Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe *32 slowing down my system.


  • This topic is locked This topic is locked
22 replies to this topic

#1 bumper70

bumper70

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 14 November 2014 - 09:39 PM

Mainly occurs when using Chrome. It's hit or miss. All of a sudden it multiplies into 2 or 4 lines and the CPU usage goes from 10s to the 75 to 100% (task manager).  Recently another process called svchost.exe *32 has been appearing. It was dllhost *32 first then svchost is relatively new (last couple of days). Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by joseOFC at 21:32:51 on 2014-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5606.1753 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\atieclxx.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\windows\system32\Dwm.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Toshiba\TECO\TecoHook.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {41525333-2D56-3700-76A7-7A786E7484D7} - <orphaned>
BHO: {41565256-3700-A76A-76A7-7A786E7484D7} - <orphaned>
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [ALconnect] C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BILLMI~1.LNK - C:\Program Files (x86)\Quicken\billmind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKE~1.LNK - C:\Program Files (x86)\Quicken\bagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKE~2.LNK - C:\Program Files (x86)\Quicken\QWDLLS.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{A9D92697-EE3D-4C54-8BB3-7C439554C748} : DHCPNameServer = 192.168.1.1 71.252.0.12
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {41525333-2D56-3700-76A7-7A786E7484D7} - <orphaned>
x64-BHO: {41565256-3700-A76A-76A7-7A786E7484D7} - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2012-6-18 31872]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-11-10 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-11-10 267632]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2014-11-10 1050432]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2014-11-10 436624]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-6-18 235520]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-11-10 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-11-10 83280]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-11-10 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-10 50344]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-1-10 1435680]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-6-18 162824]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-5-11 362296]
R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2012-11-12 126520]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-6-18 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2012-2-9 295360]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2012-6-18 103552]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2012-6-18 220288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-6-18 95248]
R3 HP1210FAX;HP1210MFP FAX;C:\windows\System32\drivers\HPM1210FAX.sys [2012-11-7 16896]
R3 mvusbews;USB EWS Device;C:\windows\System32\drivers\mvusbews.sys [2012-12-24 20480]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-18 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-18 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-18 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-6-18 1145448]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-6-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2012-2-24 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2012-6-18 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-11-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-15 02:32:21 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF89F5CE-E179-43DE-B55B-CD24A7B26E6A}\mpengine.dll
2014-11-14 04:58:55 -------- d-----w- C:\FRST
2014-11-11 23:40:04 304640 ----a-w- C:\windows\System32\generaltel.dll
2014-11-11 23:40:04 228864 ----a-w- C:\windows\System32\aepdu.dll
2014-11-11 23:40:03 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-11-11 23:38:47 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-11-11 23:38:47 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-11-11 23:38:44 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-11-11 23:38:44 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-11-11 23:38:42 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-11-11 23:38:41 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-11-11 23:38:40 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-11-11 23:38:39 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-11-11 23:38:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-11-11 23:28:44 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-11-11 23:28:44 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-11-11 23:28:44 1882624 ----a-w- C:\windows\System32\msxml3.dll
2014-11-11 23:28:44 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-11-11 23:28:01 878080 ----a-w- C:\windows\System32\IMJP10K.DLL
2014-11-11 23:28:00 701440 ----a-w- C:\windows\SysWow64\IMJP10K.DLL
2014-11-11 23:23:32 77824 ----a-w- C:\windows\System32\packager.dll
2014-11-11 23:23:32 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-11-11 23:23:03 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-11-11 23:22:05 3241984 ----a-w- C:\windows\System32\msi.dll
2014-11-11 23:21:55 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-11-11 23:21:42 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-11-11 23:21:42 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-11-10 06:28:59 -------- d-----w- C:\Users\joseOFC\AppData\Roaming\AVAST Software
2014-11-10 06:28:17 116728 ----a-w- C:\windows\System32\drivers\aswStm.sys
2014-11-10 06:28:16 267632 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-11-10 06:28:13 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-11-10 06:28:12 83280 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-11-10 06:28:10 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-11-10 06:28:08 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-11-10 06:28:00 1050432 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-11-10 06:27:48 43152 ----a-w- C:\windows\avastSS.scr
2014-11-10 06:18:16 -------- d-----w- C:\Program Files\AVAST Software
2014-11-10 06:17:00 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-10 06:11:44 -------- d-----w- C:\ProgramData\Panda Security
2014-11-10 06:11:38 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
2014-11-10 05:26:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-10 05:26:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-16 07:09:54 3528440 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll
.
==================== Find3M  ====================
.
2014-11-11 23:04:59 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-11 23:04:59 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-28 10:34:58 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-10-03 02:12:00 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
.
============= FINISH: 21:33:54.40 ===============

Attached Files


Edited by bumper70, 14 November 2014 - 09:42 PM.


BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 18 November 2014 - 10:22 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 19 November 2014 - 11:00 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by joseOFC (administrator) on JOSEOFC-PC on 19-11-2014 22:56:13
Running from C:\Users\joseOFC\Desktop
Loaded Profile: joseOFC (Available profiles: joseOFC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Koninklijke Philips Electronics N.V.) C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-10] (AVAST Software)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [Google Update] => C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-20] (Google Inc.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [ALconnect] => C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\MountPoints2: E - E:\SISetup.exe
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> DefaultScope {077D7FF9-819D-4F13-A9A3-13BE11652E02} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS506
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {077D7FF9-819D-4F13-A9A3-13BE11652E02} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS506
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} ->  No File
BHO: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} ->  No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} ->  No File
BHO-x32: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} ->  No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\joseOFC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @talk.google.com/O1DPlugin -> C:\Users\joseOFC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\joseOFC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\joseOFC\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.toshiba.com
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
CHR Extension: (Google Drive) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14]
CHR Extension: (Google Search) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14]
CHR Extension: (Avast SafePrice) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-18]
CHR Extension: (Avast Online Security) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Gmail) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx []
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-10] ()
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
S2 mrtRate; No ImagePath
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-19 22:56 - 2014-11-19 22:57 - 00022124 _____ () C:\Users\joseOFC\Desktop\FRST.txt
2014-11-19 22:55 - 2014-11-19 22:55 - 00000000 ____D () C:\Users\joseOFC\Desktop\FRST-OlderVersion
2014-11-19 22:52 - 2014-11-19 22:52 - 00000056 _____ () C:\windows\setupact.log
2014-11-19 22:52 - 2014-11-19 22:52 - 00000000 _____ () C:\windows\setuperr.log
2014-11-14 21:31 - 2014-11-14 21:31 - 00688992 ____R (Swearware) C:\Users\joseOFC\Desktop\dds.com
2014-11-14 19:01 - 2014-11-14 19:01 - 00027800 _____ () C:\Users\joseOFC\Documents\cc_20141114_190139.reg
2014-11-13 23:59 - 2014-11-13 23:59 - 00014151 _____ () C:\Users\joseOFC\Downloads\FRST.txt
2014-11-13 23:58 - 2014-11-19 22:56 - 00000000 ____D () C:\FRST
2014-11-13 23:58 - 2014-11-19 22:55 - 02117120 _____ (Farbar) C:\Users\joseOFC\Desktop\FRST64.exe
2014-11-13 00:56 - 2010-12-21 16:42 - 02162488 _____ (Piriform Ltd) C:\Users\joseOFC\Desktop\CCleaner.exe
2014-11-11 18:40 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-11 18:40 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-11 18:40 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-11 18:38 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:38 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-11 18:38 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-11 18:38 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-11 18:38 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-11 18:38 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-11 18:38 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-11 18:38 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-11 18:38 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-11 18:28 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-11 18:28 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-11 18:28 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-11 18:28 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-11 18:28 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-11 18:28 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-11 18:27 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-11 18:23 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-11 18:23 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-11 18:23 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-11 18:22 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-11 18:21 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-11 18:21 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-11 18:21 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-11 06:54 - 2014-11-11 06:54 - 00000000 ____D () C:\Users\joseOFC\AppData\Roaming\Mozilla
2014-11-10 21:51 - 2014-11-10 21:52 - 19362952 _____ (IObit ) C:\Users\joseOFC\Downloads\imfv2-setup-for-review.exe
2014-11-10 01:28 - 2014-11-19 22:54 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-11-10 01:28 - 2014-11-10 01:28 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-10 01:28 - 2014-11-10 01:28 - 00000000 ____D () C:\Users\joseOFC\AppData\Roaming\AVAST Software
2014-11-10 01:28 - 2014-11-10 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-10 01:28 - 2014-11-10 01:27 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-10 01:27 - 2014-11-10 01:27 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-10 01:27 - 2014-11-10 01:27 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-10 01:18 - 2014-11-10 01:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-10 01:17 - 2014-11-10 01:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-10 01:15 - 2014-11-10 01:16 - 05006864 _____ (AVAST Software) C:\Users\joseOFC\Downloads\avast_free_antivirus_setup_online.exe
2014-11-10 01:11 - 2014-11-10 01:11 - 00003042 _____ () C:\windows\System32\Tasks\PandaUSBVaccine
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\ProgramData\Panda Security
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-11-10 01:10 - 2014-11-10 01:11 - 00848856 _____ (Panda Security ) C:\Users\joseOFC\Downloads\USBVaccineSetup.exe
2014-11-10 00:26 - 2014-11-19 00:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-10 00:26 - 2014-11-10 00:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-10 00:26 - 2014-11-10 00:26 - 00001273 _____ () C:\Users\joseOFC\Desktop\Spybot - Search & Destroy.lnk
2014-11-10 00:26 - 2014-11-10 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-11-10 00:23 - 2014-11-10 00:25 - 16409960 _____ (Safer Networking Limited ) C:\Users\joseOFC\Downloads\spybotsd162.exe
2014-11-09 22:49 - 2014-11-09 22:49 - 00000000 _____ () C:\autoexec.bat
2014-11-05 18:29 - 2014-11-05 18:29 - 00004056 _____ () C:\windows\System32\Tasks\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-19 22:56 - 2012-06-18 09:53 - 01303915 _____ () C:\windows\WindowsUpdate.log
2014-11-19 22:55 - 2013-01-20 15:17 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA.job
2014-11-19 22:54 - 2012-06-18 10:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 22:52 - 2012-06-18 10:37 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 22:52 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-19 06:45 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-19 06:20 - 2012-04-18 04:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 00:43 - 2013-10-25 15:15 - 00000000 ____D () C:\windows\Minidump
2014-11-18 22:29 - 2012-11-15 05:39 - 00000000 ____D () C:\Users\joseOFC\Documents\Sonya
2014-11-18 19:54 - 2013-01-20 15:17 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core.job
2014-11-18 17:32 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 17:32 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 17:56 - 2012-11-11 21:55 - 00000000 ____D () C:\Users\joseOFC\AppData\Local\CrashDumps
2014-11-16 19:49 - 2013-01-20 15:17 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA
2014-11-16 19:49 - 2013-01-20 15:17 - 00003494 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core
2014-11-16 19:48 - 2012-06-18 10:37 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 19:48 - 2012-06-18 10:37 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 08:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-11-11 22:31 - 2009-07-13 23:45 - 00288616 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-11 22:29 - 2014-05-08 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-11 22:26 - 2013-10-26 08:13 - 00000000 ____D () C:\windows\system32\MRT
2014-11-11 22:21 - 2012-11-17 00:04 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 18:05 - 2012-04-18 04:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 18:04 - 2012-04-18 04:08 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:04 - 2012-04-18 04:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 22:15 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-10 01:36 - 2014-05-17 13:36 - 00000000 ____D () C:\Program Files (x86)\VNT
2014-11-09 21:46 - 2013-04-07 22:09 - 00000000 ____D () C:\Program Files\Handbrake
2014-11-09 21:43 - 2012-04-18 04:13 - 00000000 ____D () C:\ProgramData\Norton
2014-11-05 18:29 - 2010-11-21 02:06 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-10-28 21:58 - 2013-04-07 22:23 - 00000000 ____D () C:\Users\joseOFC\AppData\Local\{BE574B6D-C2E9-45F3-A719-670110F76B2A}
2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-27 21:27 - 2014-03-04 20:55 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\joseOFC\AppData\Local\Temp\converter.exe
C:\Users\joseOFC\AppData\Local\Temp\DefaultAssets.exe
C:\Users\joseOFC\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\joseOFC\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\joseOFC\AppData\Local\Temp\Quarantine.exe
C:\Users\joseOFC\AppData\Local\Temp\siinst.exe
C:\Users\joseOFC\AppData\Local\Temp\SpOrder.dll
C:\Users\joseOFC\AppData\Local\Temp\strings.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-18 18:01
 
==================== End Of Log ============================

Edited by bumper70, 19 November 2014 - 11:05 PM.


#4 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 19 November 2014 - 11:06 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by joseOFC at 2014-11-19 22:57:39
Running from C:\Users\joseOFC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveLink Connect (HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\ActiveLink Connect) (Version: 5.8.0.17220 - Koninklijke Philips Electronics N.V.)
ActiveLink Connect (x32 Version: 5.8.0.17220 - Koninklijke Philips Electronics N.V.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
AMD Catalyst Install Manager (HKLM\...\{63F96D8F-D32B-AABF-4DE1-F51FF391FFD6}) (Version: 3.0.870.0 - Advanced Micro Devices, Inc.)
ASPCA Reminder by We-Care.com v4.1.27.1 (HKLM-x32\...\{E4E52AF6-38E4-4CD0-B84E-B73CE47FCBBA}) (Version: 4.1.27.1 - We-Care.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avery Toolbar (HKLM-x32\...\{41565256-3700-A76A-76A7-A758B70C0C02}) (Version: 12.12.2.104 - APN, LLC)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}) (Version: 1.0.1.5127 - Fitbit Inc.)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Virginia 2012 (HKLM-x32\...\{3CBDBF7F-2E54-4A78-B41D-7163F7BC7F06}) (Version: 1.12.3301 - HRB Technology, LLC.)
H&R Block Virginia 2013 (HKLM-x32\...\{81F4C340-C2F5-4840-9B8D-46E2E89E5688}) (Version: 1.13.4701 - HRB Technology, LLC.)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Quicken 2003 Deluxe (HKLM-x32\...\InstallShield_{2D974D26-BA8F-4A0B-B7EE-3F563AF79746}) (Version: 12.00.0000 - Intuit)
Quicken 2003 Deluxe (x32 Version: 12.00.0000 - Intuit) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.4778 - Zone Five Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C9C56642-9AAB-4267-9454-36FF1CC59168}) (Version: 1.3.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.12 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.3.03 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0023.640204 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {141131CE-CC7F-4756-961D-4C202C1083B1} - \Advanced System Protector No Task File <==== ATTENTION
Task: {564447BC-B5A9-4414-A5B8-D1ACDFF4D114} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-10] (AVAST Software)
Task: {669B927E-8DC4-472E-8272-919F333D2DBD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core => C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20] (Google Inc.)
Task: {8FAA0107-5F88-4387-B825-71E8BAD0B372} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {9C2D73A5-6F58-4CA7-8B14-35902158EDB1} - \RegClean Pro No Task File <==== ATTENTION
Task: {A24071FA-BABA-4064-9909-D535994A8762} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.2.0.29\SymErr.exe
Task: {A8F78947-497E-4FF2-BADF-7B729F507391} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {AA62BB4A-840E-4041-A903-5632B5CDB77E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {C18BA950-E7BF-49AD-943B-67681526BC84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA => C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20] (Google Inc.)
Task: {D2DDFF79-AC49-4BEC-B442-D76A7EC01E3F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.2.0.29\SymErr.exe
Task: {E7BAEA7A-9D74-4B87-A537-8404E1B479E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {F7008142-8044-4C74-8103-86319150D42C} - System32\Tasks\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD} => C:\Users\joseOFC\AppData\Roaming\xezqiz.dll/s "C:\Users\joseOFC\AppData\Roaming\xezqiz.dll" <==== ATTENTION
Task: {FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core.job => C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA.job => C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-06-18 10:16 - 2010-09-09 19:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2013-06-29 19:12 - 2012-10-04 18:49 - 00087152 _____ () C:\windows\System32\cpwmon64.dll
2012-11-12 22:42 - 2010-03-31 11:51 - 00407040 _____ () C:\windows\System32\HPM1210LM.DLL
2012-11-12 22:44 - 2010-03-31 11:51 - 00074240 ____N () C:\windows\system32\spool\PRTPROCS\x64\HPM1210PP.DLL
2011-08-22 17:19 - 2011-08-22 17:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2012-02-13 18:39 - 2012-02-13 18:39 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-03 15:33 - 2012-02-03 15:33 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-02-24 16:35 - 2012-02-24 16:35 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-11-18 17:25 - 2014-11-18 17:25 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111802\algo.dll
2014-11-19 22:55 - 2014-11-19 22:55 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111901\algo.dll
2014-11-10 01:27 - 2014-11-10 01:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-27 21:27 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 21:27 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 21:27 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 21:27 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2228828137-3245115527-2341551880-500 - Administrator - Disabled)
Guest (S-1-5-21-2228828137-3245115527-2341551880-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2228828137-3245115527-2341551880-1002 - Limited - Enabled)
joseOFC (S-1-5-21-2228828137-3245115527-2341551880-1001 - Administrator - Enabled) => C:\Users\joseOFC
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/19/2014 10:52:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 05:25:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 05:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x3de4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/17/2014 03:39:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 10:14:45 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (11/16/2014 09:19:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b8
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0xf58
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/16/2014 08:30:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4ce7a46b
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x2764
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/16/2014 08:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0xd38
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/16/2014 08:05:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x525b8623
Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6
Exception code: 0xc0000005
Fault offset: 0x000d0821
Faulting process id: 0xf4c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/16/2014 01:26:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/19/2014 10:57:39 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}2{883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}
 
Error: (11/19/2014 10:55:53 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}2{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
 
Error: (11/19/2014 10:54:51 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}2{30D49246-D217-465F-B00B-AC9DDD652EB7}
 
Error: (11/19/2014 10:53:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/19/2014 10:52:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error: 
%%2
 
Error: (11/19/2014 10:52:16 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{ECF5BF46-E3B6-449A-B56B-43F58F867814}
 
Error: (11/19/2014 10:52:16 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{56EA1054-1959-467F-BE3B-A2A787C4B6EA}
 
Error: (11/18/2014 05:26:15 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}2{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
 
Error: (11/18/2014 05:26:06 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}2{30D49246-D217-465F-B00B-AC9DDD652EB7}
 
Error: (11/18/2014 05:25:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (11/19/2014 10:52:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 05:25:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 05:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf3de401d002b8d7991982C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dllf23ad40b-6eac-11e4-bf2b-4c72b939e8e5
 
Error: (11/17/2014 03:39:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 10:14:45 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher
 
Error: (11/16/2014 09:19:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b8MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765f5801d0020c6d792b53C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll2726c0ae-6e00-11e4-8503-4c72b939e8e5
 
Error: (11/16/2014 08:30:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444ce7a46bMSHTML.dll11.0.9600.17344541b8a22c00000fd00095c91276401d00205be424e5fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll3ffa93a8-6df9-11e4-8503-4c72b939e8e5
 
Error: (11/16/2014 08:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c91d3801d002029380520aC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dlldfd5e2a7-6df5-11e4-8503-4c72b939e8e5
 
Error: (11/16/2014 08:05:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17344525b8623jscript9.dll11.0.9600.17344541b85e6c0000005000d0821f4c01d002026f8e706dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dllc3fd7ca6-6df5-11e4-8503-4c72b939e8e5
 
Error: (11/16/2014 01:26:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 52%
Total physical RAM: 5606.37 MB
Available physical RAM: 2649.53 MB
Total Pagefile: 11210.91 MB
Available Pagefile: 7874.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI106426W0A) (Fixed) (Total:581.16 GB) (Free:509.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 404E45E7)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.5 GB) - (Type=17)
 
==================== End Of Log ============================


#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 19 November 2014 - 11:15 PM

Hello, let's get started showing your unwelcome guest to the door. Upon completion of these steps, please let me know how the computer is running and we'll continue the cleaning from there. :thumbup2:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
Closeprocesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {69F40D1E-2640-4F83-9D02-9B5D2B5D3571} URL = http://www.search.ask.com/web?tpid=AVRV7&o=APN11068&pf=V7&p2=^B5N^YYYYYY^YY^US&gct=&itbv=12.12.2.104&apn_uid=4EFB583E-5AB4-4E92-848A-CDB96CE3EBE6&apn_ptnrs=^B5N&apn_dtid=^YYYYYY^YY^US&apn_dbr=iexplore.exe_6_11.0.9600.17041&doi=2014-05-17&trgb=IE&q={searchTerms}&psv=
BHO: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} -> No File
BHO: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} -> No File
Toolbar: HKLM - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} - No File
Toolbar: HKLM - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx []
CustomCLSID: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {141131CE-CC7F-4756-961D-4C202C1083B1} - \Advanced System Protector No Task File <==== ATTENTION
Task: {9C2D73A5-6F58-4CA7-8B14-35902158EDB1} - \RegClean Pro No Task File <==== ATTENTION
Task: {F7008142-8044-4C74-8103-86319150D42C} - System32\Tasks\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD} => C:\Users\joseOFC\AppData\Roaming\xezqiz.dll/s "C:\Users\joseOFC\AppData\Roaming\xezqiz.dll" <==== ATTENTION
Task: {FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4} - \Advanced System Protector_startup No Task File <==== ATTENTION
C:\Users\joseOFC\AppData\Roaming\xezqiz.dll
Task: {FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4} - \Advanced System Protector_startup No Task File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

How is the computer running? (This doesn't need to be in a separate reply.)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 20 November 2014 - 02:03 PM

Start
Closeprocesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BHO: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} -> No File
BHO: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} -> No File
Toolbar: HKLM - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} - No File
Toolbar: HKLM - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx []
CustomCLSID: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {141131CE-CC7F-4756-961D-4C202C1083B1} - \Advanced System Protector No Task File <==== ATTENTION
Task: {9C2D73A5-6F58-4CA7-8B14-35902158EDB1} - \RegClean Pro No Task File <==== ATTENTION
Task: {F7008142-8044-4C74-8103-86319150D42C} - System32\Tasks\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD} => C:\Users\joseOFC\AppData\Roaming\xezqiz.dll/s "C:\Users\joseOFC\AppData\Roaming\xezqiz.dll" <==== ATTENTION
Task: {FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4} - \Advanced System Protector_startup No Task File <==== ATTENTION
C:\Users\joseOFC\AppData\Roaming\xezqiz.dll
Task: {FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4} - \Advanced System Protector_startup No Task File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by joseOFC on Thu 11/20/2014 at 13:08:47.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{69F40D1E-2640-4F83-9D02-9B5D2B5D3571}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41525333-2D56-3700-76A7-7A786E7484D7}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{41525333-2D56-3700-76A7-7A786E7484D7}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41565256-3700-A76A-76A7-7A786E7484D7}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41525333-2D56-3700-76A7-7A786E7484D7}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{41525333-2D56-3700-76A7-7A786E7484D7}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41565256-3700-A76A-76A7-7A786E7484D7}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\joseOFC\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\joseOFC\appdata\local\{93A77494-9F1F-4ECB-BD2A-3A02C050F454}
Successfully deleted: [Empty Folder] C:\Users\joseOFC\appdata\local\{9742DCA0-CEFD-418A-BAE1-5C33110C1BE2}
Successfully deleted: [Empty Folder] C:\Users\joseOFC\appdata\local\{BE574B6D-C2E9-45F3-A719-670110F76B2A}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/20/2014 at 13:18:16.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.101 - Report created 20/11/2014 at 13:24:35
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : joseOFC - JOSEOFC-PC
# Running from : C:\Users\joseOFC\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\VNT
Folder Deleted : C:\Users\joseOFC\AppData\Local\VNT
Folder Deleted : C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\windows\System32\sasnative64.exe
File Deleted : C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Advanced System Protector
Task Deleted : Advanced System Protector_startup
Task Deleted : RegClean Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6197 octets] - [19/05/2014 23:12:17]
AdwCleaner[R1].txt - [1939 octets] - [20/11/2014 13:21:44]
AdwCleaner[S0].txt - [6138 octets] - [19/05/2014 23:13:11]
AdwCleaner[S1].txt - [1886 octets] - [20/11/2014 13:24:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1946 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by joseOFC (administrator) on JOSEOFC-PC on 20-11-2014 13:28:06
Running from C:\Users\joseOFC\Desktop
Loaded Profile: joseOFC (Available profiles: joseOFC)
 
 
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Koninklijke Philips Electronics N.V.) C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-10] (AVAST Software)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [Google Update] => C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-20] (Google Inc.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [ALconnect] => C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\MountPoints2: E - E:\SISetup.exe
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> DefaultScope {077D7FF9-819D-4F13-A9A3-13BE11652E02} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS506
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {077D7FF9-819D-4F13-A9A3-13BE11652E02} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS506
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} ->  No File
BHO: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} ->  No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 172.16.4.60
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\joseOFC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @talk.google.com/O1DPlugin -> C:\Users\joseOFC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\joseOFC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\joseOFC\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.toshiba.com
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
CHR Extension: (Google Drive) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14]
CHR Extension: (Google Search) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14]
CHR Extension: (Avast Online Security) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Gmail) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-10] ()
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
S2 mrtRate; No ImagePath
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-20 13:25 - 2014-11-20 13:25 - 00000318 _____ () C:\windows\PFRO.log
2014-11-20 13:19 - 2014-11-20 13:20 - 02140160 _____ () C:\Users\joseOFC\Desktop\AdwCleaner.exe
2014-11-20 13:18 - 2014-11-20 13:18 - 00002444 _____ () C:\Users\joseOFC\Desktop\JRT.txt
2014-11-20 13:08 - 2014-11-20 13:08 - 00000000 ____D () C:\windows\ERUNT
2014-11-20 13:07 - 2014-11-20 13:07 - 01707532 _____ (Thisisu) C:\Users\joseOFC\Desktop\JRT.exe
2014-11-20 13:03 - 2014-11-20 13:03 - 00002884 _____ () C:\Users\joseOFC\Desktop\fixlist.txt
2014-11-19 23:00 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 23:00 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 23:00 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 23:00 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-19 22:57 - 2014-11-19 22:58 - 00028918 _____ () C:\Users\joseOFC\Desktop\Addition.txt
2014-11-19 22:56 - 2014-11-20 13:29 - 00022274 _____ () C:\Users\joseOFC\Desktop\FRST.txt
2014-11-19 22:55 - 2014-11-19 22:55 - 00000000 ____D () C:\Users\joseOFC\Desktop\FRST-OlderVersion
2014-11-19 22:52 - 2014-11-20 13:25 - 00000224 _____ () C:\windows\setupact.log
2014-11-19 22:52 - 2014-11-19 22:52 - 00000000 _____ () C:\windows\setuperr.log
2014-11-14 21:31 - 2014-11-14 21:31 - 00688992 ____R (Swearware) C:\Users\joseOFC\Desktop\dds.com
2014-11-14 19:01 - 2014-11-14 19:01 - 00027800 _____ () C:\Users\joseOFC\Documents\cc_20141114_190139.reg
2014-11-13 23:59 - 2014-11-13 23:59 - 00014151 _____ () C:\Users\joseOFC\Downloads\FRST.txt
2014-11-13 23:58 - 2014-11-20 13:29 - 00000000 ____D () C:\FRST
2014-11-13 23:58 - 2014-11-19 22:55 - 02117120 _____ (Farbar) C:\Users\joseOFC\Desktop\FRST64.exe
2014-11-13 00:56 - 2010-12-21 16:42 - 02162488 _____ (Piriform Ltd) C:\Users\joseOFC\Desktop\CCleaner.exe
2014-11-11 18:40 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-11 18:40 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-11 18:40 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-11 18:38 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:38 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-11 18:38 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-11 18:38 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-11 18:38 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-11 18:38 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-11 18:38 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-11 18:38 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-11 18:38 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-11 18:28 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-11 18:28 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-11 18:28 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-11 18:28 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-11 18:28 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-11 18:28 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-11 18:27 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-11 18:23 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-11 18:23 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-11 18:23 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-11 18:22 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-11 18:21 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-11 18:21 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-11 18:21 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-11 06:54 - 2014-11-11 06:54 - 00000000 ____D () C:\Users\joseOFC\AppData\Roaming\Mozilla
2014-11-10 21:51 - 2014-11-10 21:52 - 19362952 _____ (IObit ) C:\Users\joseOFC\Downloads\imfv2-setup-for-review.exe
2014-11-10 01:28 - 2014-11-19 22:54 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-11-10 01:28 - 2014-11-10 01:28 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-10 01:28 - 2014-11-10 01:28 - 00000000 ____D () C:\Users\joseOFC\AppData\Roaming\AVAST Software
2014-11-10 01:28 - 2014-11-10 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-10 01:28 - 2014-11-10 01:27 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-10 01:27 - 2014-11-10 01:27 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-10 01:27 - 2014-11-10 01:27 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-10 01:18 - 2014-11-10 01:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-10 01:17 - 2014-11-10 01:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-10 01:15 - 2014-11-10 01:16 - 05006864 _____ (AVAST Software) C:\Users\joseOFC\Downloads\avast_free_antivirus_setup_online.exe
2014-11-10 01:11 - 2014-11-10 01:11 - 00003042 _____ () C:\windows\System32\Tasks\PandaUSBVaccine
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\ProgramData\Panda Security
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-11-10 01:10 - 2014-11-10 01:11 - 00848856 _____ (Panda Security ) C:\Users\joseOFC\Downloads\USBVaccineSetup.exe
2014-11-10 00:26 - 2014-11-19 00:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-10 00:26 - 2014-11-10 00:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-10 00:26 - 2014-11-10 00:26 - 00001273 _____ () C:\Users\joseOFC\Desktop\Spybot - Search & Destroy.lnk
2014-11-10 00:26 - 2014-11-10 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-11-10 00:23 - 2014-11-10 00:25 - 16409960 _____ (Safer Networking Limited ) C:\Users\joseOFC\Downloads\spybotsd162.exe
2014-11-09 22:49 - 2014-11-09 22:49 - 00000000 _____ () C:\autoexec.bat
2014-11-05 18:29 - 2014-11-05 18:29 - 00004056 _____ () C:\windows\System32\Tasks\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-20 13:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 13:34 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 13:26 - 2012-06-18 10:37 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 13:25 - 2012-06-18 09:53 - 01370927 _____ () C:\windows\WindowsUpdate.log
2014-11-20 13:25 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-20 13:24 - 2014-05-19 23:12 - 00000000 ____D () C:\AdwCleaner
2014-11-20 13:20 - 2012-04-18 04:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 12:54 - 2012-06-18 10:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 07:35 - 2013-01-20 15:17 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA.job
2014-11-19 06:45 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-19 00:43 - 2013-10-25 15:15 - 00000000 ____D () C:\windows\Minidump
2014-11-18 22:29 - 2012-11-15 05:39 - 00000000 ____D () C:\Users\joseOFC\Documents\Sonya
2014-11-18 19:54 - 2013-01-20 15:17 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core.job
2014-11-17 17:56 - 2012-11-11 21:55 - 00000000 ____D () C:\Users\joseOFC\AppData\Local\CrashDumps
2014-11-16 19:49 - 2013-01-20 15:17 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA
2014-11-16 19:49 - 2013-01-20 15:17 - 00003494 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core
2014-11-16 19:48 - 2012-06-18 10:37 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 19:48 - 2012-06-18 10:37 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 08:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-11-11 22:31 - 2009-07-13 23:45 - 00288616 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-11 22:29 - 2014-05-08 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-11 22:26 - 2013-10-26 08:13 - 00000000 ____D () C:\windows\system32\MRT
2014-11-11 22:21 - 2012-11-17 00:04 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 18:05 - 2012-04-18 04:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 18:04 - 2012-04-18 04:08 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:04 - 2012-04-18 04:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 22:15 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-09 21:46 - 2013-04-07 22:09 - 00000000 ____D () C:\Program Files\Handbrake
2014-11-09 21:43 - 2012-04-18 04:13 - 00000000 ____D () C:\ProgramData\Norton
2014-11-05 18:29 - 2010-11-21 02:06 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-27 21:27 - 2014-03-04 20:55 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\joseOFC\AppData\Local\Temp\converter.exe
C:\Users\joseOFC\AppData\Local\Temp\DefaultAssets.exe
C:\Users\joseOFC\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\joseOFC\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\joseOFC\AppData\Local\Temp\Quarantine.exe
C:\Users\joseOFC\AppData\Local\Temp\siinst.exe
C:\Users\joseOFC\AppData\Local\Temp\SpOrder.dll
C:\Users\joseOFC\AppData\Local\Temp\sqlite3.dll
C:\Users\joseOFC\AppData\Local\Temp\strings.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-18 18:01
 
==================== End Of Log ============================


#7 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 20 November 2014 - 02:13 PM

I kept cutting and pasting all those text logs as separate replies and they were all jumbled together. I thought they were individual posts. Let me know if you want me to try to keep it to separate replies.

 

Also, the computer seems to be sluggish again. When I ran all those processes, it was not so sluggish, but that last FRST was close to 100% cpu utilization. Thanks, again.



#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 20 November 2014 - 02:24 PM

Hi :)

Please go back to step 1, and reread the instructions. You have posted a copy of the fixlist.

Once you have run those steps, please follow the instructions in step number 4 to produce a new FRST log

Things I need to see in your next post.

Fixlog.txt Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 20 November 2014 - 02:32 PM

I kept cutting and pasting all those text logs as separate replies and they were all jumbled together. I thought they were individual posts. Let me know if you want me to try to keep it to separate replies.
 
Also, the computer seems to be sluggish again. When I ran all those processes, it was not so sluggish, but that last FRST was close to 100% cpu utilization. Thanks, again.

No worries on the logs. As you have posted them will be fine. The reason the machine is still sluggish is because Step 1 was not executed properly. Once you run the fix, you'll see improvement. :thumbsup2:

Please post the two logs at your convenience, and we will continue with the cleaning. :)

Edited by pystryker, 20 November 2014 - 02:36 PM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 November 2014 - 09:31 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-11-2014
Ran by joseOFC at 2014-11-21 21:10:11 Run:1
Running from C:\Users\joseOFC\Desktop
Loaded Profile: joseOFC (Available profiles: joseOFC)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Closeprocesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {69F40D1E-2640-4F83-9D02-9B5D2B5D3571} URL = http://www.search.ask.com/web?tpid=AVRV7&o=APN11068&pf=V7&p2=^B5N^YYYYYY^YY^US&gct=&itbv=12.12.2.104&apn_uid=4EFB583E-5AB4-4E92-848A-CDB96CE3EBE6&apn_ptnrs=^B5N&apn_dtid=^YYYYYY^YY^US&apn_dbr=iexplore.exe_6_11.0.9600.17041&doi=2014-05-17&trgb=IE&q={searchTerms}&psv=
BHO: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} -> No File
BHO: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {41525333-2D56-3700-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {41565256-3700-A76A-76A7-7A786E7484D7} -> No File
Toolbar: HKLM - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} - No File
Toolbar: HKLM - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {41525333-2D56-3700-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx []
CustomCLSID: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {141131CE-CC7F-4756-961D-4C202C1083B1} - \Advanced System Protector No Task File <==== ATTENTION
Task: {9C2D73A5-6F58-4CA7-8B14-35902158EDB1} - \RegClean Pro No Task File <==== ATTENTION
Task: {F7008142-8044-4C74-8103-86319150D42C} - System32\Tasks\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD} => C:\Users\joseOFC\AppData\Roaming\xezqiz.dll/s "C:\Users\joseOFC\AppData\Roaming\xezqiz.dll" <==== ATTENTION
Task: {FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4} - \Advanced System Protector_startup No Task File <==== ATTENTION
C:\Users\joseOFC\AppData\Roaming\xezqiz.dll
Task: {FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4} - \Advanced System Protector_startup No Task File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69F40D1E-2640-4F83-9D02-9B5D2B5D3571}" => Key not found.
"HKCR\CLSID\{69F40D1E-2640-4F83-9D02-9B5D2B5D3571}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41525333-2D56-3700-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{41525333-2D56-3700-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41565256-3700-A76A-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41525333-2D56-3700-76A7-7A786E7484D7}" => Key not found.
"HKCR\Wow6432Node\CLSID\{41525333-2D56-3700-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41565256-3700-A76A-76A7-7A786E7484D7}" => Key not found.
"HKCR\Wow6432Node\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41525333-2D56-3700-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{41525333-2D56-3700-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41565256-3700-A76A-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41525333-2D56-3700-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{41525333-2D56-3700-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41565256-3700-A76A-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7}" => Key not found.
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj" => Key deleted successfully.
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx" => File/Directory not found.
"HKU\S-1-5-21-2228828137-3245115527-2341551880-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{141131CE-CC7F-4756-961D-4C202C1083B1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C2D73A5-6F58-4CA7-8B14-35902158EDB1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7008142-8044-4C74-8103-86319150D42C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7008142-8044-4C74-8103-86319150D42C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E4FAECE-D318-83E2-2ABF-509BDE5DBCBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key not found.
"C:\Users\joseOFC\AppData\Roaming\xezqiz.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD4DE5D-D422-4377-B4ED-E5AF5B0572F4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key not found.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-11-2014
Ran by joseOFC (administrator) on JOSEOFC-PC on 21-11-2014 21:25:01
Running from C:\Users\joseOFC\Desktop
Loaded Profile: joseOFC (Available profiles: joseOFC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Koninklijke Philips Electronics N.V.) C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [Google Update] => C:\Users\joseOFC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-20] (Google Inc.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\Run: [ALconnect] => C:\Users\joseOFC\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\...\MountPoints2: E - E:\SISetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2228828137-3245115527-2341551880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> DefaultScope {077D7FF9-819D-4F13-A9A3-13BE11652E02} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS506
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {077D7FF9-819D-4F13-A9A3-13BE11652E02} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS506
SearchScopes: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2228828137-3245115527-2341551880-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\joseOFC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @talk.google.com/O1DPlugin -> C:\Users\joseOFC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2228828137-3245115527-2341551880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\joseOFC\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\joseOFC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\joseOFC\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.toshiba.com
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
CHR Extension: (Google Drive) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14]
CHR Extension: (Google Search) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14]
CHR Extension: (Avast Online Security) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Gmail) - C:\Users\joseOFC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-10] ()
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
S2 mrtRate; No ImagePath
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 13:25 - 2014-11-20 13:25 - 00000318 _____ () C:\windows\PFRO.log
2014-11-20 13:19 - 2014-11-20 13:20 - 02140160 _____ () C:\Users\joseOFC\Desktop\AdwCleaner.exe
2014-11-20 13:18 - 2014-11-20 13:18 - 00002444 _____ () C:\Users\joseOFC\Desktop\JRT.txt
2014-11-20 13:08 - 2014-11-20 13:08 - 00000000 ____D () C:\windows\ERUNT
2014-11-20 13:07 - 2014-11-20 13:07 - 01707532 _____ (Thisisu) C:\Users\joseOFC\Desktop\JRT.exe
2014-11-19 23:00 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 23:00 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 23:00 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 23:00 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-19 22:57 - 2014-11-19 22:58 - 00028918 _____ () C:\Users\joseOFC\Desktop\Addition.txt
2014-11-19 22:56 - 2014-11-21 21:25 - 00019889 _____ () C:\Users\joseOFC\Desktop\FRST.txt
2014-11-19 22:55 - 2014-11-21 21:09 - 00000000 ____D () C:\Users\joseOFC\Desktop\FRST-OlderVersion
2014-11-19 22:52 - 2014-11-21 21:22 - 00000336 _____ () C:\windows\setupact.log
2014-11-19 22:52 - 2014-11-19 22:52 - 00000000 _____ () C:\windows\setuperr.log
2014-11-14 21:31 - 2014-11-14 21:31 - 00688992 ____R (Swearware) C:\Users\joseOFC\Desktop\dds.com
2014-11-14 19:01 - 2014-11-14 19:01 - 00027800 _____ () C:\Users\joseOFC\Documents\cc_20141114_190139.reg
2014-11-13 23:59 - 2014-11-13 23:59 - 00014151 _____ () C:\Users\joseOFC\Downloads\FRST.txt
2014-11-13 23:58 - 2014-11-21 21:25 - 00000000 ____D () C:\FRST
2014-11-13 23:58 - 2014-11-21 21:09 - 02117632 _____ (Farbar) C:\Users\joseOFC\Desktop\FRST64.exe
2014-11-13 00:56 - 2010-12-21 16:42 - 02162488 _____ (Piriform Ltd) C:\Users\joseOFC\Desktop\CCleaner.exe
2014-11-11 18:40 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-11 18:40 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-11 18:40 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-11 18:38 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:38 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-11 18:38 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-11 18:38 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-11 18:38 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-11 18:38 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-11 18:38 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-11 18:38 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-11 18:38 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-11 18:28 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-11 18:28 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-11 18:28 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-11 18:28 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-11 18:28 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-11 18:28 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-11 18:27 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-11 18:27 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-11 18:27 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-11 18:27 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-11 18:27 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-11 18:23 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-11 18:23 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-11 18:23 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-11 18:22 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-11 18:21 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-11 18:21 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-11 18:21 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-11 06:54 - 2014-11-11 06:54 - 00000000 ____D () C:\Users\joseOFC\AppData\Roaming\Mozilla
2014-11-10 21:51 - 2014-11-10 21:52 - 19362952 _____ (IObit ) C:\Users\joseOFC\Downloads\imfv2-setup-for-review.exe
2014-11-10 01:28 - 2014-11-21 21:24 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-10 01:28 - 2014-11-21 21:04 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-11-10 01:28 - 2014-11-10 01:28 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-10 01:28 - 2014-11-10 01:28 - 00000000 ____D () C:\Users\joseOFC\AppData\Roaming\AVAST Software
2014-11-10 01:28 - 2014-11-10 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-10 01:28 - 2014-11-10 01:27 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.1416623096715
2014-11-10 01:28 - 2014-11-10 01:27 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-10 01:28 - 2014-11-10 01:27 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-10 01:27 - 2014-11-10 01:27 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-10 01:27 - 2014-11-10 01:27 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-10 01:18 - 2014-11-10 01:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-10 01:17 - 2014-11-10 01:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-10 01:15 - 2014-11-10 01:16 - 05006864 _____ (AVAST Software) C:\Users\joseOFC\Downloads\avast_free_antivirus_setup_online.exe
2014-11-10 01:11 - 2014-11-10 01:11 - 00003042 _____ () C:\windows\System32\Tasks\PandaUSBVaccine
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\ProgramData\Panda Security
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-11-10 01:11 - 2014-11-10 01:11 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-11-10 01:10 - 2014-11-10 01:11 - 00848856 _____ (Panda Security ) C:\Users\joseOFC\Downloads\USBVaccineSetup.exe
2014-11-10 00:26 - 2014-11-19 00:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-10 00:26 - 2014-11-10 00:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-10 00:26 - 2014-11-10 00:26 - 00001273 _____ () C:\Users\joseOFC\Desktop\Spybot - Search & Destroy.lnk
2014-11-10 00:26 - 2014-11-10 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-11-10 00:23 - 2014-11-10 00:25 - 16409960 _____ (Safer Networking Limited ) C:\Users\joseOFC\Downloads\spybotsd162.exe
2014-11-09 22:49 - 2014-11-09 22:49 - 00000000 _____ () C:\autoexec.bat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 21:23 - 2012-06-18 10:37 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 21:22 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-21 21:21 - 2012-06-18 09:53 - 01419142 _____ () C:\windows\WindowsUpdate.log
2014-11-21 21:20 - 2012-04-18 04:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 21:17 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 21:17 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 13:54 - 2013-01-20 15:17 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA.job
2014-11-20 13:54 - 2012-06-18 10:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 13:24 - 2014-05-19 23:12 - 00000000 ____D () C:\AdwCleaner
2014-11-19 06:45 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-19 00:43 - 2013-10-25 15:15 - 00000000 ____D () C:\windows\Minidump
2014-11-18 22:29 - 2012-11-15 05:39 - 00000000 ____D () C:\Users\joseOFC\Documents\Sonya
2014-11-18 19:54 - 2013-01-20 15:17 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core.job
2014-11-17 17:56 - 2012-11-11 21:55 - 00000000 ____D () C:\Users\joseOFC\AppData\Local\CrashDumps
2014-11-16 19:49 - 2013-01-20 15:17 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001UA
2014-11-16 19:49 - 2013-01-20 15:17 - 00003494 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2228828137-3245115527-2341551880-1001Core
2014-11-16 19:48 - 2012-06-18 10:37 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 19:48 - 2012-06-18 10:37 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 08:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-11-11 22:31 - 2009-07-13 23:45 - 00288616 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-11 22:29 - 2014-05-08 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-11 22:26 - 2013-10-26 08:13 - 00000000 ____D () C:\windows\system32\MRT
2014-11-11 22:21 - 2012-11-17 00:04 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 18:05 - 2012-04-18 04:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 18:04 - 2012-04-18 04:08 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:04 - 2012-04-18 04:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 22:15 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-09 21:46 - 2013-04-07 22:09 - 00000000 ____D () C:\Program Files\Handbrake
2014-11-09 21:43 - 2012-04-18 04:13 - 00000000 ____D () C:\ProgramData\Norton
2014-11-05 18:29 - 2010-11-21 02:06 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-27 21:27 - 2014-03-04 20:55 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-18 18:01

==================== End Of Log ============================



#11 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 November 2014 - 09:32 PM

CPU usage down in the single digits. Running much better now. Please advise. Thanks.



#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 21 November 2014 - 09:56 PM

CPU usage down in the single digits. Running much better now. Please advise. Thanks.


Excellent! :thumbup2: Let's scan for any remnants and any out of date programs on your machine. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 November 2014 - 11:23 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/21/2014
Scan Time: 11:03:00 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.22.02
Rootkit Database: v2014.11.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: joseOFC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314987
Time Elapsed: 16 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#14 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 22 November 2014 - 12:52 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=af5842bb615d0944b495c2335c145a4c
# engine=21212
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-22 05:50:05
# local_time=2014-11-22 12:50:05 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 0 343016 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 168178855 0 0
# scanned=167708
# found=28
# cleaned=0
# scan_time=4131
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport.dll.vir"
sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Passport_x64.dll.vir"
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARS3-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\joseOFC\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\sasnative64.exe.vir"
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\apnmcp_exe"
sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\SearchHook_dll"
sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\ServiceLocator_exe"
sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\SO_dll"
sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\ToolbarPS_dll"
sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\toolbar_dll"
sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\toolbar_dll_x64"
sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\Toolbar_exe"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\3335251465D20073677A7A857BC0A060\12.10.6\UpdateManager_exe"
sh=BB8C196BCDBED01EA857168CF4F563B43E8705D5 ft=1 fh=42c680e3bdbef60e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\System32\plsapp.dll"
sh=BB8C196BCDBED01EA857168CF4F563B43E8705D5 ft=1 fh=42c680e3bdbef60e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\SysWOW64\plsapp.dll"
 



#15 bumper70

bumper70
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 22 November 2014 - 12:58 AM

 Results of screen317's Security Check version 0.99.90 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java™ 6 Update 25 
 Java version out of Date!
 Google Chrome (38.0.2125.104)
 Google Chrome (38.0.2125.111)
 Google Chrome (chrome.exe..)
 Google Chrome (Dictionaries...)
 Google Chrome (master_preferences...)
 Google Chrome (old_chrome.exe..)
 Google Chrome (plugins...)
 Google Chrome (wow_helper.exe..)
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 ESET ESET Online Scanner OnlineScannerApp.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users