Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Something has crawled into my laptop - Popups [Solved]


  • This topic is locked This topic is locked
15 replies to this topic

#1 lorrs58

lorrs58

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 08 October 2014 - 03:33 PM

Hi,

 I am getting continual Popups. I would really appreciate any help.  Thank you.  here is my logfile. 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:28, on 08/10/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Lorraine\AppData\Local\CronDesktopQuick\CopyDebugPath.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:31832
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.ancestry.co.uk
O15 - Trusted Zone: http://ancestryuk.custhelp.com
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanne..._IKEA_Win32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AddonCodecScreenshot - Unknown owner - C:\Windows\SysWOW64\AddonCodecScreenshot\AddonCodecScreenshot.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CronDesktopQuick.exe - Unknown owner - C:\Users\Lorraine\AppData\Local\CronDesktopQuick\CronDesktopQuick.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - Unknown owner - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16998 bytes


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 October 2014 - 07:55 AM

:welcome:

 

You have a bit going on, lets do this

 


1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAMDashboard_zpsddef9b5f.gif
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 October 2014 - 10:18 AM

Still with me or have you resolved this issue ???



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#4 lorrs58

lorrs58

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 October 2014 - 05:09 PM

Hi, I tried to download the programmes you suggested and could not run the aswMBR. I managed to stop the pop ups,but my computer is running slowly. Hence I am using iPad. I would still appreciate your help. As my laptop is locked up for its own safety. I will try again to run the programmes. I just needed to recharge for round two. Thanks for help.

#5 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 October 2014 - 05:19 PM

If you post here for help, let us help you, doing things on your own may cause more problems and erase what may really be going on.  Go ahead and bypass aswMBR for now and run the other programs I listed in order please and post the logs from each one



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#6 lorrs58

lorrs58

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 13 October 2014 - 11:50 AM

Hi,

here are the log files you requested. I hope I have done this correctly.  Thank you again for your continued help. :clap:

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:14, on 13/10/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.ancestry.co.uk
O15 - Trusted Zone: http://ancestryuk.custhelp.com
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanne..._IKEA_Win32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - Unknown owner - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16790 bytes

 

 

# AdwCleaner v4.000 - Report created 13/10/2014 at 09:57:33
# DB v2014-10-12.3
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lorraine - TOSH
# Running from : C:\Users\Lorraine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7IWPBOB\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Google Chrome v37.0.2062.124

*************************

AdwCleaner[R0].txt - [5479 octets] - [13/10/2014 09:47:40]
AdwCleaner[R1].txt - [5539 octets] - [13/10/2014 09:54:42]
AdwCleaner[S0].txt - [5193 octets] - [13/10/2014 09:57:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5253 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64

 

Ran by Lorraine on 13/10/2014 at  9:38:34.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

~~~ Files

Successfully deleted: [File] "C:\Users\Lorraine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Lorraine\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ad-aware browsing protection"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Lorraine\AppData\Roaming\anyprotectex"
Successfully deleted: [Folder] "C:\Users\Lorraine\AppData\Roaming\ap_logs"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{00443C80-A937-4842-94EA-68FF1C5FAB50}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{00D125A0-FB64-44F5-96E2-341368DD7226}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{022A6E92-2BFD-4292-8989-3296F9BEB442}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{04BC755E-047E-4860-A4F9-5F5E106FD81C}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{05686BB1-C98E-4288-8AB2-579CCA56D937}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{076BFC27-C548-4A0C-B415-F4D9A10C12A2}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{0986B108-DA41-4DC1-B6E7-A50862AB10FC}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{0B10663D-3734-40D6-8B06-7E1FA49C2902}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{16200D76-9303-4B28-B5AE-B7FB2A7DBAC8}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{16F090E2-0E17-4653-A3C1-9E7D670C4B90}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{19B441BF-B5C7-42B8-8394-346C64CEEC10}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{1D95744B-2F8A-4CF3-83DF-37FB4533D7DF}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{1E185256-E6C1-407F-A20A-42B44BA07AA6}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{1E841E10-CC5B-40AC-83A0-C8C458D19905}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{203FA3A6-0303-47D9-A1E5-D29BF258F61E}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{20FDB000-74E7-4962-BD72-B390721F947F}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{2702F2CB-1FF9-4D35-A905-6ECBB5770889}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{274E4131-9481-4631-9608-38209D48CE7D}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{2BCB37EC-F1F0-46DD-8532-4BD3FD3D8D60}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{2D2E0CBD-B39D-43B7-BEDE-234D3FDACF38}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{2E3E1504-7CDB-4142-9313-FB751441E41F}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{3070508C-030A-40AA-B7F3-C4E483ED0A79}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{3362C63D-9D78-44FF-86C1-5DA70DA7C89C}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{378C2B50-04A3-42DB-9125-299B594F4673}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{38E6959B-EB11-4212-913F-B96030E0E027}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{3AED9F75-24C5-47EF-80D3-16444CDAFD35}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{3E13A158-97E0-4BBF-8485-CD1F22824662}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{3ED8B04E-458A-4AA8-A95B-A62A859481D8}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{410EFE5C-C18A-48F4-B1EB-21E5DD960596}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{410F115C-B31E-46E5-B78F-7EA9792F6B70}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{4193D794-8166-4452-8EAC-17CE79828B68}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{428A7F96-C578-4385-AEBE-DB6A34D665DE}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{42E33A8D-EBEE-46D4-BF2A-B27687C2DAF8}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{45F4906E-4D2D-4632-9A00-20C07FEB043E}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{47177D3B-29CB-46AE-A02A-516560D1515C}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{4C00D211-6A39-4E48-B8C1-8BBEFDA987F6}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{511DF651-FDD8-40A2-B22F-3DCD55C0DA15}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{5127046F-C97C-46DD-BDB2-BC526C16B8DD}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{51A5A33F-6E3B-4F90-A379-D4D62A4A9C88}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{554D7E26-1D0B-41DB-A00A-F9999C92CBF5}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{5AF58438-A9BF-4BE4-A0D1-98EAEFB1F2F5}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{5CA64DBE-2780-458D-B813-CD967351FF4A}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{62AE93C2-1118-4739-A15A-9F8FCD8656E1}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{656494DF-9117-4C45-A5DE-B2498210CC6F}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{6567DB36-3404-4D05-8F38-4E87ECD17F45}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{6A41B378-F9BB-4C7C-9088-D0928F44C16E}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{6C528F70-B90E-4E5C-9201-914B44BB4D5E}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{6F7557D2-84CF-47FE-B415-F22386C1D718}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{72F5F1F6-7D7A-4D39-85DF-6D596F8A00D0}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{74C20A96-3870-4D1C-B455-C8473CE3368B}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{7D0FB5E6-5809-4ACB-8D1C-B9DAEEFE6D5E}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{80015DBA-313B-4C98-8466-887F8939AEBF}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{81187E17-CE5E-4985-97D7-481AB697905A}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{81AFBE20-1CA3-4B75-90E4-6C91F8226259}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{822C5B4B-B604-45D6-8C52-F34C47E72812}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{8435DB4D-D38B-46AE-823E-6187D25E5817}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{862A8AC7-E4B4-4B18-B7F4-FDB5E55785E0}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{8673C036-8277-4087-AAD3-2C2398F8BF71}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{87195F05-7A4E-489B-8921-11DBB6C8157E}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{8A18D5B5-E189-4A80-8CEC-A65B95D47822}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{907B09C4-E5B2-4D1B-8338-225AB7186109}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{92A2ED22-3E87-43FE-916D-10E250F5AD3E}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{9733D073-C760-4A0D-8F54-F11CB0236D94}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{9998A0F4-D035-4DC6-B4D1-BD43BA194855}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{9BA10201-5DB8-41EE-A43B-CC8AD72BA8FB}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{9D1C252C-9512-41DC-A475-BF753BBC4EA3}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{9E5201C0-71F2-415C-A98A-4C248F3FC7F4}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{A0167E02-6BCE-4F6B-B491-39A05241862F}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{A038EF63-BFE4-4ECF-B094-55C535855B69}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{A46EEFE0-1E36-408D-83BA-F9D9B24BBCCB}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{A7299667-BDE1-4B51-B48F-9A21830BB72D}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{A78E3655-9707-4848-B326-810243F060A0}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{AAB4156C-D2D8-426C-9B62-3CA26DC98F21}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{B2ADE108-1892-434D-A715-09639F5C5E04}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{B441312F-1051-4813-A3F6-C25B3EA65977}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{B4CD759F-6E10-4C8D-AB9F-9CC23B2C86DD}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{B7537BCE-EB5A-41D9-B218-80EF5C05954D}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{BA984D9F-D7F9-4F2E-ADEC-5FEDCEA745E5}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{BC0F326E-73C4-4C52-A2D7-DABA87EAF955}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{BCC25F34-E13D-44A5-B9D8-92C7B03265AE}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{BD00DCF5-E456-49C7-8465-72E80EFAAD5A}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{BF9F19ED-FB00-48E0-99F1-B88509CBEB14}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{C0CC992C-792A-4005-8BAD-F1CFF2BABC56}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{C259B35B-B353-48BB-B923-DF285FDF5403}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{C492B4DB-F158-4D40-8254-B436DEFCF6D2}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{C531FCBA-E15E-4DE3-AAB7-CA9C355F3051}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{C66B86B3-DEFB-4A62-8315-0A3E9002AC85}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{C69917D5-977E-4CC6-AE72-A749F8B99BD6}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{CB0E291C-07CC-4752-9734-240F5C9F6083}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{CBD8A1B8-7AD7-4F69-A681-4B22BD7C80B1}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{D0D75B49-F647-40D5-9EEF-039AA575B397}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{D32C4CA9-CEA7-41D0-8975-E74B70294407}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{D384E5F3-28AB-4A3E-B098-52C535108745}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{D845051A-9BBF-4182-9805-84ED8B680896}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{E1D4354D-B835-4C80-8B12-25806D0B33BE}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{E23206EE-CCE5-4B14-9207-0E8C1B86036F}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{E9AEE6F7-BE43-4E4E-BC49-F91225BBB194}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{ECB940DE-261F-433B-BA5F-1BB856B377EB}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{ED882282-AF9A-411B-A095-123926C931C2}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{F03C37D7-394D-499E-873B-322DF5BD44AC}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{F15C4170-FF8A-4785-A7F0-07593D62021F}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{F6BEA727-7A45-48E8-A5F1-839156ED9D02}
Successfully deleted: [Empty Folder] C:\Users\Lorraine\appdata\local\{FD9D59B6-0B9D-43FA-AA2A-A56BE4493979}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/10/2014 at  9:44:09.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/10/2014
Scan Time: 10:41:46
Logfile: Malaware 131014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.13.01
Rootkit Database: v2014.10.11.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lorraine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369285
Time Elapsed: 21 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.BundleInstaller.A, C:\Users\Lorraine\Downloads\MediaPlayerSetup.exe, , [66cf47cdd2aa9f97e8a4b825cf3526da],
PUP.Optional.Speedial.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://speedial.com/...r=1502847906=" ],), ,[c075041049331d19ecab57f9be47ec14]
PUP.Optional.Speedial.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://speedial.com/...r=1502847906=",), ,[15204fc5215b979f3d5baca48f76c23e]

Physical Sectors: 0
(No malicious items detected)

(end)



#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 October 2014 - 12:58 PM

Good, we dont use Hijackthis much anymore, there are better scanners that we are currently using.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #8 lorrs58

    lorrs58

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 13 October 2014 - 04:14 PM

    Hi,  here are the Fabar Recovery Scan and the additions results as follows: 

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
    Ran by Lorraine (administrator) on TOSH on 13-10-2014 23:02:05
    Running from C:\Users\Lorraine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKJ4BZJY
    Loaded Profile: Lorraine (Available profiles: Lorraine & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-05] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3277656702-3710866742-1113557967-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
    ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
    SearchScopes: HKCU - DefaultScope {C7C55730-6D0A-4DED-B32B-033E58B5D189} URL = https://uk.search.ya...&p={SearchTerms}
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {C7C55730-6D0A-4DED-B32B-033E58B5D189} URL = https://uk.search.ya...&p={SearchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
    DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: HKLM-x32 {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-10]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3
    CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3", "hxxp://speedial.com/?f=1&a=spd_ir_14_21_ie&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyE0DyEzzyC0EyCtCzztDtN0D0Tzu0SzzyByDtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyCtD0FtB0ByEtCtGtA0DyD0CtG0B0A0F0CtGtDzyzzyDtGyDtDyD0FyDtC0AyBtCtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAzytDtD0FyByBtGtBtAtD0BtG0D0FyE0BtGyC0FzyyCtGyE0F0A0CzzyBtD0CyDtD0D0A2Q&cr=1502847906&ir="
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR DefaultSearchProvider: Default -> McAfee
    CHR DefaultSearchURL: Default -> https://uk.search.ya...&p={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-27]
    CHR Extension: (Google Drive) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
    CHR Extension: (YouTube) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]
    CHR Extension: (Google Search) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-27]
    CHR Extension: (Block site) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-06-27]
    CHR Extension: (SiteAdvisor) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-27]
    CHR Extension: (Google Wallet) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
    CHR Extension: (Gmail) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-29]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
    R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)
    R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
    S2 Crypkey License; crypserv.exe [X]
    S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
    R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
    S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
    S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
    S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
    S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
    S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-13 23:01 - 2014-10-13 23:02 - 00000000 ____D () C:\FRST
    2014-10-13 18:47 - 2014-10-13 18:47 - 00002261 _____ () C:\Users\Lorraine\Documents\Malaware 131014.txt
    2014-10-13 10:03 - 2014-10-13 10:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-13 10:03 - 2014-10-13 10:03 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-13 10:03 - 2014-10-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-13 10:03 - 2014-10-13 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-13 10:03 - 2014-10-13 10:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-13 10:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-13 10:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-13 10:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-13 09:47 - 2014-10-13 10:01 - 00000000 ____D () C:\AdwCleaner
    2014-10-13 09:44 - 2014-10-13 09:44 - 00013570 _____ () C:\Users\Lorraine\Desktop\JRT.txt
    2014-10-13 09:38 - 2014-10-13 09:38 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-13 09:03 - 2014-10-13 09:03 - 00002064 _____ () C:\Users\Lorraine\Desktop\HijackThis.lnk
    2014-10-13 09:03 - 2014-10-13 09:03 - 00002064 _____ () C:\Users\Guest\Desktop\HijackThis.lnk
    2014-10-13 09:02 - 2014-10-13 09:02 - 00812344 _____ (Trend Micro Inc.) C:\Users\Lorraine\Downloads\HJTInstall.exe
    2014-10-10 09:08 - 2014-10-10 09:08 - 00007485 _____ () C:\Users\Lorraine\Documents\Shire tickets from CRASH.htm
    2014-10-09 02:36 - 2014-10-09 02:36 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-10-09 02:33 - 2014-10-09 02:33 - 19838824 _____ (SUPERAntiSpyware) C:\Users\Lorraine\Downloads\SUPERAntiSpyware.exe
    2014-10-09 02:29 - 2014-10-09 02:29 - 00015942 _____ () C:\Users\Lorraine\Downloads\hijackthis 091014.txt
    2014-10-09 02:28 - 2014-10-09 02:28 - 00015942 _____ () C:\Users\Lorraine\Downloads\hijackthis.log
    2014-10-09 02:27 - 2014-10-09 02:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lorraine\Downloads\HiJackThis.exe
    2014-10-09 02:01 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-09 02:01 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-09 01:04 - 2014-10-09 01:34 - 00000000 ____D () C:\SUPERDelete
    2014-10-09 00:27 - 2014-10-13 18:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-10-09 00:27 - 2014-10-09 00:27 - 00000000 ____D () C:\Users\Lorraine\AppData\Roaming\SUPERAntiSpyware.com
    2014-10-09 00:27 - 2014-10-09 00:27 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-10-08 23:44 - 2014-10-08 23:44 - 00002263 _____ () C:\Users\Lorraine\Documents\aswMBR081014 2.txt
    2014-10-08 23:44 - 2014-10-08 23:44 - 00000512 _____ () C:\Users\Lorraine\Documents\MBR.dat
    2014-10-08 23:29 - 2014-10-08 23:29 - 00000619 _____ () C:\Users\Lorraine\Documents\aswMBR 081014.txt
    2014-10-08 22:21 - 2014-10-13 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    2014-10-08 22:21 - 2014-10-08 22:21 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-10-08 21:46 - 2014-10-08 21:46 - 00017166 _____ () C:\Users\Lorraine\Documents\hijackthis 081014.txt
    2014-10-08 18:30 - 2014-10-08 18:30 - 00627656 _____ (ClickMeIn Limited) C:\Users\Lorraine\AppData\Local\nsb26A3.tmp
    2014-10-08 18:30 - 2014-10-08 18:30 - 00000000 ____D () C:\Users\Lorraine\AppData\Roaming\ap_movie
    2014-10-08 14:36 - 2014-10-08 20:54 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
    2014-10-08 14:36 - 2014-10-08 14:36 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\Bluestacks
    2014-10-08 14:35 - 2014-10-09 01:47 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\CronDesktopQuick
    2014-09-30 22:46 - 2014-10-02 17:53 - 00011696 _____ () C:\Users\Lorraine\Documents\Morris Bural records.xlsx
    2014-09-30 19:58 - 2014-10-13 09:58 - 00000974 _____ () C:\Windows\PFRO.log
    2014-09-30 19:58 - 2014-10-13 09:58 - 00000504 _____ () C:\Windows\setupact.log
    2014-09-30 19:58 - 2014-09-30 19:58 - 00000000 _____ () C:\Windows\setuperr.log
    2014-09-26 15:18 - 2014-09-26 15:18 - 00000000 ___RD () C:\Users\Lorraine\Documents\Notes
    2014-09-24 16:25 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-24 16:25 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-09-24 10:38 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
    2014-09-21 08:42 - 2014-10-09 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-09-21 08:40 - 2014-10-09 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-21 08:40 - 2014-09-21 08:40 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-09-21 08:39 - 2014-09-21 08:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-21 08:39 - 2014-09-21 08:40 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-21 08:39 - 2014-09-21 08:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-20 17:58 - 2014-09-20 17:58 - 00009068 _____ () C:\Users\Lorraine\Documents\Vessey FH addresses.xlsx
    2014-09-20 15:09 - 2014-09-20 15:09 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
    2014-09-20 15:09 - 2014-09-20 15:09 - 00003532 _____ () C:\Windows\System32\Tasks\iolo System Checkup
    2014-09-20 15:09 - 2014-09-20 15:09 - 00001146 _____ () C:\Users\Lorraine\Desktop\System Checkup.lnk
    2014-09-20 15:09 - 2014-09-20 15:09 - 00000000 ____D () C:\ProgramData\iolo
    2014-09-20 15:09 - 2014-09-20 15:09 - 00000000 ____D () C:\Program Files (x86)\iolo
    2014-09-13 23:13 - 2014-09-13 23:13 - 00014755 _____ () C:\Users\Lorraine\Documents\Irish census 1911.xlsx
    2014-09-13 21:17 - 2014-09-13 21:17 - 00000000 ____D () C:\Users\Lorraine\Documents\Moira Family Tree

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-13 22:58 - 2010-04-18 22:46 - 01637537 _____ () C:\Windows\WindowsUpdate.log
    2014-10-13 22:57 - 2014-06-27 09:45 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-13 22:57 - 2013-03-23 16:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-13 22:57 - 2010-11-05 21:04 - 00000258 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
    2014-10-13 19:34 - 2010-07-08 01:45 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C112D37-2E09-4D84-A861-D4B65D665401}
    2014-10-13 10:06 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-13 10:06 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-13 09:59 - 2014-06-27 09:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-13 09:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-13 08:59 - 2010-08-17 08:56 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\Adobe
    2014-10-11 22:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-10 18:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-09 02:37 - 2014-04-01 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-10-09 01:48 - 2010-07-07 23:28 - 00000000 ____D () C:\Users\Lorraine
    2014-10-09 01:47 - 2014-06-18 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-10-09 01:47 - 2013-12-17 11:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-10-09 01:47 - 2013-11-07 08:54 - 00000000 ____D () C:\Users\Guest
    2014-10-09 01:47 - 2010-09-09 00:27 - 00000000 ____D () C:\Users\Lorraine\Documents\Audible
    2014-10-09 01:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
    2014-10-09 01:46 - 2013-12-17 11:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-10-09 01:46 - 2010-03-04 11:09 - 00000000 __RHD () C:\MSOCache
    2014-10-08 20:31 - 2014-09-01 09:18 - 00000365 _____ () C:\Users\Lorraine\AppData\Roaming\TKYN
    2014-10-07 16:10 - 2010-11-09 22:27 - 00017046 _____ () C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
    2014-10-07 16:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2014-10-07 16:07 - 2014-08-10 23:04 - 00000000 ____D () C:\Users\Lorraine\Documents\DISNEY DOLLAR
    2014-09-29 20:36 - 2010-08-25 17:50 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\CrashDumps
    2014-09-29 20:34 - 2011-02-18 03:42 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-09-29 20:34 - 2011-02-18 03:42 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-25 08:54 - 2014-06-27 09:46 - 00002069 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-09-25 07:57 - 2014-05-02 16:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-25 07:56 - 2012-12-03 14:43 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\5769DD8A-2C9A-4A2E-AFA6-76DC3033A033.aplzod
    2014-09-25 07:55 - 2010-07-14 22:11 - 00000000 ____D () C:\Users\Lorraine\AppData\Roaming\Apple Computer
    2014-09-25 07:54 - 2013-03-23 16:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-25 07:54 - 2013-03-23 16:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-25 07:54 - 2011-12-08 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-24 10:37 - 2014-04-10 16:59 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-09-21 22:57 - 2010-07-18 07:26 - 00000000 ____D () C:\Users\Lorraine\Documents\Family Tree Maker
    2014-09-21 08:39 - 2010-09-29 07:45 - 00000000 ____D () C:\Program Files\iPod
    2014-09-15 20:42 - 2011-01-11 19:06 - 00000000 ____D () C:\Users\Lorraine\Documents\Outlook Files
    2014-09-15 08:22 - 2014-09-12 11:30 - 00010993 _____ () C:\Users\Lorraine\Documents\S and H Sept 2014.xlsx

    Some content of TEMP:
    ====================
    C:\Users\Lorraine\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lorraine\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-10-10 18:20

    ==================== End Of Log ============================

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
    Ran by Lorraine at 2014-10-13 23:03:28
    Running from C:\Users\Lorraine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKJ4BZJY
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Adventures of Robinson Crusoe (HKLM-x32\...\{3552C8D8-7211-4F68-9B05-8413D1D780BB}) (Version: 1.00 - GSP)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
    eBay (HKLM-x32\...\{E1FFC21B-CB65-4C06-8FEA-16F47A4222FD}) (Version: 1.0.5 - eBay Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    EPSON BX610FW Series Printer Uninstall (HKLM\...\EPSON BX610FW Series) (Version:  - SEIKO EPSON Corporation)
    Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
    Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version:  - )
    Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
    Epson Stylus Office BX610FW_Office TX610FW_SX610FW Manual (HKLM-x32\...\Epson Stylus Office BX610FW_Office TX610FW_SX610FW User’s Guide) (Version:  - )
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
    EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
    Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.376 - Ancestry.com)
    Family Tree Maker 2011 (x32 Version: 20.0.376 - Ancestry.com) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
    iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version:  - )
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
    McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
    McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
    MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
    MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
    System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.1.42 - iolo technologies, LLC)
    Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.06.64 - TOSHIBA Corporation)
    TOSHIBA Bulletin Board (Version: 1.5.06.64 - TOSHIBA Corporation) Hidden
    TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
    TOSHIBA eco Utility (x32 Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
    TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
    TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.18C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (x32 Version: 1.63.0.18C - TOSHIBA CORPORATION) Hidden
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
    Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.6.64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
    TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.08.64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (Version: 1.5.08.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
    TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden
    TOSHIBA TEMPRO (HKLM-x32\...\{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}) (Version: 3.34 - Toshiba Europe GmbH)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.34.64 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (Version: 1.2.34.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Value Added Package (x32 Version: 1.2.34.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
    Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
    Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
    Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Web Publishing Wizard (HKLM-x32\...\WebPost) (Version:  - )
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    WinAVI Video Converter (HKLM-x32\...\WinAVI Video Converter_is1) (Version:  - ZJ Computing, Inc.)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
    Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
    Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
    Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    21-09-2014 13:39:43 Scheduled Checkpoint
    24-09-2014 18:32:50 Windows Update
    01-10-2014 18:14:42 Windows Update
    09-10-2014 00:43:22 Restore Operation
    09-10-2014 01:41:03 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0FAD8604-AFAC-4191-BC8A-90C668EB737C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {116B9A30-A1D3-42A0-BA46-C481194CF312} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {26724F9C-3907-4F12-83DD-A10D7CD585E9} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
    Task: {39C6C3DE-324E-4C8D-B8DE-C91CCAF7F6F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
    Task: {44767B3A-7A3C-45D7-BA4C-A05376EE2BA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
    Task: {57214BBD-5C99-4854-BD0F-01DE3E46D189} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
    Task: {6A328535-FE7E-4A6C-B241-9CB0A0E838A0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
    Task: {7DD66C69-6AC3-48C1-82D0-87C9BB499FFD} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-09-20] ()
    Task: {7E329FED-C9E7-4D48-84EF-C5FF7D2E3A70} - System32\Tasks\{B12A8EEA-0FA6-46C3-8469-43AEEAAB1F27} => C:\Program Files (x86)\i-CD\UK-Info 2003 Lite\ukid.exe
    Task: {9CAB7051-DC4D-4430-9B51-1CDD872312E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
    Task: {9FD4E320-8164-4770-9E69-17CD8E3FA40B} - System32\Tasks\{EE7F264C-5C3D-473D-961D-1AF8EF297C0D} => C:\Program Files (x86)\i-CD\UK-Info 2003 Lite\ukid.exe
    Task: {AE011012-D792-434E-B6F6-8C9562AF6F91} - System32\Tasks\AdobeAAMUpdater-1.0-TOSH-Lorraine => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {B1B1DF58-1A2C-492F-B2C9-F5D4BAF68131} - System32\Tasks\{0C962CF9-DEBF-4833-A3FD-04F97A3A42AE} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
    Task: {C91892F5-204F-4970-A684-3A82857F12C6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {EA2AB158-9F6B-4D41-BCF8-55D21AA441BD} - System32\Tasks\{F91A92BF-BA44-4920-9929-D4A7C3D89115} => C:\Program Files (x86)\i-CD\UK-Info 2003 Lite\ukid.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2009-10-18 15:20 - 2009-10-18 15:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    2010-03-04 10:45 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
    2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
    2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
    2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-11-05 21:02 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    2010-11-05 21:02 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:397D67BA

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3277656702-3710866742-1113557967-500 - Administrator - Disabled)
    Guest (S-1-5-21-3277656702-3710866742-1113557967-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-3277656702-3710866742-1113557967-1002 - Limited - Enabled)
    Lorraine (S-1-5-21-3277656702-3710866742-1113557967-1000 - Administrator - Enabled) => C:\Users\Lorraine

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 418628

    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 418628

    Error: (10/13/2014 11:12:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/13/2014 10:01:11 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.

    Operation:
       Gathering Writer Data

    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {eda070ac-0e6c-4272-8aed-e687ad61d652}

    Error: (10/13/2014 09:53:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdwCleaner.exe version 4.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1100

    Start Time: 01cfe6c25122afd1

    Termination Time: 16

    Application Path: C:\Users\Lorraine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8C615HG\AdwCleaner.exe

    Report Id:

    System errors:
    =============
    Error: (10/13/2014 09:59:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    NetworkX

    Error: (10/13/2014 09:58:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Crypkey License service failed to start due to the following error:
    %%2

    Microsoft Office Sessions:
    =========================
    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 418628

    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 418628

    Error: (10/13/2014 11:12:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/13/2014 10:01:11 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.

    Operation:
       Gathering Writer Data

    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {eda070ac-0e6c-4272-8aed-e687ad61d652}

    Error: (10/13/2014 09:53:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: AdwCleaner.exe4.0.0.0110001cfe6c25122afd116C:\Users\Lorraine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8C615HG\AdwCleaner.exe

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
    Percentage of memory in use: 55%
    Total physical RAM: 3893.61 MB
    Available physical RAM: 1744.17 MB
    Total Pagefile: 7785.39 MB
    Available Pagefile: 5066.1 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:15.25 GB) NTFS
    Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:140.85 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AB8BD068)
    Partition 1: (Active) - (Size=400 MB) - (Type=27)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #9 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 13 October 2014 - 05:09 PM

    Just a few things with Chome need to be fixed, the rest of the log looks fine

     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3
    CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3", "hxxp://speedial.com/?f=1&a=spd_ir_14_21_ie&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyE0DyEzzyC0EyCtCzztDtN0D0Tzu0SzzyByDtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyCtD0FtB0ByEtCtGtA0DyD0CtG0B0A0F0CtGtDzyzzyDtGyDtDyD0FyDtC0AyBtCtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAzytDtD0FyByBtGtBtAtD0BtG0D0FyE0BtGyC0FzyyCtGyE0F0A0CzzyBtD0CyDtD0D0A2Q&cr=1502847906&ir="
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #10 lorrs58

    lorrs58

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 13 October 2014 - 09:08 PM

    Hi, I have had to re-run the Farbar recovery, as I had not saved it. please forgive my ignorance. Will the fix you have supplied be O.K to use. Thank you for your patience.

    The latest results are as follows:


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
    Ran by Lorraine (administrator) on TOSH on 14-10-2014 03:56:01
    Running from C:\Users\Lorraine\Downloads
    Loaded Profile: Lorraine (Available profiles: Lorraine & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-10-26] (Toshiba Europe GmbH)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
    HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [843776 2009-06-05] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3277656702-3710866742-1113557967-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
    ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/
    SearchScopes: HKCU - DefaultScope {C7C55730-6D0A-4DED-B32B-033E58B5D189} URL = https://uk.search.ya...p={SearchTerms}
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {C7C55730-6D0A-4DED-B32B-033E58B5D189} URL = https://uk.search.ya...p={SearchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
    DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: HKLM-x32 {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

    FireFox:
    ========
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-10]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3
    CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3", "hxxp://speedial.com/?f=1&a=spd_ir_14_21_ie&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyE0DyEzzyC0EyCtCzztDtN0D0Tzu0SzzyByDtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyCtD0FtB0ByEtCtGtA0DyD0CtG0B0A0F0CtGtDzyzzyDtGyDtDyD0FyDtC0AyBtCtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAzytDtD0FyByBtGtBtAtD0BtG0D0FyE0BtGyC0FzyyCtGyE0F0A0CzzyBtD0CyDtD0D0A2Q&cr=1502847906&ir="
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR DefaultSearchProvider: Default -> McAfee
    CHR DefaultSearchURL: Default -> https://uk.search.ya...p={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-27]
    CHR Extension: (Google Drive) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
    CHR Extension: (YouTube) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]
    CHR Extension: (Google Search) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-27]
    CHR Extension: (Block site) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-06-27]
    CHR Extension: (SiteAdvisor) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-27]
    CHR Extension: (Google Wallet) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
    CHR Extension: (Gmail) - C:\Users\Lorraine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-29]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
    R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)
    R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
    S2 Crypkey License; crypserv.exe [X]
    S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-14] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
    R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
    S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
    S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
    S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
    S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
    S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-14 03:56 - 2014-10-14 03:56 - 00026527 _____ () C:\Users\Lorraine\Downloads\FRST.txt
    2014-10-14 03:55 - 2014-10-14 03:55 - 02110464 _____ (Farbar) C:\Users\Lorraine\Downloads\FRST64.exe
    2014-10-14 03:43 - 2014-10-14 03:43 - 00000758 _____ () C:\Users\Lorraine\Documents\fixlist.txt
    2014-10-13 23:45 - 2014-10-13 23:45 - 00041393 _____ () C:\Users\Lorraine\Documents\FRST Addition 131014.txt
    2014-10-13 23:44 - 2014-10-13 23:44 - 00038408 _____ () C:\Users\Lorraine\Documents\FRST 131014.txt
    2014-10-13 23:01 - 2014-10-14 03:56 - 00000000 ____D () C:\FRST
    2014-10-13 18:47 - 2014-10-13 18:47 - 00002261 _____ () C:\Users\Lorraine\Documents\Malaware 131014.txt
    2014-10-13 10:03 - 2014-10-14 03:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-13 10:03 - 2014-10-13 10:03 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-13 10:03 - 2014-10-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-13 10:03 - 2014-10-13 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-13 10:03 - 2014-10-13 10:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-13 10:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-13 10:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-13 10:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-13 09:47 - 2014-10-13 10:01 - 00000000 ____D () C:\AdwCleaner
    2014-10-13 09:44 - 2014-10-13 09:44 - 00013570 _____ () C:\Users\Lorraine\Desktop\JRT.txt
    2014-10-13 09:38 - 2014-10-13 09:38 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-13 09:03 - 2014-10-13 09:03 - 00002064 _____ () C:\Users\Lorraine\Desktop\HijackThis.lnk
    2014-10-13 09:03 - 2014-10-13 09:03 - 00002064 _____ () C:\Users\Guest\Desktop\HijackThis.lnk
    2014-10-13 09:02 - 2014-10-13 09:02 - 00812344 _____ (Trend Micro Inc.) C:\Users\Lorraine\Downloads\HJTInstall.exe
    2014-10-10 09:08 - 2014-10-10 09:08 - 00007485 _____ () C:\Users\Lorraine\Documents\Shire tickets from CRASH.htm
    2014-10-09 02:36 - 2014-10-09 02:36 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-10-09 02:33 - 2014-10-09 02:33 - 19838824 _____ (SUPERAntiSpyware) C:\Users\Lorraine\Downloads\SUPERAntiSpyware.exe
    2014-10-09 02:29 - 2014-10-09 02:29 - 00015942 _____ () C:\Users\Lorraine\Downloads\hijackthis 091014.txt
    2014-10-09 02:28 - 2014-10-09 02:28 - 00015942 _____ () C:\Users\Lorraine\Downloads\hijackthis.log
    2014-10-09 02:27 - 2014-10-09 02:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lorraine\Downloads\HiJackThis.exe
    2014-10-09 02:01 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-09 02:01 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-09 01:04 - 2014-10-09 01:34 - 00000000 ____D () C:\SUPERDelete
    2014-10-09 00:27 - 2014-10-14 03:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-10-09 00:27 - 2014-10-09 00:27 - 00000000 ____D () C:\Users\Lorraine\AppData\Roaming\SUPERAntiSpyware.com
    2014-10-09 00:27 - 2014-10-09 00:27 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-10-08 23:44 - 2014-10-08 23:44 - 00002263 _____ () C:\Users\Lorraine\Documents\aswMBR081014 2.txt
    2014-10-08 23:44 - 2014-10-08 23:44 - 00000512 _____ () C:\Users\Lorraine\Documents\MBR.dat
    2014-10-08 23:29 - 2014-10-08 23:29 - 00000619 _____ () C:\Users\Lorraine\Documents\aswMBR 081014.txt
    2014-10-08 22:21 - 2014-10-13 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    2014-10-08 22:21 - 2014-10-08 22:21 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-10-08 21:46 - 2014-10-08 21:46 - 00017166 _____ () C:\Users\Lorraine\Documents\hijackthis 081014.txt
    2014-10-08 18:30 - 2014-10-08 18:30 - 00627656 _____ (ClickMeIn Limited) C:\Users\Lorraine\AppData\Local\nsb26A3.tmp
    2014-10-08 18:30 - 2014-10-08 18:30 - 00000000 ____D () C:\Users\Lorraine\AppData\Roaming\ap_movie
    2014-10-08 14:36 - 2014-10-08 20:54 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
    2014-10-08 14:36 - 2014-10-08 14:36 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\Bluestacks
    2014-10-08 14:35 - 2014-10-09 01:47 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\CronDesktopQuick
    2014-09-30 22:46 - 2014-10-02 17:53 - 00011696 _____ () C:\Users\Lorraine\Documents\Morris Bural records.xlsx
    2014-09-30 19:58 - 2014-10-14 03:31 - 00000560 _____ () C:\Windows\setupact.log
    2014-09-30 19:58 - 2014-10-13 09:58 - 00000974 _____ () C:\Windows\PFRO.log
    2014-09-30 19:58 - 2014-09-30 19:58 - 00000000 _____ () C:\Windows\setuperr.log
    2014-09-26 15:18 - 2014-09-26 15:18 - 00000000 ___RD () C:\Users\Lorraine\Documents\Notes
    2014-09-24 16:25 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-24 16:25 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-09-24 10:38 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
    2014-09-21 08:42 - 2014-10-09 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-09-21 08:40 - 2014-10-09 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-21 08:40 - 2014-09-21 08:40 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-09-21 08:39 - 2014-09-21 08:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-21 08:39 - 2014-09-21 08:40 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-21 08:39 - 2014-09-21 08:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-20 17:58 - 2014-09-20 17:58 - 00009068 _____ () C:\Users\Lorraine\Documents\Vessey FH addresses.xlsx
    2014-09-20 15:09 - 2014-09-20 15:09 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
    2014-09-20 15:09 - 2014-09-20 15:09 - 00003532 _____ () C:\Windows\System32\Tasks\iolo System Checkup
    2014-09-20 15:09 - 2014-09-20 15:09 - 00001146 _____ () C:\Users\Lorraine\Desktop\System Checkup.lnk
    2014-09-20 15:09 - 2014-09-20 15:09 - 00000000 ____D () C:\ProgramData\iolo
    2014-09-20 15:09 - 2014-09-20 15:09 - 00000000 ____D () C:\Program Files (x86)\iolo

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-14 03:54 - 2013-03-23 16:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-14 03:50 - 2014-06-27 09:45 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-14 03:50 - 2010-07-08 01:45 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C112D37-2E09-4D84-A861-D4B65D665401}
    2014-10-14 03:42 - 2010-08-17 08:56 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\Adobe
    2014-10-14 03:39 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-14 03:39 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-14 03:35 - 2010-04-18 22:46 - 01641918 _____ () C:\Windows\WindowsUpdate.log
    2014-10-14 03:32 - 2014-06-27 09:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-14 03:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-13 22:57 - 2010-11-05 21:04 - 00000258 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
    2014-10-11 22:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-10 18:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-09 02:37 - 2014-04-01 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-10-09 01:48 - 2010-07-07 23:28 - 00000000 ____D () C:\Users\Lorraine
    2014-10-09 01:47 - 2014-06-18 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-10-09 01:47 - 2013-12-17 11:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-10-09 01:47 - 2013-11-07 08:54 - 00000000 ____D () C:\Users\Guest
    2014-10-09 01:47 - 2010-09-09 00:27 - 00000000 ____D () C:\Users\Lorraine\Documents\Audible
    2014-10-09 01:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
    2014-10-09 01:46 - 2013-12-17 11:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-10-09 01:46 - 2010-03-04 11:09 - 00000000 __RHD () C:\MSOCache
    2014-10-08 20:31 - 2014-09-01 09:18 - 00000365 _____ () C:\Users\Lorraine\AppData\Roaming\TKYN
    2014-10-07 16:10 - 2010-11-09 22:27 - 00017046 _____ () C:\Users\Lorraine\AppData\Roaming\wklnhst.dat
    2014-10-07 16:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2014-10-07 16:07 - 2014-08-10 23:04 - 00000000 ____D () C:\Users\Lorraine\Documents\DISNEY DOLLAR
    2014-09-29 20:36 - 2010-08-25 17:50 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\CrashDumps
    2014-09-29 20:34 - 2011-02-18 03:42 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-09-29 20:34 - 2011-02-18 03:42 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-25 08:54 - 2014-06-27 09:46 - 00002069 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-09-25 07:57 - 2014-05-02 16:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-25 07:56 - 2012-12-03 14:43 - 00000000 ____D () C:\Users\Lorraine\AppData\Local\5769DD8A-2C9A-4A2E-AFA6-76DC3033A033.aplzod
    2014-09-25 07:55 - 2010-07-14 22:11 - 00000000 ____D () C:\Users\Lorraine\AppData\Roaming\Apple Computer
    2014-09-25 07:54 - 2013-03-23 16:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-25 07:54 - 2013-03-23 16:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-25 07:54 - 2011-12-08 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-24 10:37 - 2014-04-10 16:59 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-09-21 22:57 - 2010-07-18 07:26 - 00000000 ____D () C:\Users\Lorraine\Documents\Family Tree Maker
    2014-09-21 08:39 - 2010-09-29 07:45 - 00000000 ____D () C:\Program Files\iPod
    2014-09-15 20:42 - 2011-01-11 19:06 - 00000000 ____D () C:\Users\Lorraine\Documents\Outlook Files
    2014-09-15 08:22 - 2014-09-12 11:30 - 00010993 _____ () C:\Users\Lorraine\Documents\S and H Sept 2014.xlsx

    Some content of TEMP:
    ====================
    C:\Users\Lorraine\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lorraine\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-10 18:20

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
    Ran by Lorraine at 2014-10-14 03:57:15
    Running from C:\Users\Lorraine\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Adventures of Robinson Crusoe (HKLM-x32\...\{3552C8D8-7211-4F68-9B05-8413D1D780BB}) (Version: 1.00 - GSP)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
    eBay (HKLM-x32\...\{E1FFC21B-CB65-4C06-8FEA-16F47A4222FD}) (Version: 1.0.5 - eBay Inc.)
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    EPSON BX610FW Series Printer Uninstall (HKLM\...\EPSON BX610FW Series) (Version: - SEIKO EPSON Corporation)
    Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
    Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
    Epson Stylus Office BX610FW_Office TX610FW_SX610FW Manual (HKLM-x32\...\Epson Stylus Office BX610FW_Office TX610FW_SX610FW User’s Guide) (Version: - )
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
    EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
    Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.376 - Ancestry.com)
    Family Tree Maker 2011 (x32 Version: 20.0.376 - Ancestry.com) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
    iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - )
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
    McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
    McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
    MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
    MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
    System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.1.42 - iolo technologies, LLC)
    Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.06.64 - TOSHIBA Corporation)
    TOSHIBA Bulletin Board (Version: 1.5.06.64 - TOSHIBA Corporation) Hidden
    TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
    TOSHIBA eco Utility (x32 Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
    TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
    TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.18C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (x32 Version: 1.63.0.18C - TOSHIBA CORPORATION) Hidden
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
    Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
    Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.6.64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
    TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.08.64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (Version: 1.5.08.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
    TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden
    TOSHIBA TEMPRO (HKLM-x32\...\{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}) (Version: 3.34 - Toshiba Europe GmbH)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.34.64 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (Version: 1.2.34.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Value Added Package (x32 Version: 1.2.34.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
    Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
    Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
    Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Web Publishing Wizard (HKLM-x32\...\WebPost) (Version: - )
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    WinAVI Video Converter (HKLM-x32\...\WinAVI Video Converter_is1) (Version: - ZJ Computing, Inc.)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
    Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
    Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
    Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    21-09-2014 13:39:43 Scheduled Checkpoint
    24-09-2014 18:32:50 Windows Update
    01-10-2014 18:14:42 Windows Update
    09-10-2014 00:43:22 Restore Operation
    09-10-2014 01:41:03 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0FAD8604-AFAC-4191-BC8A-90C668EB737C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {116B9A30-A1D3-42A0-BA46-C481194CF312} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {26724F9C-3907-4F12-83DD-A10D7CD585E9} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
    Task: {39C6C3DE-324E-4C8D-B8DE-C91CCAF7F6F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
    Task: {44767B3A-7A3C-45D7-BA4C-A05376EE2BA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
    Task: {57214BBD-5C99-4854-BD0F-01DE3E46D189} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
    Task: {6A328535-FE7E-4A6C-B241-9CB0A0E838A0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
    Task: {7DD66C69-6AC3-48C1-82D0-87C9BB499FFD} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-09-20] ()
    Task: {7E329FED-C9E7-4D48-84EF-C5FF7D2E3A70} - System32\Tasks\{B12A8EEA-0FA6-46C3-8469-43AEEAAB1F27} => C:\Program Files (x86)\i-CD\UK-Info 2003 Lite\ukid.exe
    Task: {9CAB7051-DC4D-4430-9B51-1CDD872312E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
    Task: {9FD4E320-8164-4770-9E69-17CD8E3FA40B} - System32\Tasks\{EE7F264C-5C3D-473D-961D-1AF8EF297C0D} => C:\Program Files (x86)\i-CD\UK-Info 2003 Lite\ukid.exe
    Task: {AE011012-D792-434E-B6F6-8C9562AF6F91} - System32\Tasks\AdobeAAMUpdater-1.0-TOSH-Lorraine => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {B1B1DF58-1A2C-492F-B2C9-F5D4BAF68131} - System32\Tasks\{0C962CF9-DEBF-4833-A3FD-04F97A3A42AE} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.)
    Task: {C91892F5-204F-4970-A684-3A82857F12C6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {EA2AB158-9F6B-4D41-BCF8-55D21AA441BD} - System32\Tasks\{F91A92BF-BA44-4920-9929-D4A7C3D89115} => C:\Program Files (x86)\i-CD\UK-Info 2003 Lite\ukid.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2009-10-18 15:20 - 2009-10-18 15:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    2010-03-04 10:45 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
    2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
    2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
    2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-11-05 21:02 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    2010-11-05 21:02 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:397D67BA

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3277656702-3710866742-1113557967-500 - Administrator - Disabled)
    Guest (S-1-5-21-3277656702-3710866742-1113557967-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-3277656702-3710866742-1113557967-1002 - Limited - Enabled)
    Lorraine (S-1-5-21-3277656702-3710866742-1113557967-1000 - Administrator - Enabled) => C:\Users\Lorraine

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/14/2014 03:34:29 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bef426e3-fdff-4e4b-992f-ef7ac8d9448a}

    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 418628

    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 418628

    Error: (10/13/2014 11:12:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/13/2014 10:01:11 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {eda070ac-0e6c-4272-8aed-e687ad61d652}

    Error: (10/13/2014 09:53:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AdwCleaner.exe version 4.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1100

    Start Time: 01cfe6c25122afd1

    Termination Time: 16

    Application Path: C:\Users\Lorraine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8C615HG\AdwCleaner.exe

    Report Id:


    System errors:
    =============
    Error: (10/14/2014 03:32:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    NetworkX

    Error: (10/14/2014 03:31:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Crypkey License service failed to start due to the following error:
    %%2

    Error: (10/13/2014 09:59:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    NetworkX

    Error: (10/13/2014 09:58:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Crypkey License service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (10/14/2014 03:34:29 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bef426e3-fdff-4e4b-992f-ef7ac8d9448a}

    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 418628

    Error: (10/13/2014 11:12:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 418628

    Error: (10/13/2014 11:12:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/13/2014 10:01:11 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {eda070ac-0e6c-4272-8aed-e687ad61d652}

    Error: (10/13/2014 09:53:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: AdwCleaner.exe4.0.0.0110001cfe6c25122afd116C:\Users\Lorraine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8C615HG\AdwCleaner.exe


    ==================== Memory info ===========================

    Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
    Percentage of memory in use: 54%
    Total physical RAM: 3893.61 MB
    Available physical RAM: 1783.12 MB
    Total Pagefile: 7785.39 MB
    Available Pagefile: 5298.82 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:15.2 GB) NTFS
    Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:140.85 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AB8BD068)
    Partition 1: (Active) - (Size=400 MB) - (Type=27)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

      Advertisements

    Register to Remove


    #11 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 October 2014 - 05:29 AM

    Yes, go ahead and run the fix.  No need to delete the tools we are using, keep them all until where done then I will have you run a tool that will remove them all



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #12 lorrs58

    lorrs58

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 15 October 2014 - 03:26 PM

    Hi, sorry for the delay. It too me a while to fathom the instructions. I truly admit I am not as computer literate as I ought to be. Thanks for your patience. Here is the FRST FIXLIST log file as follows:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 02
    Ran by Lorraine at 2014-10-15 22:10:11 Run:1
    Running from C:\Users\Lorraine\Downloads
    Loaded Profile: Lorraine (Available profiles: Lorraine & Guest)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3
    CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=9BE283D927792D275AC5CB53E0ADE9E3", "hxxp://speedial.com/?f=1&a=spd_ir_14_21_ie&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyE0DyEzzyC0EyCtCzztDtN0D0Tzu0SzzyByDtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyCtD0FtB0ByEtCtGtA0DyD0CtG0B0A0F0CtGtDzyzzyDtGyDtDyD0FyDtC0AyBtCtByByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAzytDtD0FyByBtGtBtAtD0BtG0D0FyE0BtGyC0FzyyCtGyE0F0A0CzzyBtD0CyDtD0D0A2Q&cr=1502847906&ir="
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 864.9 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 October 2014 - 05:08 PM

    :thumbup:

     

    Your doing just fine.

     

    How is your system behaving now, still have pop up issues



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 lorrs58

    lorrs58

      New Member

    • Authentic Member
    • Pip
    • 7 posts

    Posted 16 October 2014 - 03:19 AM

    Hi, 

    Hurrah! No pop-ups.   The only slight problem I have has is the Windows update failed?  other than that, my computer is running O.K.  The nuisance pages on Chrome have disappeared.  Thank you very much.  Is it O.K to run the windows Fix-it to correct the update problem?



    #15 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 16 October 2014 - 04:08 AM

    You can try it, if it doesn't work I will link you to our windows forum that can help you with windows updates not working, let me know how it went



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users