Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe High CPU usage!


  • This topic is locked This topic is locked
41 replies to this topic

#1 gargantuan

gargantuan

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 23 September 2014 - 12:44 AM

I have recently had a sudden increase in CPU usage by explorer.exe

 

I have run AVG, Malwarebytes and TDSS killer with no apparent luck, i also tried doing a system restore to the oldest set point (only two weeks old tho). After this there has still been fluctuating high CPU usage, sometimes it seems to draw the max amount cpu, other times only an unusually high amount. I have a system image from a month ago but thought i'd try a bit harder before doing a total system wipe.

 

Any specific assistance would be grand!

 

Cheers Alex

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.67.2
Run by Alex Bravo at 15:26:50 on 2014-09-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.10141.7139 [GMT 10:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GoogleChromeAutoLaunch_16C0EC110197743E89E4BE2349B0C9DC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [TSUScheduler] C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ALEXBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ALEXBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\ALEXBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 10.10.10.21 10.10.10.20
TCP: Interfaces\{4906003F-65AA-4D7A-82A1-272E9136F898} : DHCPNameServer = 10.10.10.21 10.10.10.20
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109} : DHCPNameServer = 10.10.10.21 10.10.10.20
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109}\D4F6F6275675966496 : DHCPNameServer = 10.10.10.20 10.10.10.21
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109}\D4F6F627567596649623 : DHCPNameServer = 10.10.10.20 10.10.10.21
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109}\E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EF141691-D0FF-4019-A75C-6B5AAE4D94F5} : DHCPNameServer = 192.168.42.129
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= acaptuser32.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [BatteryManager] C:\Program Files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2369720]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-8 47032]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\windows\System32\irstrtsv.exe --> C:\windows\System32\irstrtsv.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-7-22 212944]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-7-11 6891312]
R2 risdxc;risdxc;C:\windows\System32\drivers\risdxc64.sys [2013-8-17 101888]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-8-23 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-17 2656536]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-10-25 213504]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-8-17 38096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-8-17 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-8-11 833464]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-8-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 kz2avs;Traktor Kontrol Z2 WDM Audio;C:\windows\System32\drivers\kz2avs.sys [2012-12-18 359784]
S3 kz2usb_svc;Traktor Kontrol Z2;C:\windows\System32\drivers\kz2usb.sys [2012-12-18 84328]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-09-23 04:06:01 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-23 04:05:48 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-09-23 04:05:48 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-09-23 04:05:48 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-21 05:42:21 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-21 05:42:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 05:41:57 -------- d-----w- C:\Users\Alex Bravo\AppData\Local\Programs
2014-09-20 11:45:56 -------- d-----w- C:\TDSSKiller_Quarantine
2014-09-19 01:27:45 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\AVG2015
2014-09-19 01:27:14 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\TuneUp Software
2014-09-19 01:27:08 -------- d--h--w- C:\$AVG
2014-09-19 01:27:08 -------- d-----w- C:\ProgramData\AVG2015
2014-09-19 01:26:47 -------- d-----w- C:\Program Files (x86)\AVG
2014-09-19 01:24:02 -------- d--h--w- C:\ProgramData\Common Files
2014-09-19 01:24:02 -------- d-----w- C:\Users\Alex Bravo\AppData\Local\MFAData
2014-09-19 01:24:02 -------- d-----w- C:\Users\Alex Bravo\AppData\Local\Avg2015
2014-09-19 01:24:02 -------- d-----w- C:\ProgramData\MFAData
2014-09-03 02:03:14 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\Ableton
2014-09-03 02:03:14 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2014-09-03 02:02:49 -------- d-----w- C:\ProgramData\Ableton
2014-09-03 00:12:13 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-29 04:55:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-29 04:55:53 -------- d-----w- C:\Program Files\iPod
2014-08-29 04:55:52 -------- d-----w- C:\Program Files\iTunes
2014-08-29 04:55:52 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-28 05:42:41 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\PioneerLog
2014-08-28 05:38:57 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\Pioneer
2014-08-28 05:25:38 -------- d-----w- C:\Program Files (x86)\Pioneer
.
==================== Find3M  ====================
.
.
============= FINISH: 15:27:06.96 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 28 September 2014 - 12:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/549419 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 28 September 2014 - 08:38 PM

Hey!

 

Still been having issues, i've 'end process' the explore.exe a few times and a dll process replaced the high cpu,

i've just done another dds scan but at that time i don't think the high cpu issue was active.

I will run it again if it crops up...

 

I don't have the original windows disk either!

 

Basically i want to make sure that i'm clean even if i'm seeming ok right now!

 

Cheers Alex

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.67.2
Run by Alex Bravo at 11:23:21 on 2014-09-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.10141.8311 [GMT 10:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GoogleChromeAutoLaunch_16C0EC110197743E89E4BE2349B0C9DC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [TSUScheduler] C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ALEXBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ALEXBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\ALEXBR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 10.10.10.21 10.10.10.20
TCP: Interfaces\{4906003F-65AA-4D7A-82A1-272E9136F898} : DHCPNameServer = 10.10.10.21 10.10.10.20
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109} : DHCPNameServer = 10.10.10.21 10.10.10.20
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109}\D4F6F6275675966496 : DHCPNameServer = 10.10.10.20 10.10.10.21
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109}\D4F6F627567596649623 : DHCPNameServer = 10.10.10.20 10.10.10.21
TCP: Interfaces\{B6801C30-F788-4FED-B497-77920FDE7109}\E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EF141691-D0FF-4019-A75C-6B5AAE4D94F5} : DHCPNameServer = 192.168.42.129
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= acaptuser32.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [BatteryManager] C:\Program Files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2428088]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-8 47032]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\windows\System32\irstrtsv.exe --> C:\windows\System32\irstrtsv.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-7-22 212944]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-7-11 6891312]
R2 risdxc;risdxc;C:\windows\System32\drivers\risdxc64.sys [2013-8-17 101888]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-8-23 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-17 2656536]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-10-25 213504]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-8-17 38096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-8-17 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-8-11 833464]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-8-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 kz2avs;Traktor Kontrol Z2 WDM Audio;C:\windows\System32\drivers\kz2avs.sys [2012-12-18 359784]
S3 kz2usb_svc;Traktor Kontrol Z2;C:\windows\System32\drivers\kz2usb.sys [2012-12-18 84328]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-09-23 04:06:01 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-23 04:05:48 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-09-23 04:05:48 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-09-23 04:05:48 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-21 05:42:21 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-21 05:42:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 05:41:57 -------- d-----w- C:\Users\Alex Bravo\AppData\Local\Programs
2014-09-20 11:45:56 -------- d-----w- C:\TDSSKiller_Quarantine
2014-09-19 01:27:45 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\AVG2015
2014-09-19 01:27:14 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\TuneUp Software
2014-09-19 01:27:08 -------- d--h--w- C:\$AVG
2014-09-19 01:27:08 -------- d-----w- C:\ProgramData\AVG2015
2014-09-19 01:26:47 -------- d-----w- C:\Program Files (x86)\AVG
2014-09-19 01:24:02 -------- d--h--w- C:\ProgramData\Common Files
2014-09-19 01:24:02 -------- d-----w- C:\Users\Alex Bravo\AppData\Local\MFAData
2014-09-19 01:24:02 -------- d-----w- C:\Users\Alex Bravo\AppData\Local\Avg2015
2014-09-19 01:24:02 -------- d-----w- C:\ProgramData\MFAData
2014-09-03 02:03:14 -------- d-----w- C:\Users\Alex Bravo\AppData\Roaming\Ableton
2014-09-03 02:03:14 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2014-09-03 02:02:49 -------- d-----w- C:\ProgramData\Ableton
2014-09-03 00:12:13 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
.
============= FINISH: 11:23:33.27 ===============
 

Attached Files



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:47 AM

Posted 29 September 2014 - 02:54 AM

Hello gargantuan and welcome to BleepingComputer!     :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be check for approval first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 2 days, feel free to PM me.     :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================


Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 September 2014 - 08:25 PM

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014
Ran by Alex Bravo (administrator) on MELCHIZEDEK on 30-09-2014 11:21:50
Running from C:\Users\Alex Bravo\Downloads
Loaded Profile: Alex Bravo (Available profiles: Alex Bravo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Dropbox, Inc.) C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(dotPDN LLC) C:\Program Files\Paint.NET\PaintDotNet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-29] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-19] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4018014455-1113984-4257092306-1000\...\Run: [GoogleChromeAutoLaunch_16C0EC110197743E89E4BE2349B0C9DC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-4018014455-1113984-4257092306-1000\...\MountPoints2: {98836790-0eee-11e3-9aaf-e89d87432131} - D:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: acaptuser64.dll => C:\windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll => "acaptuser32.dll" File Not Found
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.21 10.10.10.20
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-16]
CHR Extension: (Google Drive) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-16]
CHR Extension: (Google Search) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-16]
CHR Extension: (Zotero Connector) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-10-15] (Macrovision Europe Ltd.) [File not signed]
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 kz2avs; C:\Windows\System32\Drivers\kz2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 kz2usb_svc; C:\Windows\System32\Drivers\kz2usb.sys [84328 2012-12-18] (Native Instruments GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Tosrfcom; No ImagePath
S1 vcdrom; \??\C:\Windows\System32\drivers\VCdRom.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-30 11:21 - 2014-09-30 11:22 - 00022706 _____ () C:\Users\Alex Bravo\Downloads\FRST.txt
2014-09-30 11:21 - 2014-09-30 11:21 - 00000000 ____D () C:\FRST
2014-09-30 11:19 - 2014-09-30 11:19 - 02108928 _____ (Farbar) C:\Users\Alex Bravo\Downloads\FRST64.exe
2014-09-29 11:30 - 2014-09-29 11:30 - 00005180 _____ () C:\Users\Alex Bravo\Documents\Attach2.txt
2014-09-28 22:55 - 2014-09-28 22:56 - 40282948 _____ () C:\Users\Alex Bravo\Downloads\Raiders Banks CASS MSTR.wav
2014-09-23 17:07 - 2014-09-23 21:59 - 12410670 _____ () C:\Users\Alex Bravo\Downloads\Money's To Tight (Real Nice Edit).m4a
2014-09-23 16:01 - 2014-09-23 16:01 - 00022266 _____ () C:\Users\Alex Bravo\Documents\DDS.txt
2014-09-23 15:39 - 2014-09-23 15:39 - 00005452 _____ () C:\Users\Alex Bravo\Documents\Attach.txt
2014-09-23 15:27 - 2014-09-29 11:23 - 00019601 _____ () C:\Users\Alex Bravo\Desktop\dds.txt
2014-09-23 15:27 - 2014-09-29 11:23 - 00005180 _____ () C:\Users\Alex Bravo\Desktop\attach.txt
2014-09-23 15:24 - 2014-09-23 15:24 - 00688992 ____R (Swearware) C:\Users\Alex Bravo\Downloads\dds.com
2014-09-23 14:06 - 2014-09-23 14:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 14:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-23 14:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-23 14:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-23 12:56 - 2014-09-23 13:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex Bravo\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 15:42 - 2014-09-23 14:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 15:42 - 2014-09-21 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 21:45 - 2014-09-20 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-19 11:27 - 2014-09-22 17:58 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ___HD () C:\$AVG
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\TuneUp Software
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\AVG2015
2014-09-19 11:26 - 2014-09-19 11:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-19 11:24 - 2014-09-22 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-19 11:24 - 2014-09-19 11:29 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Avg2015
2014-09-19 11:24 - 2014-09-19 11:24 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\MFAData
2014-09-17 22:20 - 2014-09-17 22:20 - 34944088 _____ () C:\Users\Alex Bravo\Downloads\H1987 - ATLANTA.wav
2014-09-17 22:14 - 2014-09-17 22:17 - 48234040 _____ () C:\Users\Alex Bravo\Downloads\Knight One - Swords Cry (The Remixes) - EP.zip
2014-09-17 22:10 - 2014-09-17 22:36 - 200002759 _____ () C:\Users\Alex Bravo\Downloads\LSC14.zip
2014-09-08 14:23 - 2014-09-17 22:49 - 73394698 _____ () C:\Users\Alex Bravo\Downloads\Disclosure_Latch_Chas Bronz And Ser Clave Remix.wav
2014-09-03 16:41 - 2014-09-03 16:41 - 00002231 _____ () C:\Users\Alex Bravo\Documents\0 Mixtapes_Hot Jam [Nu Disco + Indie Dance].m3u
2014-09-03 16:40 - 2014-09-03 16:40 - 00001925 _____ () C:\Users\Alex Bravo\Documents\0 Mixtapes_HOUSEparty Mix [mixed styles].m3u
2014-09-03 12:03 - 2014-09-22 17:55 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-09-03 12:03 - 2014-09-03 12:03 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Ableton
2014-09-03 12:02 - 2014-09-22 17:55 - 00000000 ____D () C:\ProgramData\Ableton
2014-09-03 12:02 - 2014-09-03 12:02 - 00000867 _____ () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Lite.lnk
2014-09-03 10:25 - 2014-09-17 22:52 - 62084582 _____ () C:\Users\Alex Bravo\Downloads\Back To Reality - Back To Life (Casual Connection Late Night Groove Rework).wav
2014-09-03 10:25 - 2014-09-17 22:52 - 47366552 _____ () C:\Users\Alex Bravo\Downloads\Never Stop - Give It Up (Casual Connection Late Night Groove Rework).wav
2014-09-03 10:12 - 2014-09-03 10:12 - 00918440 _____ (Oracle Corporation) C:\Users\Alex Bravo\Downloads\chromeinstall-7u67.exe
2014-09-03 10:12 - 2014-09-03 10:12 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-03 10:12 - 2014-09-03 10:12 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-03 10:12 - 2014-09-03 10:12 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-03 10:12 - 2014-09-03 10:12 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 10:12 - 2014-09-03 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-02 22:33 - 2014-09-02 22:33 - 00006371 _____ () C:\Users\Alex Bravo\Downloads\Dj Standards - Ryley.adg
2014-08-31 21:35 - 2014-09-18 10:50 - 81939874 _____ () C:\Users\Alex Bravo\Downloads\stardust (justin martin edit).wav
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-30 11:17 - 2013-08-17 06:45 - 00846650 _____ () C:\windows\WindowsUpdate.log
2014-09-30 11:16 - 2013-08-16 18:39 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-30 11:16 - 2013-08-16 18:39 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-29 14:11 - 2013-09-01 11:55 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Paint.NET
2014-09-29 13:53 - 2009-07-14 15:13 - 00713888 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-29 13:52 - 2009-07-14 14:51 - 00079419 _____ () C:\windows\setupact.log
2014-09-29 10:54 - 2013-10-02 18:21 - 00000000 ___RD () C:\Users\Alex Bravo\Dropbox
2014-09-27 13:31 - 2013-10-02 18:18 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Dropbox
2014-09-26 19:37 - 2009-07-14 14:45 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 19:37 - 2009-07-14 14:45 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 19:30 - 2010-11-21 13:47 - 00789774 _____ () C:\windows\PFRO.log
2014-09-26 19:30 - 2009-07-14 15:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-26 10:09 - 2014-03-21 16:24 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-25 10:04 - 2013-08-16 18:47 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 14:46 - 2013-10-13 14:30 - 00000000 ____D () C:\Users\Alex Bravo\Documents\0 Moore
2014-09-22 21:50 - 2013-10-02 18:21 - 00001047 _____ () C:\Users\Alex Bravo\Desktop\Dropbox.lnk
2014-09-22 21:50 - 2013-10-02 18:18 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 17:59 - 2013-08-16 15:02 - 00000000 ____D () C:\Users\Alex Bravo
2014-09-22 17:57 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-22 17:57 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-22 17:56 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-22 17:56 - 2014-07-30 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-09-22 17:56 - 2013-10-15 17:16 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-22 17:56 - 2013-08-19 22:05 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\vlc
2014-09-22 17:56 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-22 17:56 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-22 17:56 - 2011-09-13 12:38 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\winrm
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\WCN
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\slmgr
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\SysWOW64\WindowsPowerShell
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\system32\WindowsPowerShell
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Web
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Vss
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\spp
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Speech
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\NetworkList
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Msdtc
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\InstallShield
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\IME
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\spp
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\spool
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Speech
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\SMI
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\registration
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files\iTunes
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files\iPod
2014-09-22 17:55 - 2014-08-28 15:26 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2014-09-22 17:55 - 2014-08-28 15:25 - 00000000 ____D () C:\Program Files (x86)\Pioneer
2014-09-22 17:55 - 2014-07-19 18:58 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-09-22 17:55 - 2014-05-31 11:50 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-09-22 17:55 - 2014-05-03 18:43 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Zotero
2014-09-22 17:55 - 2014-05-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-09-22 17:55 - 2014-03-21 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-22 17:55 - 2014-03-01 09:41 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Microsoft Games
2014-09-22 17:55 - 2014-02-26 18:38 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-22 17:55 - 2014-02-17 09:21 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Evernote
2014-09-22 17:55 - 2014-02-08 15:34 - 00000000 ____D () C:\Program Files (x86)\Anki
2014-09-22 17:55 - 2013-12-17 18:37 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Spotify
2014-09-22 17:55 - 2013-11-02 13:43 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Skype
2014-09-22 17:55 - 2013-10-26 15:36 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\uTorrent
2014-09-22 17:55 - 2013-10-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Classic PDF Editor
2014-09-22 17:55 - 2013-09-19 18:57 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\SoftGrid Client
2014-09-22 17:55 - 2013-09-14 13:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-09-14 13:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-09-02 18:01 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-09-22 17:55 - 2013-09-01 11:55 - 00000000 ____D () C:\Program Files\Paint.NET
2014-09-22 17:55 - 2013-08-21 18:06 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Amazon
2014-09-22 17:55 - 2013-08-19 22:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-22 17:55 - 2013-08-17 07:17 - 00000000 ____D () C:\ProgramData\Norton
2014-09-22 17:55 - 2013-08-17 07:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-22 17:55 - 2013-08-17 07:16 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 17:55 - 2013-08-17 07:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-22 17:55 - 2013-08-17 07:09 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-09-22 17:55 - 2013-08-17 07:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\Program Files (x86)\Ricoh
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-09-22 17:55 - 2013-08-17 06:53 - 00000000 ____D () C:\Program Files (x86)\TOH Class Filter
2014-09-22 17:55 - 2013-08-17 06:50 - 00000000 ____D () C:\Program Files (x86)\Atheros
2014-09-22 17:55 - 2013-08-17 06:49 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-22 17:55 - 2013-08-17 06:48 - 00000000 ____D () C:\Program Files\Realtek
2014-09-22 17:55 - 2013-08-17 06:48 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-22 17:55 - 2013-08-17 06:46 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-09-22 17:55 - 2013-08-17 06:42 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-22 17:55 - 2013-08-16 21:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\Program Files\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Google
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Apps\2.0
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 17:55 - 2013-08-16 18:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-08-16 18:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Adobe
2014-09-22 17:55 - 2013-08-16 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-22 17:55 - 2013-08-16 18:34 - 00000000 ____D () C:\Users\Alex Bravo\Documents\samsung
2014-09-22 17:55 - 2013-08-16 18:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\DJ
2014-09-22 17:55 - 2013-08-16 18:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\Alpha
2014-09-22 17:55 - 2013-08-16 15:02 - 00000000 ___RD () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-22 17:55 - 2011-09-13 12:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 17:55 - 2011-09-13 12:34 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\ProgramData\Toshiba
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-09-22 17:55 - 2010-11-21 17:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\Performance
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-22 17:55 - 2009-07-14 14:45 - 00000000 ____D () C:\windows\Setup
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 __RSD () C:\windows\Media
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\oobe
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\NetworkList
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\MUI
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Msdtc
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\IME
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Dism
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\com
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Speech
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\servicing
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\security
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\schemas
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Resources
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\rescache
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\PLA
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\IME
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Help
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Globalization
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Branding
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\AppCompat
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-09-21 15:58 - 2013-10-14 17:54 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\BabSolution
2014-09-21 15:58 - 2013-10-14 17:54 - 00000000 ____D () C:\ProgramData\BitGuard
2014-09-18 12:05 - 2014-08-06 09:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\0 NEAC
2014-09-15 10:51 - 2014-07-19 18:58 - 00000000 ____D () C:\Users\Alex Bravo\Documents\My Kindle Content
2014-09-15 09:47 - 2014-03-15 13:08 - 00000000 ____D () C:\Users\Alex Bravo\Desktop\New folder
2014-09-03 16:39 - 2014-08-28 15:42 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\PioneerLog
2014-09-03 12:00 - 2013-08-16 18:34 - 00000000 ____D () C:\Users\Alex Bravo\Documents\Recreational Disco
2014-09-03 10:13 - 2013-09-14 11:28 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\CrashDumps
2014-09-03 10:12 - 2013-10-17 17:58 - 00000000 ____D () C:\ProgramData\Oracle
 
Some content of TEMP:
====================
C:\Users\Alex Bravo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpncmet5.dll
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 20:47
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2014
Ran by Alex Bravo at 2014-09-30 11:22:25
Running from C:\Users\Alex Bravo\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Ableton Live 9 Lite (HKLM\...\{AEDFFBCA-66CA-4766-8958-AD6EC6E5589C}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.9 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Beatport Downloader (HKLM-x32\...\com.beatport.BeatportDownloader) (Version: 1.4 - Beatport LLC)
Beatport Downloader (x32 Version: 1.4 - Beatport LLC) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
iTunes Export (HKLM-x32\...\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1) (Version: 2.2.2 - UNKNOWN)
iTunes Export (x32 Version: 2.2.2 - UNKNOWN) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 2 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.6.1344 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.6.1344 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.3.1177 - Native Instruments)
Native Instruments Service Center (Version: 2.4.3.1177 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.3.144 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.3.144 - Native Instruments) Hidden
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 10 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (Version: 3.0.2.664 - Native Instruments) Hidden
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
rekordbox 3.0.1 (HKLM-x32\...\Pioneer rekordbox 3.0.1) (Version: 3.0.1.2408 - Pioneer)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Skype™ 5.3 (HKLM-x32\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.116 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.6 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}) (Version: 8.0.42 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3090 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.9.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.29 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zotero Standalone 4.0.21.2 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.21.2 (x86 en-US)) (Version: 4.0.21.2 - Zotero)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
22-09-2014 07:54:51 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {24B8EF9E-5712-49DE-90ED-32BE270CC537} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)
Task: {37D24739-0FC3-4D22-9BD4-C8ABC36E01D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {4C9D878D-C89E-45AA-AE68-C209174C2FE6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {6FEECB95-B9D8-4128-9232-551C55DD3A57} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-06-17] (TOSHIBA CORPORATION)
Task: {A52C43ED-8015-4119-89BD-B630BD8E15A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-26 10:08 - 2014-09-26 10:08 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-01 05:13 - 2011-09-01 05:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-23 08:19 - 2011-08-23 08:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-01 03:37 - 2010-12-01 03:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 07:15 - 2010-03-04 07:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 07:15 - 2010-03-04 07:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-16 08:19 - 2010-12-16 08:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-08-13 07:57 - 2011-08-13 07:57 - 00437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-06-10 14:09 - 2011-06-10 14:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-01 11:55 - 2013-09-01 11:55 - 00241152 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\PaintDotNet.SystemL#\8ff6eb8e269004744dbb3e32a2684017\PaintDotNet.SystemLayer.Native.x64.ni.dll
2011-10-07 17:35 - 2011-10-07 17:35 - 00129632 _____ () C:\Program Files\Paint.NET\Native.x64\PaintDotNet.Native.x64.dll
2011-10-07 17:35 - 2011-10-07 17:35 - 00085600 _____ () C:\Program Files\Paint.NET\PaintDotNet.SystemLayer.Native.x64.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-26 19:37 - 2014-09-26 19:37 - 00043008 _____ () c:\Users\Alex Bravo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpncmet5.dll
2013-08-24 05:01 - 2013-08-24 05:01 - 25100288 _____ () C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 21118304 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-08-26 16:47 - 2014-07-25 16:22 - 00985968 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-08-26 16:47 - 2014-07-25 16:22 - 00136048 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-08-26 16:47 - 2014-07-25 16:22 - 00192368 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2010-11-16 14:02 - 2010-11-16 14:02 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2014-09-26 10:07 - 2014-09-26 10:07 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4018014455-1113984-4257092306-500 - Administrator - Disabled)
Alex Bravo (S-1-5-21-4018014455-1113984-4257092306-1000 - Administrator - Enabled) => C:\Users\Alex Bravo
Guest (S-1-5-21-4018014455-1113984-4257092306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4018014455-1113984-4257092306-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/29/2014 05:57:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7956
 
Error: (09/29/2014 05:57:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7956
 
Error: (09/29/2014 05:57:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2014 05:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6973
 
Error: (09/29/2014 05:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6973
 
Error: (09/29/2014 05:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2014 05:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5975
 
Error: (09/29/2014 05:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5975
 
Error: (09/29/2014 05:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2014 05:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4976
 
 
System errors:
=============
Error: (09/25/2014 07:04:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/22/2014 00:53:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}
 
Error: (09/22/2014 09:27:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/21/2014 04:39:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/20/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/17/2014 08:54:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/15/2014 04:51:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (08/30/2014 10:27:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:20:18 AM on ‎30/‎08/‎2014 was unexpected.
 
Error: (08/28/2014 10:20:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:56:08 AM on ‎28/‎08/‎2014 was unexpected.
 
Error: (08/25/2014 10:06:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
 
 
Microsoft Office Sessions:
=========================
Error: (09/29/2014 05:57:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7956
 
Error: (09/29/2014 05:57:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7956
 
Error: (09/29/2014 05:57:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2014 05:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6973
 
Error: (09/29/2014 05:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6973
 
Error: (09/29/2014 05:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2014 05:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5975
 
Error: (09/29/2014 05:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5975
 
Error: (09/29/2014 05:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/29/2014 05:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4976
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-03 18:30:51.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:30:51.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:29:23.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:29:23.216
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:28:50.657
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:28:50.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 41%
Total physical RAM: 10140.55 MB
Available physical RAM: 5975.55 MB
Total Pagefile: 20279.29 MB
Available Pagefile: 12610.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (S3A4884D002) (Fixed) (Total:405.75 GB) (Free:279.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:14.83 GB) (Free:10.54 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CD11C76B)
Partition 1: (Active) - (Size=6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=405.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=46 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:47 AM

Posted 01 October 2014 - 01:45 AM

Hi gargantuan.

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check (Please check all of your Harddisks one by one.) > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 01 October 2014 - 06:32 AM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          1/10/2014 5:50:46 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Melchizedek
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is S3A4884D002.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  204032 file records processed.                                         
 
File verification completed.
  1325 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  44 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  287308 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  204032 file SDs/SIDs processed.                                        
 
Cleaning up 761 unused index entries from index $SII of file 0x9.
Cleaning up 761 unused index entries from index $SDH of file 0x9.
Cleaning up 761 unused security descriptors.
Security descriptor verification completed.
  41639 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  35616328 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  204016 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  73277005 free clusters processed.                                        
 
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
 
 425464831 KB total disk space.
 131925584 KB in 158155 files.
    111972 KB in 41640 indexes.
         0 KB in bad sectors.
    319255 KB in use by the system.
     65536 KB occupied by the log file.
 293108020 KB available on disk.
 
      4096 bytes in each allocation unit.
 106366207 total allocation units on disk.
  73277005 allocation units available on disk.
 
Internal Info:
00 1d 03 00 6b 0c 03 00 c5 96 05 00 00 00 00 00  ....k...........
2b 86 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  +...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-01T07:50:46.000000000Z" />
    <EventRecordID>36040</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Melchizedek</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is S3A4884D002.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  204032 file records processed.                                         
 
File verification completed.
  1325 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  44 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  287308 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  204032 file SDs/SIDs processed.                                        
 
Cleaning up 761 unused index entries from index $SII of file 0x9.
Cleaning up 761 unused index entries from index $SDH of file 0x9.
Cleaning up 761 unused security descriptors.
Security descriptor verification completed.
  41639 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  35616328 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  204016 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  73277005 free clusters processed.                                        
 
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
 
 425464831 KB total disk space.
 131925584 KB in 158155 files.
    111972 KB in 41640 indexes.
         0 KB in bad sectors.
    319255 KB in use by the system.
     65536 KB occupied by the log file.
 293108020 KB available on disk.
 
      4096 bytes in each allocation unit.
 106366207 total allocation units on disk.
  73277005 allocation units available on disk.
 
Internal Info:
00 1d 03 00 6b 0c 03 00 c5 96 05 00 00 00 00 00  ....k...........
2b 86 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  +...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:47 AM

Posted 02 October 2014 - 05:55 AM

Hi gargantuan.

 

Please download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.
 

1406373241-3-o.png
 

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It] button.
 

1406373250-4-o.png
 

Go to Step 5 and under "System Restore" click on Create button.
 

1406373259-5-o.png
 

Go to Start Repairs tab and click Start button.
 

1406373267-start1-o.png
 

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.
 

1406373275-start2-o.png
 
 
After the repair finished, you maybe prompted to restart the computer, allow it to do so.
 
Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

===========================================

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 02 October 2014 - 07:37 PM

I'll run windows repair after class!

 

As mentioned before the last DDS and Wininit scan i ran was when the high cpu usage process was not running, but it currently has popped up now, do you need another scan to help work out the issue, or are you fairly sure whats going on?

 

 

Thanks



#10 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 02 October 2014 - 11:59 PM

Tweaking.com - Windows Repair v2.9.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: MELCHIZEDEK
Windows Drive: C:\
Windows Path: C:\windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Alex Bravo
Current Profile SID: S-1-5-21-4018014455-1113984-4257092306-1000
Current Profile Classes: S-1-5-21-4018014455-1113984-4257092306-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\windows\ServiceProfiles
Local Settings AppData: C:\Users\Alex Bravo\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:10:34
 
Process Count: 131
Commit Total: 4.99 GB
Commit Limit: 19.80 GB
Commit Peak: 5.08 GB
Handle Count: 31627
Kernel Total: 509.54 MB
Kernel Paged: 388.12 MB
Kernel Non Paged: 121.42 MB
System Cache: 5.99 GB
Thread Count: 1403
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 9.90 GB
Memory Used: 3.95 GB(39.8913%)
Memory Avail.: 5.95 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 9.90 GB
Memory Used: 3.52 GB(35.5359%)
Memory Avail.: 6.38 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (3/10/2014 2:46:40 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 94
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/10/2014 2:46:41 PM)
   Running Repair Under Current User Account
   Done (3/10/2014 2:46:49 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/10/2014 2:46:49 PM)
   Running Repair Under System Account
   Done (3/10/2014 2:50:14 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/10/2014 2:50:14 PM)
   Running Repair Under System Account
   Done (3/10/2014 2:51:05 PM)
 
03 - Reset Service Permissions
   Start (3/10/2014 2:51:05 PM)
   Running Repair Under System Account
   Done (3/10/2014 2:51:08 PM)
 
04 - Register System Files
   Start (3/10/2014 2:51:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:51:25 PM)
 
05 - Repair WMI
   Start (3/10/2014 2:51:25 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (3/10/2014 2:52:29 PM)
 
06 - Repair Windows Firewall
   Start (3/10/2014 2:52:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:53:03 PM)
 
07 - Repair Internet Explorer
   Start (3/10/2014 2:53:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:53:21 PM)
 
08 - Repair MDAC/MS Jet
   Start (3/10/2014 2:53:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:53:28 PM)
 
09 - Repair Hosts File
   Start (3/10/2014 2:53:28 PM)
   Running Repair Under System Account
   Done (3/10/2014 2:53:29 PM)
 
10 - Remove Policies Set By Infections
   Start (3/10/2014 2:53:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:53:32 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (3/10/2014 2:53:32 PM)
   Running Repair Under System Account
   Done (3/10/2014 2:53:33 PM)
 
12 - Repair Icons
   Start (3/10/2014 2:53:33 PM)
   Running Repair Under Current User Account
   Done (3/10/2014 2:53:34 PM)
 
13 - Repair Winsock & DNS Cache
   Start (3/10/2014 2:53:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:53:50 PM)
 
15 - Repair Proxy Settings
   Start (3/10/2014 2:53:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:53:52 PM)
 
17 - Repair Windows Updates
   Start (3/10/2014 2:53:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (3/10/2014 2:54:06 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (3/10/2014 2:54:06 PM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (3/10/2014 2:54:06 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (3/10/2014 2:54:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:25 PM)
 
21 - Repair MSI (Windows Installer)
   Start (3/10/2014 2:54:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:34 PM)
 
23.01 - Repair bat Association
   Start (3/10/2014 2:54:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:36 PM)
 
23.02 - Repair cmd Association
   Start (3/10/2014 2:54:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:38 PM)
 
23.03 - Repair com Association
   Start (3/10/2014 2:54:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:41 PM)
 
23.04 - Repair Directory Association
   Start (3/10/2014 2:54:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:43 PM)
 
23.05 - Repair Drive Association
   Start (3/10/2014 2:54:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:45 PM)
 
23.06 - Repair exe Association
   Start (3/10/2014 2:54:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:47 PM)
 
23.07 - Repair Folder Association
   Start (3/10/2014 2:54:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:49 PM)
 
23.08 - Repair inf Association
   Start (3/10/2014 2:54:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:52 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (3/10/2014 2:54:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:54 PM)
 
23.10 - Repair msc Association
   Start (3/10/2014 2:54:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:56 PM)
 
23.11 - Repair reg Association
   Start (3/10/2014 2:54:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:54:58 PM)
 
23.12 - Repair scr Association
   Start (3/10/2014 2:54:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:55:01 PM)
 
24 - Repair Windows Safe Mode
   Start (3/10/2014 2:55:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:55:03 PM)
 
25 - Repair Print Spooler
   Start (3/10/2014 2:55:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:55:16 PM)
 
26 - Restore Important Windows Services
   Start (3/10/2014 2:55:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:55:21 PM)
 
27 - Set Windows Services To Default Startup
   Start (3/10/2014 2:55:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:55:24 PM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
31 - Repair Windows 'New' Submenu
   Start (3/10/2014 2:55:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/10/2014 2:55:26 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (3/10/2014 2:55:26 PM)
   Total Repair Time: 00:08:48
 
 
...YOU MUST RESTART YOUR SYSTEM...
 
 
 
Thanks for your help!


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:47 AM

Posted 03 October 2014 - 01:33 PM

Hi gargantuan.

 

The fix looks good, now how's your machine running?

 

Also please create new FRST log file for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 03 October 2014 - 06:59 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014
Ran by Alex Bravo (administrator) on MELCHIZEDEK on 04-10-2014 09:57:37
Running from C:\Users\Alex Bravo\Downloads
Loaded Profile: Alex Bravo (Available profiles: Alex Bravo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-29] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-19] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4018014455-1113984-4257092306-1000\...\Run: [GoogleChromeAutoLaunch_16C0EC110197743E89E4BE2349B0C9DC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-4018014455-1113984-4257092306-1000\...\MountPoints2: {98836790-0eee-11e3-9aaf-e89d87432131} - D:\HTC_Sync_Manager_PC.exe
AppInit_DLLs-x32: acaptuser32.dll => "acaptuser32.dll" File Not Found
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.21 10.10.10.20
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-16]
CHR Extension: (Google Drive) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-16]
CHR Extension: (Google Search) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-16]
CHR Extension: (Zotero Connector) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-10-15] (Macrovision Europe Ltd.) [File not signed]
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 kz2avs; C:\Windows\System32\Drivers\kz2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 kz2usb_svc; C:\Windows\System32\Drivers\kz2usb.sys [84328 2012-12-18] (Native Instruments GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Tosrfcom; No ImagePath
S1 vcdrom; \??\C:\Windows\System32\drivers\VCdRom.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 09:57 - 2014-10-04 09:57 - 00000000 ____D () C:\Users\Alex Bravo\Downloads\FRST-OlderVersion
2014-10-03 16:38 - 2014-10-03 16:38 - 00000165 ____H () C:\Users\Alex Bravo\Documents\~$S&R.xlsx
2014-10-03 14:35 - 2014-10-03 14:35 - 00003288 ____N () C:\bootsqm.dat
2014-10-03 14:30 - 2014-10-03 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-03 14:30 - 2014-10-03 14:30 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-03 14:29 - 2014-10-03 14:42 - 00008646 _____ () C:\Users\Alex Bravo\Documents\S&R.xlsx
2014-10-03 14:26 - 2014-10-03 14:26 - 09850208 _____ () C:\Users\Alex Bravo\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-30 11:22 - 2014-09-30 11:23 - 00037021 _____ () C:\Users\Alex Bravo\Downloads\Addition.txt
2014-09-30 11:21 - 2014-10-04 09:57 - 00022253 _____ () C:\Users\Alex Bravo\Downloads\FRST.txt
2014-09-30 11:21 - 2014-10-04 09:57 - 00000000 ____D () C:\FRST
2014-09-30 11:19 - 2014-10-04 09:57 - 02109440 _____ (Farbar) C:\Users\Alex Bravo\Downloads\FRST64.exe
2014-09-29 11:30 - 2014-09-29 11:30 - 00005180 _____ () C:\Users\Alex Bravo\Documents\Attach2.txt
2014-09-28 22:55 - 2014-09-28 22:56 - 40282948 _____ () C:\Users\Alex Bravo\Downloads\Raiders Banks CASS MSTR.wav
2014-09-23 17:07 - 2014-09-23 21:59 - 12410670 _____ () C:\Users\Alex Bravo\Downloads\Money's To Tight (Real Nice Edit).m4a
2014-09-23 16:01 - 2014-09-23 16:01 - 00022266 _____ () C:\Users\Alex Bravo\Documents\DDS.txt
2014-09-23 15:39 - 2014-09-23 15:39 - 00005452 _____ () C:\Users\Alex Bravo\Documents\Attach.txt
2014-09-23 15:27 - 2014-09-29 11:23 - 00019601 _____ () C:\Users\Alex Bravo\Desktop\dds.txt
2014-09-23 15:27 - 2014-09-29 11:23 - 00005180 _____ () C:\Users\Alex Bravo\Desktop\attach.txt
2014-09-23 15:24 - 2014-09-23 15:24 - 00688992 ____R (Swearware) C:\Users\Alex Bravo\Downloads\dds.com
2014-09-23 14:06 - 2014-09-23 14:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 14:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-23 14:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-23 14:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-23 12:56 - 2014-09-23 13:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex Bravo\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 15:42 - 2014-09-23 14:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 15:42 - 2014-09-21 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 21:45 - 2014-09-20 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-19 11:27 - 2014-09-22 17:58 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ___HD () C:\$AVG
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\TuneUp Software
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\AVG2015
2014-09-19 11:26 - 2014-09-19 11:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-19 11:24 - 2014-09-22 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-19 11:24 - 2014-09-19 11:29 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Avg2015
2014-09-19 11:24 - 2014-09-19 11:24 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\MFAData
2014-09-17 22:20 - 2014-09-17 22:20 - 34944088 _____ () C:\Users\Alex Bravo\Downloads\H1987 - ATLANTA.wav
2014-09-08 14:23 - 2014-09-17 22:49 - 73394698 _____ () C:\Users\Alex Bravo\Downloads\Disclosure_Latch_Chas Bronz And Ser Clave Remix.wav
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 09:46 - 2013-08-17 06:45 - 00868426 _____ () C:\windows\WindowsUpdate.log
2014-10-03 17:13 - 2013-08-16 18:39 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 16:40 - 2009-07-14 14:45 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 16:40 - 2009-07-14 14:45 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 16:39 - 2009-07-14 15:13 - 00713888 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-03 16:37 - 2009-07-14 14:51 - 00080675 _____ () C:\windows\setupact.log
2014-10-03 14:58 - 2013-08-16 15:02 - 00113760 _____ () C:\Users\Alex Bravo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-03 14:57 - 2013-10-02 18:21 - 00000000 ___RD () C:\Users\Alex Bravo\Dropbox
2014-10-03 14:57 - 2013-10-02 18:18 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Dropbox
2014-10-03 14:57 - 2013-08-16 18:39 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 14:57 - 2010-11-21 17:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-03 14:57 - 2010-11-21 13:47 - 00790124 _____ () C:\windows\PFRO.log
2014-10-03 14:57 - 2009-07-14 15:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-03 14:57 - 2009-07-14 14:45 - 00440600 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-03 14:53 - 2009-07-14 12:34 - 00000439 _____ () C:\windows\win.ini
2014-10-01 22:21 - 2013-08-19 22:05 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\vlc
2014-10-01 22:12 - 2013-10-26 15:36 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\uTorrent
2014-10-01 21:59 - 2013-08-16 18:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\Alpha
2014-09-29 14:11 - 2013-09-01 11:55 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Paint.NET
2014-09-26 10:09 - 2014-03-21 16:24 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-25 10:04 - 2013-08-16 18:47 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 14:46 - 2013-10-13 14:30 - 00000000 ____D () C:\Users\Alex Bravo\Documents\0 Moore
2014-09-22 21:50 - 2013-10-02 18:21 - 00001047 _____ () C:\Users\Alex Bravo\Desktop\Dropbox.lnk
2014-09-22 21:50 - 2013-10-02 18:18 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 17:59 - 2013-08-16 15:02 - 00000000 ____D () C:\Users\Alex Bravo
2014-09-22 17:57 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-22 17:57 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-22 17:56 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-22 17:56 - 2014-07-30 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-09-22 17:56 - 2013-10-15 17:16 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-22 17:56 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-22 17:56 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-22 17:56 - 2011-09-13 12:38 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\winrm
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\WCN
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\slmgr
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\SysWOW64\WindowsPowerShell
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\system32\WindowsPowerShell
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Web
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Vss
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\spp
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Speech
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\NetworkList
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Msdtc
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\InstallShield
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\IME
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\spp
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\spool
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Speech
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\SMI
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\registration
2014-09-22 17:55 - 2014-09-03 12:03 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-09-22 17:55 - 2014-09-03 12:02 - 00000000 ____D () C:\ProgramData\Ableton
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files\iTunes
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files\iPod
2014-09-22 17:55 - 2014-08-28 15:26 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2014-09-22 17:55 - 2014-08-28 15:25 - 00000000 ____D () C:\Program Files (x86)\Pioneer
2014-09-22 17:55 - 2014-07-19 18:58 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-09-22 17:55 - 2014-05-31 11:50 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-09-22 17:55 - 2014-05-03 18:43 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Zotero
2014-09-22 17:55 - 2014-05-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-09-22 17:55 - 2014-03-21 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-22 17:55 - 2014-03-01 09:41 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Microsoft Games
2014-09-22 17:55 - 2014-02-26 18:38 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-22 17:55 - 2014-02-17 09:21 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Evernote
2014-09-22 17:55 - 2014-02-08 15:34 - 00000000 ____D () C:\Program Files (x86)\Anki
2014-09-22 17:55 - 2013-12-17 18:37 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Spotify
2014-09-22 17:55 - 2013-11-02 13:43 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Skype
2014-09-22 17:55 - 2013-10-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Classic PDF Editor
2014-09-22 17:55 - 2013-09-19 18:57 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\SoftGrid Client
2014-09-22 17:55 - 2013-09-14 13:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-09-14 13:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-09-02 18:01 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-09-22 17:55 - 2013-09-01 11:55 - 00000000 ____D () C:\Program Files\Paint.NET
2014-09-22 17:55 - 2013-08-21 18:06 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Amazon
2014-09-22 17:55 - 2013-08-19 22:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-22 17:55 - 2013-08-17 07:17 - 00000000 ____D () C:\ProgramData\Norton
2014-09-22 17:55 - 2013-08-17 07:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-22 17:55 - 2013-08-17 07:16 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 17:55 - 2013-08-17 07:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-22 17:55 - 2013-08-17 07:09 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-09-22 17:55 - 2013-08-17 07:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\Program Files (x86)\Ricoh
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-09-22 17:55 - 2013-08-17 06:53 - 00000000 ____D () C:\Program Files (x86)\TOH Class Filter
2014-09-22 17:55 - 2013-08-17 06:50 - 00000000 ____D () C:\Program Files (x86)\Atheros
2014-09-22 17:55 - 2013-08-17 06:49 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-22 17:55 - 2013-08-17 06:48 - 00000000 ____D () C:\Program Files\Realtek
2014-09-22 17:55 - 2013-08-17 06:48 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-22 17:55 - 2013-08-17 06:46 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-09-22 17:55 - 2013-08-17 06:42 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-22 17:55 - 2013-08-16 21:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\Program Files\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Google
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Apps\2.0
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 17:55 - 2013-08-16 18:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-08-16 18:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Adobe
2014-09-22 17:55 - 2013-08-16 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-22 17:55 - 2013-08-16 18:34 - 00000000 ____D () C:\Users\Alex Bravo\Documents\samsung
2014-09-22 17:55 - 2013-08-16 18:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\DJ
2014-09-22 17:55 - 2013-08-16 15:02 - 00000000 ___RD () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-22 17:55 - 2011-09-13 12:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 17:55 - 2011-09-13 12:34 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\ProgramData\Toshiba
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-09-22 17:55 - 2010-11-21 17:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\Performance
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-22 17:55 - 2009-07-14 14:45 - 00000000 ____D () C:\windows\Setup
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 __RSD () C:\windows\Media
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\oobe
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\NetworkList
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\MUI
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Msdtc
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\IME
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Dism
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\com
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Speech
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\servicing
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\security
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\schemas
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Resources
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\rescache
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\PLA
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\IME
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Help
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Globalization
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Branding
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\AppCompat
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-09-21 15:58 - 2013-10-14 17:54 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\BabSolution
2014-09-21 15:58 - 2013-10-14 17:54 - 00000000 ____D () C:\ProgramData\BitGuard
2014-09-18 12:05 - 2014-08-06 09:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\0 NEAC
2014-09-18 10:50 - 2014-08-31 21:35 - 81939874 _____ () C:\Users\Alex Bravo\Downloads\stardust (justin martin edit).wav
2014-09-17 22:52 - 2014-09-03 10:25 - 62084582 _____ () C:\Users\Alex Bravo\Downloads\Back To Reality - Back To Life (Casual Connection Late Night Groove Rework).wav
2014-09-17 22:52 - 2014-09-03 10:25 - 47366552 _____ () C:\Users\Alex Bravo\Downloads\Never Stop - Give It Up (Casual Connection Late Night Groove Rework).wav
2014-09-15 10:51 - 2014-07-19 18:58 - 00000000 ____D () C:\Users\Alex Bravo\Documents\My Kindle Content
2014-09-15 09:47 - 2014-03-15 13:08 - 00000000 ____D () C:\Users\Alex Bravo\Desktop\New folder
 
Some content of TEMP:
====================
C:\Users\Alex Bravo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiazvcf.dll
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 20:47
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014
Ran by Alex Bravo at 2014-10-04 09:58:10
Running from C:\Users\Alex Bravo\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Ableton Live 9 Lite (HKLM\...\{AEDFFBCA-66CA-4766-8958-AD6EC6E5589C}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.9 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Beatport Downloader (HKLM-x32\...\com.beatport.BeatportDownloader) (Version: 1.4 - Beatport LLC)
Beatport Downloader (x32 Version: 1.4 - Beatport LLC) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
iTunes Export (HKLM-x32\...\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1) (Version: 2.2.2 - UNKNOWN)
iTunes Export (x32 Version: 2.2.2 - UNKNOWN) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 2 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.6.1344 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.6.1344 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.3.1177 - Native Instruments)
Native Instruments Service Center (Version: 2.4.3.1177 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.3.144 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.3.144 - Native Instruments) Hidden
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 10 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (Version: 3.0.2.664 - Native Instruments) Hidden
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
rekordbox 3.0.1 (HKLM-x32\...\Pioneer rekordbox 3.0.1) (Version: 3.0.1.2408 - Pioneer)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Skype™ 5.3 (HKLM-x32\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.116 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.6 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}) (Version: 8.0.42 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3090 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.9.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.29 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.2 - Tweaking.com)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zotero Standalone 4.0.21.2 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.21.2 (x86 en-US)) (Version: 4.0.21.2 - Zotero)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
22-09-2014 07:54:51 Restore Operation
01-10-2014 08:14:42 Scheduled Checkpoint
03-10-2014 04:45:39 Tweaking.com - Windows Repair
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2014-10-03 14:53 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2E7763E4-F546-482B-8D2C-9A4A11FCA7AE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)
Task: {37D24739-0FC3-4D22-9BD4-C8ABC36E01D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {4C9D878D-C89E-45AA-AE68-C209174C2FE6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {6FEECB95-B9D8-4128-9232-551C55DD3A57} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-06-17] (TOSHIBA CORPORATION)
Task: {A52C43ED-8015-4119-89BD-B630BD8E15A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-26 10:08 - 2014-09-26 10:08 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-01 05:13 - 2011-09-01 05:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-23 08:19 - 2011-08-23 08:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-01 03:37 - 2010-12-01 03:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 07:15 - 2010-03-04 07:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 07:15 - 2010-03-04 07:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-16 08:19 - 2010-12-16 08:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-08-13 07:57 - 2011-08-13 07:57 - 00437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-06-10 14:09 - 2011-06-10 14:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-03 14:57 - 2014-10-03 14:57 - 00043008 _____ () c:\Users\Alex Bravo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiazvcf.dll
2013-08-24 05:01 - 2013-08-24 05:01 - 25100288 _____ () C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2014-09-26 10:07 - 2014-09-26 10:07 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 21118304 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-08-26 16:47 - 2014-07-25 16:22 - 00985968 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-08-26 16:47 - 2014-07-25 16:22 - 00136048 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-08-26 16:47 - 2014-07-25 16:22 - 00192368 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4018014455-1113984-4257092306-500 - Administrator - Disabled)
Alex Bravo (S-1-5-21-4018014455-1113984-4257092306-1000 - Administrator - Enabled) => C:\Users\Alex Bravo
Guest (S-1-5-21-4018014455-1113984-4257092306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4018014455-1113984-4257092306-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: GT-N7105T
Description: GT-N7105T
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd. 
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179
 
 
System errors:
=============
Error: (10/03/2014 02:55:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/01/2014 02:06:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.11.15.24.
The computer with the IP address 10.11.12.32 did not allow the name to be claimed by
this computer.
 
Error: (10/01/2014 02:05:52 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.11.15.24.
The computer with the IP address 10.11.12.32 did not allow the name to be claimed by
this computer.
 
Error: (09/25/2014 07:04:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/22/2014 00:53:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}
 
Error: (09/22/2014 09:27:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/21/2014 04:39:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/20/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/17/2014 08:54:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/15/2014 04:51:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-03 18:30:51.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:30:51.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:29:23.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:29:23.216
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:28:50.657
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:28:50.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 40%
Total physical RAM: 10140.55 MB
Available physical RAM: 6034.59 MB
Total Pagefile: 20279.29 MB
Available Pagefile: 14559.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (S3A4884D002) (Fixed) (Total:405.75 GB) (Free:277.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:14.83 GB) (Free:10.54 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CD11C76B)
Partition 1: (Active) - (Size=6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=405.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=46 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#13 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 03 October 2014 - 07:16 PM

After restart - process has returned...

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014
Ran by Alex Bravo (administrator) on MELCHIZEDEK on 04-10-2014 10:10:13
Running from C:\Users\Alex Bravo\Downloads
Loaded Profile: Alex Bravo (Available profiles: Alex Bravo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-29] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-19] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4018014455-1113984-4257092306-1000\...\Run: [GoogleChromeAutoLaunch_16C0EC110197743E89E4BE2349B0C9DC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-4018014455-1113984-4257092306-1000\...\MountPoints2: {98836790-0eee-11e3-9aaf-e89d87432131} - D:\HTC_Sync_Manager_PC.exe
AppInit_DLLs-x32: acaptuser32.dll => "acaptuser32.dll" File Not Found
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.21 10.10.10.20
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-16]
CHR Extension: (Google Drive) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-16]
CHR Extension: (Google Search) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-16]
CHR Extension: (Zotero Connector) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Alex Bravo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-10-15] (Macrovision Europe Ltd.) [File not signed]
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 kz2avs; C:\Windows\System32\Drivers\kz2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 kz2usb_svc; C:\Windows\System32\Drivers\kz2usb.sys [84328 2012-12-18] (Native Instruments GmbH)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Tosrfcom; No ImagePath
S1 vcdrom; \??\C:\Windows\System32\drivers\VCdRom.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 09:57 - 2014-10-04 09:57 - 00000000 ____D () C:\Users\Alex Bravo\Downloads\FRST-OlderVersion
2014-10-03 14:35 - 2014-10-03 14:35 - 00003288 ____N () C:\bootsqm.dat
2014-10-03 14:30 - 2014-10-03 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-03 14:30 - 2014-10-03 14:30 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-03 14:29 - 2014-10-04 10:00 - 00008797 _____ () C:\Users\Alex Bravo\Documents\S&R.xlsx
2014-10-03 14:26 - 2014-10-03 14:26 - 09850208 _____ () C:\Users\Alex Bravo\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-30 11:22 - 2014-10-04 09:58 - 00037216 _____ () C:\Users\Alex Bravo\Downloads\Addition.txt
2014-09-30 11:21 - 2014-10-04 10:10 - 00021870 _____ () C:\Users\Alex Bravo\Downloads\FRST.txt
2014-09-30 11:21 - 2014-10-04 10:10 - 00000000 ____D () C:\FRST
2014-09-30 11:19 - 2014-10-04 09:57 - 02109440 _____ (Farbar) C:\Users\Alex Bravo\Downloads\FRST64.exe
2014-09-29 11:30 - 2014-09-29 11:30 - 00005180 _____ () C:\Users\Alex Bravo\Documents\Attach2.txt
2014-09-28 22:55 - 2014-09-28 22:56 - 40282948 _____ () C:\Users\Alex Bravo\Downloads\Raiders Banks CASS MSTR.wav
2014-09-23 17:07 - 2014-09-23 21:59 - 12410670 _____ () C:\Users\Alex Bravo\Downloads\Money's To Tight (Real Nice Edit).m4a
2014-09-23 16:01 - 2014-09-23 16:01 - 00022266 _____ () C:\Users\Alex Bravo\Documents\DDS.txt
2014-09-23 15:39 - 2014-09-23 15:39 - 00005452 _____ () C:\Users\Alex Bravo\Documents\Attach.txt
2014-09-23 15:27 - 2014-09-29 11:23 - 00019601 _____ () C:\Users\Alex Bravo\Desktop\dds.txt
2014-09-23 15:27 - 2014-09-29 11:23 - 00005180 _____ () C:\Users\Alex Bravo\Desktop\attach.txt
2014-09-23 15:24 - 2014-09-23 15:24 - 00688992 ____R (Swearware) C:\Users\Alex Bravo\Downloads\dds.com
2014-09-23 14:06 - 2014-09-23 14:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 14:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-23 14:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-23 14:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-23 12:56 - 2014-09-23 13:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex Bravo\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 15:42 - 2014-09-23 14:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 15:42 - 2014-09-21 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-20 21:45 - 2014-09-20 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-19 11:27 - 2014-09-22 17:58 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ___HD () C:\$AVG
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\TuneUp Software
2014-09-19 11:27 - 2014-09-19 11:27 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\AVG2015
2014-09-19 11:26 - 2014-09-19 11:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-19 11:24 - 2014-09-22 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-19 11:24 - 2014-09-19 11:29 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Avg2015
2014-09-19 11:24 - 2014-09-19 11:24 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\MFAData
2014-09-17 22:20 - 2014-09-17 22:20 - 34944088 _____ () C:\Users\Alex Bravo\Downloads\H1987 - ATLANTA.wav
2014-09-08 14:23 - 2014-09-17 22:49 - 73394698 _____ () C:\Users\Alex Bravo\Downloads\Disclosure_Latch_Chas Bronz And Ser Clave Remix.wav
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 10:06 - 2009-07-14 15:13 - 00713888 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-04 10:06 - 2009-07-14 14:45 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 10:06 - 2009-07-14 14:45 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 10:04 - 2013-08-17 06:45 - 00872201 _____ () C:\windows\WindowsUpdate.log
2014-10-04 10:02 - 2014-03-15 13:08 - 00000000 ____D () C:\Users\Alex Bravo\Desktop\New folder
2014-10-04 10:01 - 2013-10-02 18:21 - 00000000 ___RD () C:\Users\Alex Bravo\Dropbox
2014-10-04 10:01 - 2013-10-02 18:18 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Dropbox
2014-10-04 10:01 - 2013-08-16 18:39 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 10:01 - 2009-07-14 15:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-04 10:01 - 2009-07-14 14:51 - 00080731 _____ () C:\windows\setupact.log
2014-10-03 17:13 - 2013-08-16 18:39 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 14:58 - 2013-08-16 15:02 - 00113760 _____ () C:\Users\Alex Bravo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-03 14:57 - 2010-11-21 17:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-03 14:57 - 2010-11-21 13:47 - 00790124 _____ () C:\windows\PFRO.log
2014-10-03 14:57 - 2009-07-14 14:45 - 00440600 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-03 14:53 - 2009-07-14 12:34 - 00000439 _____ () C:\windows\win.ini
2014-10-01 22:21 - 2013-08-19 22:05 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\vlc
2014-10-01 22:12 - 2013-10-26 15:36 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\uTorrent
2014-10-01 21:59 - 2013-08-16 18:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\Alpha
2014-09-29 14:11 - 2013-09-01 11:55 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Paint.NET
2014-09-26 10:09 - 2014-03-21 16:24 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-25 10:04 - 2013-08-16 18:47 - 00002154 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 14:46 - 2013-10-13 14:30 - 00000000 ____D () C:\Users\Alex Bravo\Documents\0 Moore
2014-09-22 21:50 - 2013-10-02 18:21 - 00001047 _____ () C:\Users\Alex Bravo\Desktop\Dropbox.lnk
2014-09-22 21:50 - 2013-10-02 18:18 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 17:59 - 2013-08-16 15:02 - 00000000 ____D () C:\Users\Alex Bravo
2014-09-22 17:57 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-22 17:57 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-22 17:56 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-22 17:56 - 2014-07-30 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-09-22 17:56 - 2013-10-15 17:16 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-22 17:56 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-22 17:56 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-22 17:56 - 2011-09-13 12:38 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\winrm
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\WCN
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\slmgr
2014-09-22 17:56 - 2010-11-21 17:06 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\SysWOW64\WindowsPowerShell
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\system32\WindowsPowerShell
2014-09-22 17:56 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Web
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Vss
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\spp
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Speech
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\NetworkList
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Msdtc
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\InstallShield
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\IME
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\spp
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\spool
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Speech
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\SMI
2014-09-22 17:56 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\registration
2014-09-22 17:55 - 2014-09-03 12:03 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-09-22 17:55 - 2014-09-03 12:02 - 00000000 ____D () C:\ProgramData\Ableton
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files\iTunes
2014-09-22 17:55 - 2014-08-29 14:55 - 00000000 ____D () C:\Program Files\iPod
2014-09-22 17:55 - 2014-08-28 15:26 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2014-09-22 17:55 - 2014-08-28 15:25 - 00000000 ____D () C:\Program Files (x86)\Pioneer
2014-09-22 17:55 - 2014-07-19 18:58 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-09-22 17:55 - 2014-05-31 11:50 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-09-22 17:55 - 2014-05-03 18:43 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Zotero
2014-09-22 17:55 - 2014-05-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
2014-09-22 17:55 - 2014-03-21 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-22 17:55 - 2014-03-01 09:41 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Microsoft Games
2014-09-22 17:55 - 2014-02-26 18:38 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-22 17:55 - 2014-02-17 09:21 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Evernote
2014-09-22 17:55 - 2014-02-08 15:34 - 00000000 ____D () C:\Program Files (x86)\Anki
2014-09-22 17:55 - 2013-12-17 18:37 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Spotify
2014-09-22 17:55 - 2013-11-02 13:43 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Skype
2014-09-22 17:55 - 2013-10-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Classic PDF Editor
2014-09-22 17:55 - 2013-09-19 18:57 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\SoftGrid Client
2014-09-22 17:55 - 2013-09-14 13:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-09-14 13:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-09-02 18:01 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-09-22 17:55 - 2013-09-01 11:55 - 00000000 ____D () C:\Program Files\Paint.NET
2014-09-22 17:55 - 2013-08-21 18:06 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Amazon
2014-09-22 17:55 - 2013-08-19 22:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-22 17:55 - 2013-08-17 07:17 - 00000000 ____D () C:\ProgramData\Norton
2014-09-22 17:55 - 2013-08-17 07:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-22 17:55 - 2013-08-17 07:16 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 17:55 - 2013-08-17 07:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-22 17:55 - 2013-08-17 07:09 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-22 17:55 - 2013-08-17 07:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-09-22 17:55 - 2013-08-17 07:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\Program Files (x86)\Ricoh
2014-09-22 17:55 - 2013-08-17 06:54 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-09-22 17:55 - 2013-08-17 06:53 - 00000000 ____D () C:\Program Files (x86)\TOH Class Filter
2014-09-22 17:55 - 2013-08-17 06:50 - 00000000 ____D () C:\Program Files (x86)\Atheros
2014-09-22 17:55 - 2013-08-17 06:49 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-22 17:55 - 2013-08-17 06:48 - 00000000 ____D () C:\Program Files\Realtek
2014-09-22 17:55 - 2013-08-17 06:48 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-22 17:55 - 2013-08-17 06:46 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-09-22 17:55 - 2013-08-17 06:42 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-22 17:55 - 2013-08-16 21:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\ProgramData\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-22 17:55 - 2013-08-16 21:38 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\Program Files\Native Instruments
2014-09-22 17:55 - 2013-08-16 20:27 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Google
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Local\Apps\2.0
2014-09-22 17:55 - 2013-08-16 18:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 17:55 - 2013-08-16 18:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Macromedia
2014-09-22 17:55 - 2013-08-16 18:38 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\Adobe
2014-09-22 17:55 - 2013-08-16 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-22 17:55 - 2013-08-16 18:34 - 00000000 ____D () C:\Users\Alex Bravo\Documents\samsung
2014-09-22 17:55 - 2013-08-16 18:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\DJ
2014-09-22 17:55 - 2013-08-16 15:02 - 00000000 ___RD () C:\Users\Alex Bravo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 17:55 - 2011-09-13 12:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-22 17:55 - 2011-09-13 12:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 17:55 - 2011-09-13 12:34 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\ProgramData\Toshiba
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-09-22 17:55 - 2011-09-13 12:32 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-09-22 17:55 - 2010-11-21 17:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\Performance
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-09-22 17:55 - 2009-07-14 15:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-22 17:55 - 2009-07-14 14:45 - 00000000 ____D () C:\windows\Setup
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 __RSD () C:\windows\Media
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\oobe
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\NetworkList
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\MUI
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Msdtc
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\IME
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\Dism
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\system32\com
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Speech
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\servicing
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\security
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\schemas
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Resources
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\rescache
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\PLA
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\IME
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Help
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Globalization
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\Branding
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\AppCompat
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-22 17:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-09-21 15:58 - 2013-10-14 17:54 - 00000000 ____D () C:\Users\Alex Bravo\AppData\Roaming\BabSolution
2014-09-21 15:58 - 2013-10-14 17:54 - 00000000 ____D () C:\ProgramData\BitGuard
2014-09-18 12:05 - 2014-08-06 09:33 - 00000000 ____D () C:\Users\Alex Bravo\Documents\0 NEAC
2014-09-18 10:50 - 2014-08-31 21:35 - 81939874 _____ () C:\Users\Alex Bravo\Downloads\stardust (justin martin edit).wav
2014-09-17 22:52 - 2014-09-03 10:25 - 62084582 _____ () C:\Users\Alex Bravo\Downloads\Back To Reality - Back To Life (Casual Connection Late Night Groove Rework).wav
2014-09-17 22:52 - 2014-09-03 10:25 - 47366552 _____ () C:\Users\Alex Bravo\Downloads\Never Stop - Give It Up (Casual Connection Late Night Groove Rework).wav
2014-09-15 10:51 - 2014-07-19 18:58 - 00000000 ____D () C:\Users\Alex Bravo\Documents\My Kindle Content
 
Some content of TEMP:
====================
C:\Users\Alex Bravo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp73dpjc.dll
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Alex Bravo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 20:47
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014
Ran by Alex Bravo at 2014-10-04 10:11:56
Running from C:\Users\Alex Bravo\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Ableton Live 9 Lite (HKLM\...\{AEDFFBCA-66CA-4766-8958-AD6EC6E5589C}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.9 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Beatport Downloader (HKLM-x32\...\com.beatport.BeatportDownloader) (Version: 1.4 - Beatport LLC)
Beatport Downloader (x32 Version: 1.4 - Beatport LLC) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
iTunes Export (HKLM-x32\...\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1) (Version: 2.2.2 - UNKNOWN)
iTunes Export (x32 Version: 2.2.2 - UNKNOWN) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 2 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.6.1344 - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.6.1344 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.3.1177 - Native Instruments)
Native Instruments Service Center (Version: 2.4.3.1177 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.3.144 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.6.3.144 - Native Instruments) Hidden
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 10 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (Version: 3.0.2.664 - Native Instruments) Hidden
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (Version: 3.0.1.648 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (Version: 3.1.1.780 - Native Instruments) Hidden
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
rekordbox 3.0.1 (HKLM-x32\...\Pioneer rekordbox 3.0.1) (Version: 3.0.1.2408 - Pioneer)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Skype™ 5.3 (HKLM-x32\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.116 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.6 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}) (Version: 8.0.42 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3090 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.9.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.9.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.29 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.2 - Tweaking.com)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zotero Standalone 4.0.21.2 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.21.2 (x86 en-US)) (Version: 4.0.21.2 - Zotero)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4018014455-1113984-4257092306-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
22-09-2014 07:54:51 Restore Operation
01-10-2014 08:14:42 Scheduled Checkpoint
03-10-2014 04:45:39 Tweaking.com - Windows Repair
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2014-10-03 14:53 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2E7763E4-F546-482B-8D2C-9A4A11FCA7AE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)
Task: {37D24739-0FC3-4D22-9BD4-C8ABC36E01D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {4C9D878D-C89E-45AA-AE68-C209174C2FE6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {6FEECB95-B9D8-4128-9232-551C55DD3A57} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-06-17] (TOSHIBA CORPORATION)
Task: {A52C43ED-8015-4119-89BD-B630BD8E15A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-26 10:08 - 2014-09-26 10:08 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-01 05:13 - 2011-09-01 05:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-23 08:19 - 2011-08-23 08:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-01 03:37 - 2010-12-01 03:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 07:15 - 2010-03-04 07:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 07:15 - 2010-03-04 07:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-16 08:19 - 2010-12-16 08:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-08-13 07:57 - 2011-08-13 07:57 - 00437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2011-06-10 14:09 - 2011-06-10 14:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-05 23:52 - 2014-02-05 23:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-04 10:01 - 2014-10-04 10:01 - 00043008 _____ () c:\Users\Alex Bravo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp73dpjc.dll
2013-08-24 05:01 - 2013-08-24 05:01 - 25100288 _____ () C:\Users\Alex Bravo\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 10:04 - 2014-09-23 14:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 10:04 - 2014-09-23 14:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4018014455-1113984-4257092306-500 - Administrator - Disabled)
Alex Bravo (S-1-5-21-4018014455-1113984-4257092306-1000 - Administrator - Enabled) => C:\Users\Alex Bravo
Guest (S-1-5-21-4018014455-1113984-4257092306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4018014455-1113984-4257092306-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179
 
 
System errors:
=============
Error: (10/03/2014 02:55:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/01/2014 02:06:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.11.15.24.
The computer with the IP address 10.11.12.32 did not allow the name to be claimed by
this computer.
 
Error: (10/01/2014 02:05:52 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.11.15.24.
The computer with the IP address 10.11.12.32 did not allow the name to be claimed by
this computer.
 
Error: (09/25/2014 07:04:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/22/2014 00:53:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}
 
Error: (09/22/2014 09:27:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/21/2014 04:39:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/20/2014 10:01:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/17/2014 08:54:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (09/15/2014 04:51:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
 
Error: (10/03/2014 05:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
 
Error: (10/03/2014 02:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6178
 
Error: (10/03/2014 02:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/03/2014 02:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5179
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-03 18:30:51.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:30:51.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:29:23.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:29:23.216
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:28:50.657
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-03 18:28:50.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 40%
Total physical RAM: 10140.55 MB
Available physical RAM: 6034.4 MB
Total Pagefile: 20279.29 MB
Available Pagefile: 15213.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (S3A4884D002) (Fixed) (Total:405.75 GB) (Free:277.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:14.83 GB) (Free:10.54 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CD11C76B)
Partition 1: (Active) - (Size=6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=405.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=46 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#14 gargantuan

gargantuan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 03 October 2014 - 07:23 PM

See attached

Attached Files



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:47 AM

Posted 07 October 2014 - 02:54 AM

Hi gargantuan.
 
We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    txt.gif  fixlist.txt   184bytes   0 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

Please download Process Explorer and save it to your desktop.

 

Right click and select Run as Administrator. Then accept the program's EULA.

 

After the program shows up, please sort the CPU usage column so the highest is on top, then capture the screenshot and post here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users