141-3925479954-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: DatamngrCoordinator => 2
MSCONFIG\Services: FastFreeConverterUpdt => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IBUpdaterService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MyWebSearchService => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: vToolbarUpdater11.2.0 => 2
MSCONFIG\Services: WajamUpdater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^brenda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~2.EXE
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: RebateInformer => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
MSCONFIG\startupreg: SearchProtect => C:\Users\brenda\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SelectRebates => C:\Program Files (x86)\SelectRebates\SelectRebates.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\brenda\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Avgldx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2015 01:11:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 12c0
 
Start Time: 01d10122c5fb1ab0
 
Termination Time: 94
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (10/07/2015 01:07:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17910 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 259c
 
Start Time: 01d101211df8102c
 
Termination Time: 827
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (10/07/2015 12:45:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/07/2015 12:45:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/06/2015 12:53:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1466
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1466
 
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1716
 
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1716
 
 
System errors:
=============
Error: (10/07/2015 04:10:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/07/2015 04:09:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
Error: (10/07/2015 03:43:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/07/2015 03:42:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
Error: (10/07/2015 01:49:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/07/2015 01:48:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
 
Error: (10/07/2015 01:39:38 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (10/07/2015 01:39:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/07/2015 01:39:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/07/2015 01:39:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2013-02-21 02:34:53.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-21 02:33:41.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-21 02:19:56.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 2939.98 MB
Available physical RAM: 1926.18 MB
Total Virtual: 5878.16 MB
Available Virtual: 4810.7 MB
 
==================== Drives ================================
 
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:145.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 1BF86417)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
 
==================== End of Addition.txt ============================

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK let me know if this cures it :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
2015-10-07 15:40 - 2015-08-16 06:35 - 00000000 ____D C:\Program Files (x86)\missing e
2015-10-07 13:19 - 2010-11-19 00:39 - 00000000 ____D C:\ProgramData\Best Buy pc app
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP