every new window i open has an 80 percent chance to be auto-redirected to a warning site. this site is by salesprises, and very loudly says security warning. it cant be muted or closed with closing a bunch of dialogue boxes first. here are the frst logs. i greatly appreciate any help you can offer.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-10-2015
Ran by brenda (administrator) on BRENDA-PC (07-10-2015 11:33:37)
Running from C:\Users\brenda\Downloads
Loaded Profiles: brenda (Available Profiles: brenda & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\GoogleGGupdate.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\...\MountPoints2: {6c16f8bf-3af1-11e2-995b-00266c95841a} - E:\TL_Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-23] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~2\search~2\datamngr\mgrldr.dll => No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
BootExecute: sasnative64autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}: [NameServer] 199.203.131.152,82.163.143.182
Tcpip\..\Interfaces\{CD9DCA32-E989-42B0-B69A-AC1E989AAEE4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DD1B6914-D146-4751-B428-6A063D30C07C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://start.toshiba.com/g/
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8DBAF1CE-0DAB-4912-BF80-9BFAA63648F9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {B61FFA0A-EE25-4E35-812E-6D99CC64D029} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> DefaultScope {6E99DEE0-C61F-4873-9BA5-AA3999150ED9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS422
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> {6E99DEE0-C61F-4873-9BA5-AA3999150ED9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS422
SearchScopes: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> {8DBAF1CE-0DAB-4912-BF80-9BFAA63648F9} URL =
BHO: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.x64.dll [2015-08-16] ()
BHO-x32: salEEprizeS -> {81BBBF67-78BA-4C66-9098-C600E5C6810E} -> C:\Program Files (x86)\salEEprizeS\9CElrO7W8OEuqW.dll [2015-08-16] ()
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2944084441-1480808141-3925479954-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll [2013-02-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll [2013-02-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files (x86)\AVG\AVG10\Firefox
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (missing e) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2015-08-16]
CHR Extension: (AVG Safe Search) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2015-07-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a9cff455; c:\Program Files (x86)\ReactorExtender\ReactorExtender.dll [2271744 2015-07-26] () [File not signed]
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 PCKeeper2Service; C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [156336 2014-10-10] (Kromtech) <==== ATTENTION
R2 PCKeeperOcfService; C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [1155352 2014-10-10] (Kromtech) <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32440 2014-10-10] () <==== ATTENTION
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-07 11:33 - 2015-10-07 11:35 - 00016624 _____ C:\Users\brenda\Downloads\FRST.txt
2015-10-07 11:30 - 2015-10-07 11:34 - 00000000 ____D C:\FRST
2015-10-07 11:29 - 2015-10-07 11:30 - 02193920 _____ (Farbar) C:\Users\brenda\Desktop\FRST64.exe
2015-10-07 11:25 - 2015-10-07 11:25 - 00000000 _____ C:\windows\setuperr.log
2015-10-07 11:25 - 2015-10-07 11:25 - 00000000 _____ C:\windows\setupact.log
2015-10-07 10:53 - 2015-10-07 10:53 - 00026356 _____ C:\windows\System32\Tasks\DNSQUINTANA
2015-10-07 10:53 - 2015-10-07 10:53 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-09-07 13:41 - 2015-09-07 13:41 - 00002968 _____ C:\windows\System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B}
2015-09-07 13:40 - 2015-09-07 13:40 - 00002968 _____ C:\windows\System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702}
2015-09-07 13:35 - 2015-09-07 13:35 - 00893924 _____ C:\Users\brenda\Downloads\vox_package.zip
2015-09-07 13:35 - 2015-09-07 13:35 - 00000000 ____D C:\Users\brenda\Downloads\vox_package
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-07 11:31 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-07 11:31 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-07 10:53 - 2015-07-03 09:09 - 00000000 ____D C:\ProgramData\2705565024740908460
2015-10-07 10:42 - 2011-08-29 08:59 - 00000000 _____ C:\Users\brenda\AppData\LocalLow\prvlcl.dat
2015-10-07 10:33 - 2015-07-23 18:17 - 00000024 _____ C:\Users\brenda\AppData\Roaming\appdataFr25.bin
2015-10-07 10:33 - 2010-11-19 00:21 - 01850378 _____ C:\windows\WindowsUpdate.log
2015-10-06 00:57 - 2015-08-15 06:57 - 00000342 _____ C:\windows\Tasks\Superclean.job
2015-09-09 22:36 - 2011-03-08 19:30 - 00000000 ____D C:\Users\brenda\AppData\Local\Google
==================== Files in the root of some directories =======
2012-03-23 03:45 - 2012-03-23 03:45 - 3993600 _____ () C:\Program Files (x86)\GUTE058.tmp
2015-07-24 16:24 - 2015-08-15 06:56 - 0000020 _____ () C:\Users\brenda\AppData\Roaming\appdataFr2.bin
2015-07-23 18:17 - 2015-10-07 10:33 - 0000024 _____ () C:\Users\brenda\AppData\Roaming\appdataFr25.bin
2012-09-28 00:01 - 2012-09-28 00:01 - 0008428 _____ () C:\Users\brenda\AppData\Roaming\UserTile.png
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-04 16:52
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-10-2015
Ran by brenda (2015-10-07 11:36:56)
Running from C:\Users\brenda\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-08 23:24:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2944084441-1480808141-3925479954-500 - Administrator - Enabled) => C:\Users\Administrator
brenda (S-1-5-21-2944084441-1480808141-3925479954-1001 - Administrator - Enabled) => C:\Users\brenda
Guest (S-1-5-21-2944084441-1480808141-3925479954-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2944084441-1480808141-3925479954-1020 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.149 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.1.1000.15664 - systweak.com) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1520 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Google Chrome (HKLM-x32\...\{B9A82C41-4F48-3C15-8A84-1A84582BE03E}) (Version: 66.88.49307 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Rescue Calling Card (HKLM-x32\...\{A22B8513-EA8C-46A1-9735-F5BE971C368D}) (Version: 7.4.515 - LogMeIn, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
missing e (HKLM-x32\...\{450F78BE-2B5E-C81D-0656-897759985405}) (Version: - "") <==== ATTENTION
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
PCKeeper (HKLM\...\{22FB50CC-F204-46D3-AE33-C6F94441FB0A}) (Version: 2.1.181 - Kromtech) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ReactorExtender (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a9cff455}) (Version: - Software Publisher) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
The Phone Support Dock (HKLM-x32\...\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1) (Version: 2.1.100.15944 - The Phone Support Pvt. Ltd.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WinClean Pro (HKLM-x32\...\{00CF08C3-ED21-49fa-9263-5492CAEA92C2}_is1) (Version: 2.5.1001.563 - Systweak Software) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
29-07-2015 16:42:54 Windows Update
04-08-2015 18:11:28 Windows Update
16-08-2015 13:00:00 Scheduled Checkpoint
18-08-2015 21:43:13 WinClean Pro - Restore Point Before Cleaning
27-08-2015 21:35:40 Scheduled Checkpoint
16-09-2015 17:58:31 Scheduled Checkpoint
04-10-2015 16:59:22 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {038CCE79-761E-4511-9EF0-507A0DB6A686} - System32\Tasks\{B9E08E9A-6A44-4FE4-85E5-7BE12C158E9B} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {0C0ECCC5-1326-4F75-824F-59B5B3B11BAF} - System32\Tasks\Superclean => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe [2014-08-15] (Super PC Tools Ltd) <==== ATTENTION
Task: {4A21C2DE-83B2-4DD3-BA6D-CA3124F5E518} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73F177E0-B844-404B-985B-7D225E92C3C9} - System32\Tasks\{DF325C64-A35E-4C25-88C4-952D79120A31} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {AEDCE73C-F6F7-4429-A9BB-79A1B0ACC1E5} - System32\Tasks\DNSQUINTANA => C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe [2015-09-24] ()
Task: {D61D6359-D0FA-479C-85AA-7811EE3DDBFB} - System32\Tasks\{B4839A78-1808-411E-97C5-62884EAD6702} => C:\Users\brenda\Downloads\vox_package\viewvox.exe [2015-09-07] ()
Task: {DE645644-AE01-4BA5-BAA6-18A73BCF018A} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Superclean.job => c:\programdata\{8bbb970a-1e7b-9fdc-8bbb-b970a1e75c28}\hqghumeaylnlf.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2014-10-10 17:59 - 2014-10-10 17:59 - 00048920 _____ () C:\Program Files\Kromtech\PCKeeper\SharedNativeLibraryPS.dll
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-15 13:32 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-10-07 10:53 - 2015-09-24 18:43 - 00537088 _____ () C:\Program Files (x86)\DNS Unlocker\dnsquintana.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2944084441-1480808141-3925479954-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\brenda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.152 - 82.163.143.182
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: DatamngrCoordinator => 2
MSCONFIG\Services: FastFreeConverterUpdt => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IBUpdaterService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MyWebSearchService => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: vToolbarUpdater11.2.0 => 2
MSCONFIG\Services: WajamUpdater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^brenda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~2.EXE
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: RebateInformer => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
MSCONFIG\startupreg: SearchProtect => C:\Users\brenda\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SelectRebates => C:\Program Files (x86)\SelectRebates\SelectRebates.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\brenda\AppData\Roaming\Yontoo\YontooDesktop.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB20C4E5-739F-4FEF-9849-D5923D807933}] => (Allow) LPort=2869
FirewallRules: [{A17F1F14-DA92-474F-8B09-17ADE5CE7063}] => (Allow) LPort=1900
FirewallRules: [{67E9151E-F6F6-42A5-9CE2-3343EF13571B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{67D0A84E-6AAD-41DD-BC33-96EEA32E9FFA}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{94E4FCC3-70AB-457A-BD38-7D9F6250751A}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{24648242-47FE-4E41-ABD8-DA881A89F11E}] => (Allow) LPort=10255
FirewallRules: [{40E6EDAC-F195-43A4-A89F-D5D64B68C1C8}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{57E98F31-2026-4166-9D5C-11C5200B3706}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{363E4EC4-37F5-46E6-A938-1975F732A36A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{468D5EFC-2ABF-402D-8F77-D7DFD70004CC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{34CBEC96-002D-4D0A-85EA-1521F3A5EFC1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{EC4F6940-DD88-45AE-A78F-7B8773673A91}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [TCP Query User{039E4928-C100-4654-BC59-DC4E0BDF45FC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{747F9408-A3D3-4F3C-8D52-C887EE998CF3}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{DAD36BA6-A754-4E0D-AB4D-4E17FFD72486}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{28300583-0854-40C9-AB67-F26968524524}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{C9832213-4B55-4EDD-B406-B39217D2E41B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5502A73-883C-45B4-B48F-04E044A170C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{49EE852D-5843-486D-8C47-D515018E386F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7DC44BA-266F-4AD4-8302-8D49BCCBC70A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C075F3EB-7B11-4A21-A079-F0FCFB495845}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F3B62863-677B-4E45-B952-A997880DCCDB}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{D1E5C826-4D75-42EC-B360-65B5047AF58E}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{25C920A4-9EE3-4F6C-9C6E-F26987434FC4}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{98B2A31C-FE37-48FF-844A-D890439E8D73}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{919DDD15-04A8-404C-B380-AF67F7180F0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Avgldx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/06/2015 12:53:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1466
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1466
Error: (10/05/2015 09:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1716
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1716
Error: (10/04/2015 08:24:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/04/2015 07:00:25 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).
Error: (10/04/2015 04:59:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed
System Error:
.
Error: (10/04/2015 04:59:36 PM) (Source:
Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed
System Error:
.
System errors:
=============
Error: (10/04/2015 05:07:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (10/04/2015 05:06:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (10/04/2015 05:05:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (10/04/2015 05:04:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (10/04/2015 05:04:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (10/04/2015 05:03:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (10/04/2015 05:03:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 2TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (09/30/2015 09:26:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (09/30/2015 09:26:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
Error: (09/30/2015 09:26:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%2
CodeIntegrity:
===================================
Date: 2013-02-21 02:34:53.275
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-21 02:33:41.485
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-02-21 02:19:56.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 68%
Total physical RAM: 2939.98 MB
Available physical RAM: 915.91 MB
Total Virtual: 5878.16 MB
Available Virtual: 3000.32 MB
==================== Drives ================================
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:144.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code:
Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 1BF86417)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
==================== End of Addition.txt ============================