Inactive-A Computer slowed to a halt, avg and malwarebytes keep freezing

Status
Not open for further replies.
Y

YoMamaPlays

Posts: 15   +0
It's been three days so far! My computer's been slowed right down to near useless (half an hour just to log in). I freaked as I hadn't backed up in forever, so I spent the first day just trying to log in and back everything up on an external hard drive. At first it would often freeze on startup, so after battling forever, and having to uninstall drivers and reinstall (at those speeds) I finally managed to transfer everything. After that I tried a system restore from safe mode, but each time I tried, it would tell me it didn't succeed because a file (changed randomly) failed. I've defragged and even pulled the laptop apart and cleaned out the fan in case that was the issue (it had needed it for ages) after that it was much faster on startup, but avg keeps freezing at 27%, malwarebytes freezes about 3/4 of the way through, Chrome often won't open or freezes up when starting, Ctrl alt delete won't bring up task manager (but I can still get in by a start menu search) and probably unrelated... But the fn button also doesn't work. When I bring up the task manager, it says 80 processes are running, although only about a dozen are listed, and while cpu usage is 0%, the physical memory is around 40%. I have finally managed to access internet explorer and download avast, but now it seems to be hanging at 8%! Please help?!
 
FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Angie (administrator) on SEXY (19-11-2015 06:26:33)
Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL2OQP4U
Loaded Profiles: Angie (Available Profiles: Angie & Dylan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-19] (AVAST Software)
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\MountPoints2: {511cc61e-acd8-11e3-b5bb-00a0c6000000} - E:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-19] (AVAST Software)
GroupPolicyUsers\S-1-5-21-2805473387-1554243729-575181077-1001\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{20655EBC-FB7C-4196-AC0D-DE706D11DDDA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B36F198F-F2F8-41B9-931F-7999DC95B017}: [DhcpNameServer] 10.4.182.22 10.4.81.105
Internet Explorer:
==================
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2805473387-1554243729-575181077-1000 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2805473387-1554243729-575181077-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=AU&ver=20&locale=en_AU&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2805473387-1554243729-575181077-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-19] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-19] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\75u9dyh1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-15] ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-19]
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Profile: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cards Against Originality) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\akccmajgihkbpjdmkceiamgkkplachhk [2015-04-23]
CHR Extension: (Digital painting tutorials) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpelenoiegfnfnnmakijehklfhkddhb [2013-08-30]
CHR Extension: (Google Docs) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (Missing e) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2013-08-30]
CHR Extension: (TV) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2013-08-30]
CHR Extension: (YouTube) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Facebook Theme Creator) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh [2014-10-12]
CHR Extension: (iCloud Bookmarks) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-24]
CHR Extension: (Google Docs Offline) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (AdBlock) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-09]
CHR Extension: (Pin It Button) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-27]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-26]
CHR Extension: (In My Head) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjghaijajcdnfbepmfmapepjcgkdehh [2013-08-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-08]
CHR Extension: (Clearly) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-06-14]
CHR Extension: (Google Forms) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-09-11]
CHR Extension: (Google Play) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-12]
CHR Extension: (Evernote Web) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-02]
CHR Extension: (Peanut Gallery) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbgfmofpkinopfbafkklckgbkojgknp [2013-08-30]
CHR Extension: (Skype Click to Call) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-03]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-11]
CHR Extension: (Tumblr Savior) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2015-05-02]
CHR Extension: (Facebook Themes (Facebook Style Gallery) App) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfegjlnijpeedheifelomiocbagekj [2015-03-04]
CHR Extension: (Psykopaint) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-03-20]
CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-08-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-19] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-19] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-14] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-31] (McAfee, Inc.)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-04] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [103792 2010-02-03] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-24] (Electronic Arts)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [126392 2009-08-25] (Symantec Corporation)
S2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-26] (iWin Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-19] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-19] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-19] (AVAST Software)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-11-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-19] (AVAST Software)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 06:21 - 2015-11-19 06:26 - 00000000 ____D C:\FRST
2015-11-19 01:28 - 2015-11-19 01:28 - 00003024 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1447856893
2015-11-19 01:28 - 2015-11-19 01:28 - 00001048 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-11-19 01:28 - 2015-11-19 01:28 - 00001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-11-19 01:27 - 2015-11-19 01:27 - 00147088 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
2015-11-19 01:27 - 2015-11-19 01:27 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2015-11-19 01:27 - 2015-11-19 01:23 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-11-19 01:25 - 2015-11-19 01:25 - 00001933 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-11-19 01:25 - 2015-11-19 01:25 - 00000000 ____D C:\Users\Angie\AppData\Roaming\AVAST Software
2015-11-19 01:25 - 2015-11-19 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-19 01:24 - 2015-11-19 01:27 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-19 01:24 - 2015-11-19 01:23 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00154256 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 00466400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-11-19 01:22 - 2015-11-19 01:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-19 01:21 - 2015-11-19 01:27 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-19 00:58 - 2015-11-19 00:58 - 00003244 _____ C:\windows\System32\Tasks\IORRT
2015-11-16 21:00 - 2015-11-16 21:02 - 00000000 ____D C:\Users\Angie\Desktop\TRANSFERRING TO BACKUP
2015-11-11 09:45 - 2015-11-11 12:35 - 00056127 _____ C:\Users\Angie\Documents\Do Not Smoke.fdx
2015-11-10 23:00 - 2015-11-10 23:00 - 00015448 ____H C:\Users\Angie\Documents\~WRL3558.tmp
2015-11-06 22:41 - 2015-11-06 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-06 22:41 - 2015-11-06 22:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-02 21:28 - 2015-11-02 21:28 - 00000383 _____ C:\ftconfig.ini
2015-11-02 10:05 - 2015-11-02 10:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-02 10:05 - 2015-11-02 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-02 10:03 - 2015-11-02 10:03 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Angie\Downloads\SkypeSetup (2).exe
2015-11-01 22:52 - 2015-11-01 22:53 - 00584288 _____ (Oracle Corporation) C:\Users\Angie\Downloads\chromeinstall-8u65.exe
2015-10-26 16:41 - 2015-10-27 10:08 - 00016616 ____H C:\Users\Angie\Desktop\~WRL0993.tmp
2015-10-25 16:34 - 2015-10-25 16:37 - 00000000 ____D C:\Program Files (x86)\MCSkin3D
2015-10-25 16:34 - 2015-10-25 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCSkin3D
2015-10-25 16:28 - 2015-10-25 16:32 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2015-10-25 16:28 - 2015-10-25 16:29 - 02045882 _____ (Altered Softworks & MCSkin3D Development Team ) C:\Users\Angie\Downloads\mcskin3d_1_3.exe
2015-10-25 16:06 - 2015-10-25 16:09 - 03602752 _____ (Informer Technologies, Inc. ) C:\Users\Angie\Downloads\siinst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 05:40 - 2013-08-30 22:58 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 05:40 - 2013-08-30 22:58 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 05:40 - 2012-11-15 03:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-19 05:40 - 2009-07-14 16:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-19 05:39 - 2009-07-14 15:51 - 00139752 _____ C:\windows\setupact.log
2015-11-19 02:14 - 2015-02-09 22:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-19 01:58 - 2009-07-14 15:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 01:57 - 2009-07-14 15:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 01:54 - 2012-11-15 03:30 - 01355564 _____ C:\windows\WindowsUpdate.log
2015-11-19 01:42 - 2010-11-21 14:47 - 01717958 _____ C:\windows\PFRO.log
2015-11-18 23:49 - 2015-03-02 01:34 - 00000000 ____D C:\ProgramData\MFAData
2015-11-18 22:49 - 2015-07-03 17:49 - 00000366 _____ C:\windows\Tasks\LightningDisk.job
2015-11-18 22:24 - 2015-03-02 00:17 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-18 21:06 - 2009-07-14 16:13 - 00779080 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-17 07:25 - 2013-09-14 15:04 - 00000000 ____D C:\Users\Angie\AppData\Local\CrashDumps
2015-11-16 23:53 - 2015-02-27 11:54 - 00000000 ____D C:\windows\pss
2015-11-16 22:25 - 2015-03-02 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-16 19:04 - 2013-10-07 18:38 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Skype
2015-11-11 22:13 - 2015-02-09 22:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 22:13 - 2014-03-01 10:36 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 22:13 - 2014-03-01 10:36 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 21:26 - 2014-08-28 22:44 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-10 10:47 - 2009-07-14 16:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-11-03 19:03 - 2013-08-30 23:57 - 00000000 ____D C:\Users\Angie\AppData\Local\Tific
2015-11-02 10:06 - 2012-11-15 04:13 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-06-03 23:34 - 2015-06-03 23:34 - 0002148 _____ () C:\Users\Angie\AppData\Local\recently-used.xbel
2015-02-27 11:38 - 2015-02-27 11:38 - 0007605 _____ () C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
2014-04-19 19:31 - 2014-04-19 19:31 - 0000025 ____H () C:\ProgramData\.811261211181235583101118113995
2015-06-22 01:15 - 2015-04-23 01:15 - 0000032 ____R () C:\ProgramData\hash.dat
Files to move or delete:
====================
C:\ProgramData\hash.dat

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 08:20
==================== End of FRST.txt ============================
 
ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by Angie (2015-11-19 06:27:58)
Running from C:\Users\Angie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL2OQP4U
Windows 7 Professional Service Pack 1 (X64) (2013-08-30 05:25:54)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2805473387-1554243729-575181077-500 - Administrator - Disabled)
Angie (S-1-5-21-2805473387-1554243729-575181077-1000 - Administrator - Enabled) => C:\Users\Angie
Dylan (S-1-5-21-2805473387-1554243729-575181077-1001 - Limited - Enabled) => C:\Users\Dylan
Guest (S-1-5-21-2805473387-1554243729-575181077-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.2.1655 - Open Media LLC)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audio Amplifier Pro (HKLM-x32\...\Audio Amplifier Pro_is1) (Version: - DanDans Digital Media)
Avast Premier (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4460 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BitTorrent (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Adventures (HKLM-x32\...\Bookworm Adventures) (Version: 1.0.0.1 - Pogo.com)
Bookworm Adventures Deluxe (HKLM-x32\...\Steam App 3470) (Version: - PopCap Games, Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - )
ClipGrab 3.5.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Faerie Solitaire (HKLM-x32\...\Steam App 38600) (Version: - Subsoap)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
MCSkin3D version 1.3 (HKLM-x32\...\{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1) (Version: 1.3 - Altered Softworks & MCSkin3D Development Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Multi-Function Suite DocuPrint M225 dw (HKLM-x32\...\{10D98D84-A981-4433-BE8F-0B6F944E27A9}) (Version: 1.0.0.0 - Fuji Xerox)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17242 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.202 - Symantec Corporation)
NVIDIA 3D Vision Driver 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Graphics Driver 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Puzzle Pirates (HKLM-x32\...\Steam App 99910) (Version: - Three Rings)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SafeZone Stable 1.46.1990.55 (x32 Version: 1.46.1990.55 - Avast Software) Hidden
Seduce Me the Otome (HKLM-x32\...\Steam App 367120) (Version: - Michaela Laws)
Shadowgate (HKLM-x32\...\Steam App 294440) (Version: - Zojoi)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SmartPixel (HKLM-x32\...\SmartPixel) (Version: 3.2.0.0 - Beyond Magic Limited)
Smilebox (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Smilebox) (Version: 1.0.0.28509 - Smilebox, Inc.)
Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version: - Lag Studios)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Telstra Mobile Broadband Manager (HKLM-x32\...\Telstra Mobile Broadband Manager) (Version: 3.0.514 - Telstra)
Telstra Mobile Broadband Manager (x32 Version: 3.0.514 - Telstra) Hidden
The Old Tree (HKLM-x32\...\Steam App 346250) (Version: - Red Dwarf Games)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TreeSize Personal V6.2.2 (HKLM-x32\...\TreeSize Personal_is1) (Version: 6.2.2 - JAM Software)
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) (HKLM\...\51208688C66699298C32E38B6BFF92816EE798CA) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem (06/08/2007 2.0.3.9) (HKLM\...\7404D4336C2B621F88A2B25CE6577572A8BBD25A) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Driver Package - Cmotech Ports (06/08/2007 2.0.3.9) (HKLM\...\2021A90B4F2D70AB98CFBF428E09767703FD455E) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
Wrath of Athena (HKLM-x32\...\Steam App 373100) (Version: - Kuuplay)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2805473387-1554243729-575181077-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
==================== Restore Points =========================
19-11-2015 01:24:29 Device Driver Package Install: Avast Network Service
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 13:34 - 2015-11-06 22:41 - 00000856 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1001F278-3453-4DD4-87DD-B638D451391B} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-08-25] ()
Task: {1710ABF6-1D12-4473-A30B-92938EE9DF3D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {28E927E9-1107-4F3F-B763-94642FA5EB66} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-08-25] ()
Task: {44455E58-5A96-4F3E-B658-7C9BA04CD363} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {449967A8-6446-4E2C-A6B7-8EF87FB79C2E} - System32\Tasks\SafeZone scheduled Autoupdate 1447856893 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-10-30] (Avast Software)
Task: {53B75EF8-9154-4A3D-9B66-8D30D163D502} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier Edition\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {634CF5FA-ED84-4CCF-A6C6-256E78E92755} - System32\Tasks\LightningDisk => c:\programdata\{f7c53224-dec9-3ab8-f7c5-53224decc893}\download.exe-1435906117323.exe <==== ATTENTION
Task: {7FE62A04-5F9B-4EDE-AD16-5A9CBF562C0B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {9B6556DF-1A09-476F-8827-0399ED3B8C57} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {9C58128B-73C9-49EC-973A-A96EC521E312} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {A2A48C64-0AB1-42EF-88A5-D5A49E053E9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A752B3F3-9F9B-4B73-ABE3-E8420A66EA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C1EDB5F3-96ED-4C5D-BD6E-92BCD1FA45D6} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2013-03-26] (iWin Inc.)
Task: {E24CCEB6-493A-4E87-B360-446B63834EB3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {E4F774AF-5F22-4DA6-B998-8C1C2C7B7D86} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {FB3632AF-F251-4691-AFF0-D15FCF5D8B05} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-19] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\LightningDisk.job => c:\programdata\{f7c53224-dec9-3ab8-f7c5-53224decc893}\download.exe-1435906117323.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Angie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
MSCONFIG\startupreg: BitTorrent => "C:\Users\Angie\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonOnlineBackup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Angie\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{845FF630-7CD1-48E7-A311-CA7EDE5E80B5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D3CC0871-0A84-4C73-99D6-3FB4BA9C409A}] => (Allow) LPort=2869
FirewallRules: [{97EB71FB-9C28-4399-ADE9-F36FF461491C}] => (Allow) LPort=1900
FirewallRules: [{614AC1EA-0F41-4EF3-84D1-E9DEF8F3D778}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A274B17A-4541-48BC-B3EF-ED966850D39A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{17A53099-5993-40A9-9656-47F6E68A364F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{76AF4005-39F3-4CEA-B497-A1D63A563C93}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{4E1BED4D-FFF6-485A-B06F-AC920CEE8435}] => (Allow) C:\Users\Angie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F41336A3-9347-4B80-935A-D297B22F74B3}] => (Allow) C:\Users\Angie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5B0A85C0-3B11-454F-968B-3B9AA65B4EBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AF1E1F3C-923B-4EB9-9D70-6956B3C246C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3825E10-8108-4D9D-B82D-A38036EF9895}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C13F56F-E4C8-45A8-8155-24FBFC64F7FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E195A282-78CA-49A3-ACCC-18E79A95583F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2EB7AA3B-5AAB-4902-B061-2C96C6730D9C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9005809-075A-4294-B53F-31676CA2CCEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{335E02EB-A578-4A5F-83DE-DCEDAE200646}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{DF01718D-5364-4C7D-9205-08FCB757DD8A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{ADB1C436-E0FA-4779-AF8A-2C687C5BB0CD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D42C65A4-7502-47BE-A1E4-36DB4C99F0E7}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{1D0459A5-3523-4C8C-AB60-9988DB06276D}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{3EAB8EE2-B52C-4362-B115-EAE010046B34}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{AFF70090-4B98-4B5C-9E58-7FAC54F54D59}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{2D16CF35-F4D9-4CF9-8CDA-1F164BE44712}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{459AA28C-7627-4CCD-92FB-B97C4752D050}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{059CAB9B-17EA-462F-91DA-53D420D8E79D}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{51B1A664-51F4-40BF-928E-2B43AC697B29}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{71290DB5-E782-441B-B388-92ABA3F387A7}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{AE06D993-FDBC-4165-8D48-3A7E7BBFE87B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1EBF9EF-E536-462A-AAEF-6EE8B9338223}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{961FAD7A-B8D2-4A30-B495-6085308D2D5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{B7005588-EE4E-4736-B789-70BBDF9B4775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{E0E4A05A-D11A-43F0-AD18-491BC57C5677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{776D1282-5172-4FEE-9F95-8C78ADF98A5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{A0A11797-76C0-4B89-9B60-50A04910C6A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faerie Solitaire\FaerieSolitaire.exe
FirewallRules: [{F7201153-AF80-440B-80CA-875E07C42D2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faerie Solitaire\FaerieSolitaire.exe
FirewallRules: [{E559A193-8F4F-427E-A54C-760F644CE76A}] => (Allow) C:\Users\Angie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A35153FF-3D74-4820-BF80-A85A03995E58}] => (Allow) C:\Users\Angie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8BD94B84-26FA-4260-A6C1-6818C07293E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{756EA50B-C74B-4E1E-83BE-E145B41F9CBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{2593148F-A407-41F3-A677-916B52FD0416}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{2CE7A880-6AD7-4D65-B5EA-3E76A245E67B}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{1B6E78BF-F3FF-4CC6-B004-6E2EECFDD5B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{0327D9A6-AC17-4CE3-92F9-767F88E69602}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{80D5EE68-4580-440B-8979-F2D203B29294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Old Tree\TheOldTree.exe
FirewallRules: [{27F3A24E-B8AF-435E-8E98-1349BE733AF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Old Tree\TheOldTree.exe
FirewallRules: [{2D3B693D-6939-4CE8-83D9-E4D233847013}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2AB8215E-0FD7-4558-9313-AB4FAF9B6B2E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{29073A72-8A60-424F-B675-459CD3EA5361}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{5453B8DE-F31C-4FFD-93B9-9FD094CA9D5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{A83555D9-83ED-4A44-A4CC-94993ED70F2D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5A436FD2-62A6-4885-8ACD-A5BF03BD7C51}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5CA55047-B819-460A-93EF-4007732C4187}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{311474B2-1C55-4E2D-8A1A-B805CC1A4D3D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F1FFB37F-5D18-44F1-A7DA-AEEBA4127721}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69F48567-CE80-4810-B7DD-B270C9E6746E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A9D1351E-A8DC-4819-BB48-1122F367C236}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EC0690E6-B13E-4011-88F4-73573BE8F7C3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7982B085-7846-4424-9982-BEECDEC531FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{DF3B17A0-95C0-4BD3-B7C0-A3018B9ACD3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{946F88EE-2D4C-49AF-985B-857E9BDA3D19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{98A3B745-86D9-4EBF-A9EC-E53F46402C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{BE4AFFBD-F4FD-4935-9CD7-87AAA90BD95B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{F2387D93-33D2-46BB-937E-748558382E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{E7C2589A-DFFE-4927-8C75-743E529D905F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{0B94DB24-28AF-4CFA-900C-7D73194E2DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{AEC05DDD-F6B6-48DC-98A0-18880B8852E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Pirates\java_vm\bin\javaw.exe
FirewallRules: [{1BC46398-24BC-4027-9969-828A409E540F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Pirates\java_vm\bin\javaw.exe
FirewallRules: [{D9C5E019-4FB5-419A-A03E-15EC41B37460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Editor.exe
FirewallRules: [{4E12AD5C-FCE2-4B7B-AFED-2A8C1DF7A495}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Editor.exe
FirewallRules: [{1EE2256D-1B02-4930-A9C6-A90A9F273BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{3788676D-ACA3-40E8-A85C-7EB165573156}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{0F17BEE1-EB81-4BD5-AEF2-DB8B6557FEA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{3306D4FE-7C55-4567-8944-6FE6D7A8E789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{A8127020-D948-49EE-95B4-A0956CBBE00B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wrath of Athena\WrathOfAthena.exe
FirewallRules: [{A3AC6BE5-733E-496E-9627-DBEFADBC35E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wrath of Athena\WrathOfAthena.exe
FirewallRules: [{643A24A2-FD36-483C-937A-F7323BF4151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{0B13E083-4B62-4B95-84A4-79A32327F6A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{9E8B2F66-74A2-4655-9348-5141E3AE14A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A8CC437E-5728-48C4-9AB1-F36C6EDA6C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{F1DB521C-0B86-4B34-BAF1-1876B49D514C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{DA6B9ABF-BC1E-4D9E-ABFD-4A40120C0661}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [TCP Query User{4AC4B2EB-328E-47A4-A114-88C1237CBDA4}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{2CC81009-07EF-41AD-B565-25F9789CC041}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [{59628080-B266-4900-937D-1A0B202F63F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{15254B03-7128-4436-A00C-39CB910988D8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D380F31A-446C-4BFD-BF47-BEA0FF2C0F7C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5F6051D2-9865-4373-9ACA-97B8C013A8C7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6319560B-D6E4-461D-8D12-0FE5C17CB97F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6F1DBB14-4CB6-4D93-9E1C-5283612701CD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{54680097-DBBF-44CA-B252-EF9CBB7B1AEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: USB Camera
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/19/2015 05:46:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 02:17:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 01:49:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 01:44:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 01:00:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (11/19/2015 01:00:28 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (11/19/2015 00:58:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2015 10:21:40 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (11/18/2015 10:21:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (11/18/2015 10:18:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/19/2015 06:01:59 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fsssvc{9A027D9F-AE6D-4116-AE94-BAB878D7EE47}
Error: (11/19/2015 05:46:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
Error: (11/19/2015 05:45:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (11/19/2015 05:45:17 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (11/19/2015 05:45:15 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (11/19/2015 05:45:07 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (11/19/2015 05:45:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\windows\system32\athihvs.dll
Error Code: 21
Error: (11/19/2015 05:44:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
Avgdiska
AVGIDSDriver
Avgldx64
Avgloga
ccSet_NST
discache
spldr
Tosrfcom
vpcvmm
Wanarpv6
Error: (11/19/2015 05:44:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068
Error: (11/19/2015 05:44:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:42:47 AM on ‎19/‎11/‎2015 was unexpected.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 20%
Total physical RAM: 4077.86 MB
Available physical RAM: 3230.57 MB
Total Virtual: 8153.9 MB
Available Virtual: 7352.21 MB
==================== Drives ================================
Drive c: (S3A4487D001) (Fixed) (Total:580.54 GB) (Free:148.1 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 9FBDE6B3)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.2 GB) - (Type=17)
==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

redtarget.gif
You're running two AV programs, Avast and AVG.
You must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Sorry to say, but there seemed to be an issue with every step.

I uninstalled AVG with the AVG Remover. This worked fine, but when it automatically restarted the computer afterwards, it restarted in Normal mode, and I got the BSOD D:

I was able to restart again in Safe Mode.

ROGUEKILLER crashed halfway through, on C\Windows\sysWOW64\NlsData0816.dll several times. There is no .txt for it that I can find.

MALWAREBYTES the program froze, as before, freezing my computer as well, and forcing me to do a force restart. I do, however, have the txt for the last three scans...

19-11-2015
Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 19/11/2015 12:57 AM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 19/11/2015 12:57 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 19/11/2015 12:57 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Error, 19/11/2015 1:48 AM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 19/11/2015 1:48 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 19/11/2015 1:48 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Error, 19/11/2015 2:16 AM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 19/11/2015 2:16 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 19/11/2015 2:16 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Error, 19/11/2015 5:40 AM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 19/11/2015 5:40 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 19/11/2015 5:40 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Update, 19/11/2015 12:46 PM, SYSTEM, SEXY, Manual, Rootkit Database, 2015.9.18.1, 2015.11.14.1,
Update, 19/11/2015 12:46 PM, SYSTEM, SEXY, Manual, Remediation Database, 2015.9.16.1, 2015.11.18.1,
Update, 19/11/2015 12:46 PM, SYSTEM, SEXY, Manual, IP Database, 2015.9.21.2, 2015.11.18.1,
Update, 19/11/2015 12:46 PM, SYSTEM, SEXY, Manual, Domain Database, 2015.9.22.3, 2015.11.18.6,
Update, 19/11/2015 12:47 PM, SYSTEM, SEXY, Manual, Malware Database, 2015.9.22.5, 2015.11.18.8,
(end)
.

18-11-2015
Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 18/11/2015 9:01 PM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 18/11/2015 9:01 PM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 18/11/2015 9:01 PM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Error, 18/11/2015 10:06 PM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 18/11/2015 10:06 PM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 18/11/2015 10:06 PM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Error, 18/11/2015 10:18 PM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 18/11/2015 10:18 PM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 18/11/2015 10:18 PM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Update, 18/11/2015 10:22 PM, SYSTEM, SEXY, Manual, Remediation Database, 2015.7.20.1, 2015.11.17.1,
Update, 18/11/2015 10:22 PM, SYSTEM, SEXY, Manual, IP Database, 2015.6.12.1, 2015.11.17.3,
Update, 18/11/2015 10:22 PM, SYSTEM, SEXY, Manual, Rootkit Database, 2015.7.17.1, 2015.11.14.1,
Update, 18/11/2015 10:22 PM, SYSTEM, SEXY, Manual, Domain Database, 2015.6.12.1, 2015.11.17.4,
Update, 18/11/2015 10:22 PM, SYSTEM, SEXY, Manual, Malware Database, 2015.7.21.3, 2015.11.18.3,
Update, 18/11/2015 10:24 PM, SYSTEM, SEXY, Manual, program, 2.1.6.1022, 2.2.0.0,
(end)


17-11-2015

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 17/11/2015 12:56 AM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 17/11/2015 12:56 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 17/11/2015 12:56 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
Error, 17/11/2015 8:47 AM, SYSTEM, SEXY, Protection, IsLicensed, 13,
Protection, 17/11/2015 8:47 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopping,
Protection, 17/11/2015 8:47 AM, SYSTEM, SEXY, Protection, Malware Protection, Stopped,
(end)

ADWCLEANER there was no txt file when it restarted. I was unable to find any kind of logfile in the program, however, there was nothing listed as suspicious before it restarted (I don't now if it was supposed to list it's findings like other programs do)


JUNKWARE REMOVAL TOOL Even though I right clicked and chose Run as Administrator, I received this message:

"If you wish to run with administrator privileges, please close this and select run as administrator. If you wish to run without administrator privileges, please hit any key to continue" After several attempts, I still pressed a key to continue. I then received another message:

"restore point... FAILED 0x8007043C
The tool failed to create a restore point!"

Again, I continued anyway.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 7 Professional x64
Ran by Angie (Limited) on Thu 19/11/2015 at 13:41:57.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1
Successfully deleted: C:\windows\system32\Tasks\IORRT (Task)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 19/11/2015 at 13:43:22.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Also, yes, I named my computer SEXY... it's a really pretty computer...

Thank you so much for your time, sorry this one is being difficult at every turn!
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 15-11-17.01 - Angie 19/11/2015 17:12:27.1.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.4078.3269 [GMT 11:00]
Running from: c:\users\Angie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: AVG Internet Security 2015 *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Angie\Documents\~WRL3558.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-10-19 to 2015-11-19 )))))))))))))))))))))))))))))))
.
.
2015-11-19 06:19 . 2015-11-19 06:19 -------- d-----w- c:\users\Dylan\AppData\Local\temp
2015-11-19 06:19 . 2015-11-19 06:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-19 02:19 . 2015-11-19 02:23 -------- d-----w- C:\AdwCleaner
2015-11-19 01:18 . 2015-11-19 01:18 478392 ----a-w- c:\windows\system32\drivers\B04F67D4.sys
2015-11-19 01:18 . 2015-11-19 01:18 -------- d-----w- C:\KVRT_Data
2015-11-18 20:54 . 2015-11-19 02:51 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-18 20:54 . 2015-11-19 03:07 -------- d-----w- c:\programdata\RogueKiller
2015-11-18 19:33 . 2015-03-31 08:55 50288 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2015-11-18 19:33 . 2015-03-31 08:55 20592 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2015-11-18 19:33 . 2015-03-31 08:55 109680 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2015-11-18 19:21 . 2015-11-18 19:28 -------- d-----w- C:\FRST
2015-11-18 14:27 . 2015-11-18 14:27 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-11-18 14:27 . 2015-11-18 14:27 147088 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-11-06 11:41 . 2015-11-06 11:41 -------- d-----w- c:\program files\McAfee Security Scan
2015-11-01 23:05 . 2015-11-01 23:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-11-01 23:05 . 2015-11-01 23:12 -------- d-----r- c:\program files (x86)\Skype
2015-10-25 05:34 . 2015-10-25 05:37 -------- d-----w- c:\program files (x86)\MCSkin3D
2015-10-25 05:28 . 2015-10-25 05:32 -------- d-----w- c:\programdata\Informer Technologies, Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-19 05:56 . 2015-03-01 13:17 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-11 11:13 . 2014-02-28 23:36 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 11:13 . 2014-02-28 23:36 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-04 22:50 . 2015-03-01 13:16 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-04 22:50 . 2015-03-01 13:16 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-04 22:50 . 2015-03-01 13:16 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-18 7004376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"{621BAAED-7B19-42A7-AA04-7217716FF5D2}"="start" [X]
"AvgRemover"="c:\users\Angie\Downloads\avg_remover_stf_x64_2015_5501.exe" [2015-11-19 3681088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\B04F67D4.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [x]
R2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.226\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.226\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 B04F67D4;B04F67D4;c:\windows\system32\drivers\B04F67D4.sys;c:\windows\SYSNATIVE\drivers\B04F67D4.sys [x]
S0 ngvss;ngvss; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-11 21:00 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-28 11:13]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-30 06:46]
.
2015-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-30 06:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-11-18 14:23 870744 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\75u9dyh1.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
SafeBoot-36349792.sys
SafeBoot-MBAMSwissArmy
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1 - c:\program files (x86)\ClipGrab\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-19 17:21:53
ComboFix-quarantined-files.txt 2015-11-19 06:21
.
Pre-Run: 158,690,258,944 bytes free
Post-Run: 158,749,712,384 bytes free
.
- - End Of File - - 3250B7ECAD36B5C28526644087BBAA06
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
Ran by Angie (administrator) on SEXY (20-11-2015 09:31:52)
Running from C:\Users\Angie\Desktop
Loaded Profiles: Angie (Available Profiles: Angie & Dylan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-19] (AVAST Software)
HKLM-x32\...\RunOnce: [{621BAAED-7B19-42A7-AA04-7217716FF5D2}] => cmd.exe /C start /D "C:\Users\Angie\AppData\Local\Temp" /B {621BAAED-7B19-42A7-AA04-7217716FF5D2}.exe -accepteula -postboot
HKLM-x32\...\RunOnce: [AvgRemover] => C:\Users\Angie\Downloads\avg_remover_stf_x64_2015_5501.exe [3681088 2015-11-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-19] (AVAST Software)
GroupPolicyUsers\S-1-5-21-2805473387-1554243729-575181077-1001\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{20655EBC-FB7C-4196-AC0D-DE706D11DDDA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B36F198F-F2F8-41B9-931F-7999DC95B017}: [DhcpNameServer] 10.4.182.22 10.4.81.105
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2805473387-1554243729-575181077-1000 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2805473387-1554243729-575181077-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-19] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-19] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-27] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\75u9dyh1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-15] ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-19]
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Profile: C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cards Against Originality) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\akccmajgihkbpjdmkceiamgkkplachhk [2015-04-23]
CHR Extension: (Digital painting tutorials) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpelenoiegfnfnnmakijehklfhkddhb [2013-08-30]
CHR Extension: (Google Docs) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (TV) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2013-08-30]
CHR Extension: (YouTube) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Facebook Theme Creator) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh [2014-10-12]
CHR Extension: (iCloud Bookmarks) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-24]
CHR Extension: (Google Docs Offline) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-19]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-26]
CHR Extension: (In My Head) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjghaijajcdnfbepmfmapepjcgkdehh [2013-08-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-08]
CHR Extension: (Clearly) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-06-14]
CHR Extension: (Google Forms) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-09-11]
CHR Extension: (Google Play) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-12]
CHR Extension: (Peanut Gallery) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbgfmofpkinopfbafkklckgbkojgknp [2013-08-30]
CHR Extension: (Skype Click to Call) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-03]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-11]
CHR Extension: (Tumblr Savior) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2015-05-02]
CHR Extension: (Facebook Themes (Facebook Style Gallery) App) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklfegjlnijpeedheifelomiocbagekj [2015-03-04]
CHR Extension: (Psykopaint) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-03-20]
CHR Extension: (Gmail) - C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-08-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-19] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-11-19] (AVAST Software)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-14] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-31] (McAfee, Inc.)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-04] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [103792 2010-02-03] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-24] (Electronic Arts)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [126392 2009-08-25] (Symantec Corporation)
S2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-26] (iWin Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-11-19] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-19] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-19] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-19] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-19] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-19] (AVAST Software)
R0 B04F67D4; C:\Windows\System32\drivers\B04F67D4.sys [478392 2015-11-19] (Kaspersky Lab ZAO)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-19] (AVAST Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-20 09:31 - 2015-11-20 09:32 - 00023287 _____ C:\Users\Angie\Desktop\FRST.txt
2015-11-20 09:31 - 2015-11-20 09:31 - 02020352 _____ (Farbar) C:\Users\Angie\Desktop\FRST64.exe
2015-11-19 17:21 - 2015-11-19 17:21 - 00024332 _____ C:\ComboFix.txt
2015-11-19 17:10 - 2015-11-19 17:21 - 00000000 ____D C:\Qoobox
2015-11-19 17:10 - 2011-06-26 17:45 - 00256000 _____ C:\windows\PEV.exe
2015-11-19 17:10 - 2010-11-08 04:20 - 00208896 _____ C:\windows\MBR.exe
2015-11-19 17:10 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00098816 _____ C:\windows\sed.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00080412 _____ C:\windows\grep.exe
2015-11-19 17:10 - 2000-08-31 11:00 - 00068096 _____ C:\windows\zip.exe
2015-11-19 17:09 - 2015-11-19 17:20 - 00000000 ____D C:\windows\erdnt
2015-11-19 17:06 - 2015-11-19 17:06 - 05639131 ____R (Swearware) C:\Users\Angie\Desktop\ComboFix.exe
2015-11-19 14:21 - 2015-11-19 14:21 - 00005882 _____ C:\Users\Angie\Desktop\techspot message.txt
2015-11-19 13:50 - 2015-11-19 13:50 - 19740232 _____ C:\Users\Angie\Downloads\RogueKiller (1).exe
2015-11-19 13:43 - 2015-11-19 13:43 - 00000618 _____ C:\Users\Angie\Desktop\JRT.txt
2015-11-19 13:40 - 2015-11-19 13:40 - 01599080 _____ (Malwarebytes) C:\Users\Angie\Downloads\JRT (1).exe
2015-11-19 13:32 - 2015-11-19 13:32 - 01599080 _____ (Malwarebytes) C:\Users\Angie\Downloads\JRT.exe
2015-11-19 13:19 - 2015-11-19 13:23 - 00000000 ____D C:\AdwCleaner
2015-11-19 13:19 - 2015-11-19 13:19 - 01732096 _____ C:\Users\Angie\Downloads\adwcleaner_5.021.exe
2015-11-19 13:18 - 2015-11-19 13:18 - 00000563 _____ C:\Users\Angie\Desktop\malware bytes scan 17-11-2015.txt
2015-11-19 13:17 - 2015-11-19 13:17 - 00001387 _____ C:\Users\Angie\Desktop\malware bytes scan 18-11-2015.txt
2015-11-19 13:16 - 2015-11-19 13:16 - 00001551 _____ C:\Users\Angie\Desktop\malware bytes scan 19-11-2015.txt
2015-11-19 12:46 - 2015-11-19 12:46 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-19 12:39 - 2015-11-19 12:39 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Angie\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-11-19 12:39 - 2015-11-19 12:39 - 00385390 _____ C:\Users\Angie\Downloads\avgremover.log
2015-11-19 12:35 - 2015-11-19 12:35 - 19740232 _____ C:\Users\Angie\Downloads\RogueKiller.exe
2015-11-19 12:30 - 2015-11-19 12:31 - 00000000 ____D C:\Users\Angie\Desktop\WTF files
2015-11-19 12:29 - 2015-11-19 12:29 - 00299944 _____ C:\windows\Minidump\111915-20826-01.dmp
2015-11-19 12:18 - 2015-11-19 12:18 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\B04F67D4.sys
2015-11-19 12:18 - 2015-11-19 12:18 - 00000000 ____D C:\KVRT_Data
2015-11-19 12:14 - 2015-11-19 12:18 - 94833832 _____ (Kaspersky Lab ZAO) C:\Users\Angie\Downloads\KVRT.exe
2015-11-19 12:00 - 2015-11-19 12:00 - 00002142 _____ C:\Users\Angie\Desktop\GMER log.log
2015-11-19 11:46 - 2015-11-19 11:46 - 00117086 _____ C:\Users\Angie\Desktop\OTL.Txt
2015-11-19 11:45 - 2015-11-19 11:45 - 00117086 _____ C:\Users\Angie\Downloads\OTL.Txt
2015-11-19 11:45 - 2015-11-19 11:45 - 00093110 _____ C:\Users\Angie\Downloads\Extras.Txt
2015-11-19 11:44 - 2015-11-19 11:44 - 00370943 _____ C:\Users\Angie\Desktop\gmer.zip
2015-11-19 11:44 - 2015-11-19 11:44 - 00000000 ____D C:\Users\Angie\Desktop\gmer
2015-11-19 11:37 - 2015-11-19 11:37 - 00602112 _____ (OldTimer Tools) C:\Users\Angie\Downloads\OTL.exe
2015-11-19 07:54 - 2015-11-19 14:07 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-19 07:54 - 2015-11-19 13:51 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-11-19 06:21 - 2015-11-20 09:31 - 00000000 ____D C:\FRST
2015-11-19 01:28 - 2015-11-19 01:28 - 00003024 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1447856893
2015-11-19 01:28 - 2015-11-19 01:28 - 00001048 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-11-19 01:28 - 2015-11-19 01:28 - 00001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-11-19 01:27 - 2015-11-19 01:27 - 00147088 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
2015-11-19 01:27 - 2015-11-19 01:27 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2015-11-19 01:27 - 2015-11-19 01:23 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-11-19 01:25 - 2015-11-19 16:55 - 00002086 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-11-19 01:25 - 2015-11-19 01:25 - 00000000 ____D C:\Users\Angie\AppData\Roaming\AVAST Software
2015-11-19 01:25 - 2015-11-19 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-19 01:24 - 2015-11-19 01:27 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-19 01:24 - 2015-11-19 01:23 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00154256 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-11-19 01:24 - 2015-11-19 01:23 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 00466400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-11-19 01:23 - 2015-11-19 01:23 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-11-19 01:22 - 2015-11-19 01:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-19 01:21 - 2015-11-19 01:27 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-19 00:58 - 2015-11-19 00:58 - 00003244 _____ C:\windows\System32\Tasks\IORRT
2015-11-16 21:00 - 2015-11-16 21:02 - 00000000 ____D C:\Users\Angie\Desktop\TRANSFERRING TO BACKUP
2015-11-11 09:45 - 2015-11-11 12:35 - 00056127 _____ C:\Users\Angie\Documents\Do Not Smoke.fdx
2015-11-06 22:41 - 2015-11-06 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-06 22:41 - 2015-11-06 22:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-02 21:28 - 2015-11-02 21:28 - 00000383 _____ C:\ftconfig.ini
2015-11-02 10:05 - 2015-11-02 10:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-02 10:05 - 2015-11-02 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-02 10:03 - 2015-11-02 10:03 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Angie\Downloads\SkypeSetup (2).exe
2015-11-01 22:52 - 2015-11-01 22:53 - 00584288 _____ (Oracle Corporation) C:\Users\Angie\Downloads\chromeinstall-8u65.exe
2015-10-25 16:34 - 2015-10-25 16:37 - 00000000 ____D C:\Program Files (x86)\MCSkin3D
2015-10-25 16:34 - 2015-10-25 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCSkin3D
2015-10-25 16:28 - 2015-10-25 16:32 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2015-10-25 16:28 - 2015-10-25 16:29 - 02045882 _____ (Altered Softworks & MCSkin3D Development Team ) C:\Users\Angie\Downloads\mcskin3d_1_3.exe
2015-10-25 16:06 - 2015-10-25 16:09 - 03602752 _____ (Informer Technologies, Inc. ) C:\Users\Angie\Downloads\siinst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 22:47 - 2010-11-21 14:47 - 01719488 _____ C:\windows\PFRO.log
2015-11-19 19:10 - 2015-03-02 00:17 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 17:21 - 2009-07-14 14:20 - 00000000 __RHD C:\Users\Default
2015-11-19 17:19 - 2009-07-14 13:34 - 00000215 _____ C:\windows\system.ini
2015-11-19 17:03 - 2012-11-15 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup
2015-11-19 13:25 - 2009-07-14 15:51 - 00139920 _____ C:\windows\setupact.log
2015-11-19 12:46 - 2015-03-02 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-19 12:46 - 2015-03-02 00:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-19 12:29 - 2013-09-14 15:51 - 00000000 ____D C:\windows\Minidump
2015-11-19 12:29 - 2013-09-14 15:50 - 384536491 _____ C:\windows\MEMORY.DMP
2015-11-19 12:27 - 2009-07-14 16:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-19 06:39 - 2015-03-31 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-19 05:40 - 2013-08-30 22:58 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 05:40 - 2013-08-30 22:58 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 05:40 - 2012-11-15 03:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-19 02:14 - 2015-02-09 22:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-19 01:58 - 2009-07-14 15:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 01:57 - 2009-07-14 15:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 01:54 - 2012-11-15 03:30 - 01355564 _____ C:\windows\WindowsUpdate.log
2015-11-18 21:06 - 2009-07-14 16:13 - 00779080 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-17 07:25 - 2013-09-14 15:04 - 00000000 ____D C:\Users\Angie\AppData\Local\CrashDumps
2015-11-16 23:53 - 2015-02-27 11:54 - 00000000 ____D C:\windows\pss
2015-11-16 19:04 - 2013-10-07 18:38 - 00000000 ____D C:\Users\Angie\AppData\Roaming\Skype
2015-11-11 22:13 - 2015-02-09 22:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 22:13 - 2014-03-01 10:36 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 22:13 - 2014-03-01 10:36 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 21:26 - 2014-08-28 22:44 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-10 10:47 - 2009-07-14 16:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-11-03 19:03 - 2013-08-30 23:57 - 00000000 ____D C:\Users\Angie\AppData\Local\Tific
2015-11-02 10:06 - 2012-11-15 04:13 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-06-03 23:34 - 2015-06-03 23:34 - 0002148 _____ () C:\Users\Angie\AppData\Local\recently-used.xbel
2015-02-27 11:38 - 2015-02-27 11:38 - 0007605 _____ () C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
2014-04-19 19:31 - 2014-04-19 19:31 - 0000025 ____H () C:\ProgramData\.811261211181235583101118113995
2015-06-22 01:15 - 2015-04-23 01:15 - 0000032 ____R () C:\ProgramData\hash.dat
Files to move or delete:
====================
C:\ProgramData\hash.dat

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 08:20
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Angie (2015-11-20 09:33:17)
Running from C:\Users\Angie\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-08-30 05:25:54)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2805473387-1554243729-575181077-500 - Administrator - Disabled)
Angie (S-1-5-21-2805473387-1554243729-575181077-1000 - Administrator - Enabled) => C:\Users\Angie
Dylan (S-1-5-21-2805473387-1554243729-575181077-1001 - Limited - Enabled) => C:\Users\Dylan
Guest (S-1-5-21-2805473387-1554243729-575181077-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.2.1655 - Open Media LLC)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audio Amplifier Pro (HKLM-x32\...\Audio Amplifier Pro_is1) (Version: - DanDans Digital Media)
Avast Premier (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BitTorrent (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Adventures (HKLM-x32\...\Bookworm Adventures) (Version: 1.0.0.1 - Pogo.com)
Bookworm Adventures Deluxe (HKLM-x32\...\Steam App 3470) (Version: - PopCap Games, Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - )
ClipGrab 3.5.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Faerie Solitaire (HKLM-x32\...\Steam App 38600) (Version: - Subsoap)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
MCSkin3D version 1.3 (HKLM-x32\...\{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1) (Version: 1.3 - Altered Softworks & MCSkin3D Development Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Multi-Function Suite DocuPrint M225 dw (HKLM-x32\...\{10D98D84-A981-4433-BE8F-0B6F944E27A9}) (Version: 1.0.0.0 - Fuji Xerox)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17242 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.202 - Symantec Corporation)
NVIDIA 3D Vision Driver 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Graphics Driver 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Puzzle Pirates (HKLM-x32\...\Steam App 99910) (Version: - Three Rings)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SafeZone Stable 1.46.1990.55 (x32 Version: 1.46.1990.55 - Avast Software) Hidden
Seduce Me the Otome (HKLM-x32\...\Steam App 367120) (Version: - Michaela Laws)
Shadowgate (HKLM-x32\...\Steam App 294440) (Version: - Zojoi)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SmartPixel (HKLM-x32\...\SmartPixel) (Version: 3.2.0.0 - Beyond Magic Limited)
Smilebox (HKU\S-1-5-21-2805473387-1554243729-575181077-1000\...\Smilebox) (Version: 1.0.0.28509 - Smilebox, Inc.)
Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version: - Lag Studios)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Telstra Mobile Broadband Manager (HKLM-x32\...\Telstra Mobile Broadband Manager) (Version: 3.0.514 - Telstra)
Telstra Mobile Broadband Manager (x32 Version: 3.0.514 - Telstra) Hidden
The Old Tree (HKLM-x32\...\Steam App 346250) (Version: - Red Dwarf Games)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TreeSize Personal V6.2.2 (HKLM-x32\...\TreeSize Personal_is1) (Version: 6.2.2 - JAM Software)
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) (HKLM\...\51208688C66699298C32E38B6BFF92816EE798CA) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem (06/08/2007 2.0.3.9) (HKLM\...\7404D4336C2B621F88A2B25CE6577572A8BBD25A) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Driver Package - Cmotech Ports (06/08/2007 2.0.3.9) (HKLM\...\2021A90B4F2D70AB98CFBF428E09767703FD455E) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
Wrath of Athena (HKLM-x32\...\Steam App 373100) (Version: - Kuuplay)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 13:34 - 2015-11-19 17:19 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1001F278-3453-4DD4-87DD-B638D451391B} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-08-25] ()
Task: {1710ABF6-1D12-4473-A30B-92938EE9DF3D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {28E927E9-1107-4F3F-B763-94642FA5EB66} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-08-25] ()
Task: {44455E58-5A96-4F3E-B658-7C9BA04CD363} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {449967A8-6446-4E2C-A6B7-8EF87FB79C2E} - System32\Tasks\SafeZone scheduled Autoupdate 1447856893 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-10-30] (Avast Software)
Task: {53B75EF8-9154-4A3D-9B66-8D30D163D502} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier Edition\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {634CF5FA-ED84-4CCF-A6C6-256E78E92755} - System32\Tasks\LightningDisk => c:\programdata\{f7c53224-dec9-3ab8-f7c5-53224decc893}\download.exe-1435906117323.exe <==== ATTENTION
Task: {7FE62A04-5F9B-4EDE-AD16-5A9CBF562C0B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {9B6556DF-1A09-476F-8827-0399ED3B8C57} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {A2A48C64-0AB1-42EF-88A5-D5A49E053E9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A752B3F3-9F9B-4B73-ABE3-E8420A66EA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E24CCEB6-493A-4E87-B360-446B63834EB3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {E4F774AF-5F22-4DA6-B998-8C1C2C7B7D86} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {FB3632AF-F251-4691-AFF0-D15FCF5D8B05} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-19] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\B04F67D4.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\B04F67D4.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Angie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
MSCONFIG\startupreg: BitTorrent => "C:\Users\Angie\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: HSON => C:\Program Files\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonOnlineBackup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Angie\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{845FF630-7CD1-48E7-A311-CA7EDE5E80B5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D3CC0871-0A84-4C73-99D6-3FB4BA9C409A}] => (Allow) LPort=2869
FirewallRules: [{97EB71FB-9C28-4399-ADE9-F36FF461491C}] => (Allow) LPort=1900
FirewallRules: [{614AC1EA-0F41-4EF3-84D1-E9DEF8F3D778}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A274B17A-4541-48BC-B3EF-ED966850D39A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{17A53099-5993-40A9-9656-47F6E68A364F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{76AF4005-39F3-4CEA-B497-A1D63A563C93}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{4E1BED4D-FFF6-485A-B06F-AC920CEE8435}] => (Allow) C:\Users\Angie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F41336A3-9347-4B80-935A-D297B22F74B3}] => (Allow) C:\Users\Angie\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5B0A85C0-3B11-454F-968B-3B9AA65B4EBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AF1E1F3C-923B-4EB9-9D70-6956B3C246C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3825E10-8108-4D9D-B82D-A38036EF9895}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C13F56F-E4C8-45A8-8155-24FBFC64F7FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E195A282-78CA-49A3-ACCC-18E79A95583F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2EB7AA3B-5AAB-4902-B061-2C96C6730D9C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9005809-075A-4294-B53F-31676CA2CCEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{335E02EB-A578-4A5F-83DE-DCEDAE200646}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{DF01718D-5364-4C7D-9205-08FCB757DD8A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{ADB1C436-E0FA-4779-AF8A-2C687C5BB0CD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D42C65A4-7502-47BE-A1E4-36DB4C99F0E7}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{1D0459A5-3523-4C8C-AB60-9988DB06276D}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{3EAB8EE2-B52C-4362-B115-EAE010046B34}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{AFF70090-4B98-4B5C-9E58-7FAC54F54D59}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{2D16CF35-F4D9-4CF9-8CDA-1F164BE44712}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{459AA28C-7627-4CCD-92FB-B97C4752D050}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{059CAB9B-17EA-462F-91DA-53D420D8E79D}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{51B1A664-51F4-40BF-928E-2B43AC697B29}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{71290DB5-E782-441B-B388-92ABA3F387A7}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{AE06D993-FDBC-4165-8D48-3A7E7BBFE87B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1EBF9EF-E536-462A-AAEF-6EE8B9338223}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{961FAD7A-B8D2-4A30-B495-6085308D2D5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{B7005588-EE4E-4736-B789-70BBDF9B4775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bookworm Adventures Deluxe\BookwormAdventures.exe
FirewallRules: [{E0E4A05A-D11A-43F0-AD18-491BC57C5677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{776D1282-5172-4FEE-9F95-8C78ADF98A5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{A0A11797-76C0-4B89-9B60-50A04910C6A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faerie Solitaire\FaerieSolitaire.exe
FirewallRules: [{F7201153-AF80-440B-80CA-875E07C42D2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faerie Solitaire\FaerieSolitaire.exe
FirewallRules: [{E559A193-8F4F-427E-A54C-760F644CE76A}] => (Allow) C:\Users\Angie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A35153FF-3D74-4820-BF80-A85A03995E58}] => (Allow) C:\Users\Angie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8BD94B84-26FA-4260-A6C1-6818C07293E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{756EA50B-C74B-4E1E-83BE-E145B41F9CBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{2593148F-A407-41F3-A677-916B52FD0416}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{2CE7A880-6AD7-4D65-B5EA-3E76A245E67B}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{1B6E78BF-F3FF-4CC6-B004-6E2EECFDD5B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{0327D9A6-AC17-4CE3-92F9-767F88E69602}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{80D5EE68-4580-440B-8979-F2D203B29294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Old Tree\TheOldTree.exe
FirewallRules: [{27F3A24E-B8AF-435E-8E98-1349BE733AF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Old Tree\TheOldTree.exe
FirewallRules: [{2D3B693D-6939-4CE8-83D9-E4D233847013}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2AB8215E-0FD7-4558-9313-AB4FAF9B6B2E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{29073A72-8A60-424F-B675-459CD3EA5361}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{5453B8DE-F31C-4FFD-93B9-9FD094CA9D5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{A83555D9-83ED-4A44-A4CC-94993ED70F2D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5A436FD2-62A6-4885-8ACD-A5BF03BD7C51}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5CA55047-B819-460A-93EF-4007732C4187}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{311474B2-1C55-4E2D-8A1A-B805CC1A4D3D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F1FFB37F-5D18-44F1-A7DA-AEEBA4127721}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69F48567-CE80-4810-B7DD-B270C9E6746E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A9D1351E-A8DC-4819-BB48-1122F367C236}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EC0690E6-B13E-4011-88F4-73573BE8F7C3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7982B085-7846-4424-9982-BEECDEC531FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{DF3B17A0-95C0-4BD3-B7C0-A3018B9ACD3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{946F88EE-2D4C-49AF-985B-857E9BDA3D19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{98A3B745-86D9-4EBF-A9EC-E53F46402C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{BE4AFFBD-F4FD-4935-9CD7-87AAA90BD95B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{F2387D93-33D2-46BB-937E-748558382E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{E7C2589A-DFFE-4927-8C75-743E529D905F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{0B94DB24-28AF-4CFA-900C-7D73194E2DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{AEC05DDD-F6B6-48DC-98A0-18880B8852E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Pirates\java_vm\bin\javaw.exe
FirewallRules: [{1BC46398-24BC-4027-9969-828A409E540F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Pirates\java_vm\bin\javaw.exe
FirewallRules: [{D9C5E019-4FB5-419A-A03E-15EC41B37460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Editor.exe
FirewallRules: [{4E12AD5C-FCE2-4B7B-AFED-2A8C1DF7A495}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Editor.exe
FirewallRules: [{1EE2256D-1B02-4930-A9C6-A90A9F273BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{3788676D-ACA3-40E8-A85C-7EB165573156}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{0F17BEE1-EB81-4BD5-AEF2-DB8B6557FEA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{3306D4FE-7C55-4567-8944-6FE6D7A8E789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{A8127020-D948-49EE-95B4-A0956CBBE00B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wrath of Athena\WrathOfAthena.exe
FirewallRules: [{A3AC6BE5-733E-496E-9627-DBEFADBC35E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wrath of Athena\WrathOfAthena.exe
FirewallRules: [{643A24A2-FD36-483C-937A-F7323BF4151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{0B13E083-4B62-4B95-84A4-79A32327F6A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{9E8B2F66-74A2-4655-9348-5141E3AE14A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A8CC437E-5728-48C4-9AB1-F36C6EDA6C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{F1DB521C-0B86-4B34-BAF1-1876B49D514C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{DA6B9ABF-BC1E-4D9E-ABFD-4A40120C0661}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [TCP Query User{4AC4B2EB-328E-47A4-A114-88C1237CBDA4}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{2CC81009-07EF-41AD-B565-25F9789CC041}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [{59628080-B266-4900-937D-1A0B202F63F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{15254B03-7128-4436-A00C-39CB910988D8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D380F31A-446C-4BFD-BF47-BEA0FF2C0F7C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5F6051D2-9865-4373-9ACA-97B8C013A8C7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6319560B-D6E4-461D-8D12-0FE5C17CB97F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6F1DBB14-4CB6-4D93-9E1C-5283612701CD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{54680097-DBBF-44CA-B252-EF9CBB7B1AEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: USB Camera
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/20/2015 09:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 10:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 05:10:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
Error: (11/19/2015 05:10:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
Instantiating VSS server
Error: (11/19/2015 05:10:11 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
Instantiating VSS server
Error: (11/19/2015 02:12:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 01:41:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Angie\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
Error: (11/19/2015 01:37:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Angie\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
Error: (11/19/2015 01:28:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 01:11:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/20/2015 09:29:40 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (11/20/2015 09:26:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
Error: (11/20/2015 09:25:19 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (11/20/2015 09:25:19 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (11/20/2015 09:25:15 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (11/20/2015 09:25:08 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (11/20/2015 09:24:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\windows\system32\athihvs.dll
Error Code: 21
Error: (11/20/2015 09:24:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
ccSet_NST
discache
spldr
Tosrfcom
vpcvmm
Wanarpv6
Error: (11/20/2015 09:24:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068
Error: (11/20/2015 09:24:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:21:36 AM on ‎20/‎11/‎2015 was unexpected.

CodeIntegrity:
===================================
Date: 2015-11-19 17:19:30.974
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-11-19 17:19:30.943
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 23%
Total physical RAM: 4077.86 MB
Available physical RAM: 3109.98 MB
Total Virtual: 8153.9 MB
Available Virtual: 7204.73 MB
==================== Drives ================================
Drive c: (S3A4487D001) (Fixed) (Total:580.54 GB) (Free:149.02 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 9FBDE6B3)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.2 GB) - (Type=17)
==================== End of Addition.txt ============================
 
For some reason, I keep getting a message that my additional txt file is awaiting moderator approval... it should show up soon!
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2 KB · Views: 2
Well, I when it restarted, it took me into Normal mode again, this time without a BSOD :) it still seems a little sluggish, the ctrl, fn, windows and alt keys still aren't working (could be hardware?) and I haven't had a chance yet to see if a malwarebytes scan will work right through, but things are looking a bit better!

Also, on log in, a message popped up, saying "Windows cannot find '{621BAAED-7B19-42A7-AA04-7217716FF5D2}.exe'. Make sure you typed the name correctly, and then try again."

Fix result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Angie (2015-11-20 12:47:38) Run:1
Running from C:\Users\Angie\Desktop
Loaded Profiles: Angie (Available Profiles: Angie & Dylan)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
GroupPolicyUsers\S-1-5-21-2805473387-1554243729-575181077-1001\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2805473387-1554243729-575181077-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-06-03 23:34 - 2015-06-03 23:34 - 0002148 _____ () C:\Users\Angie\AppData\Local\recently-used.xbel
2015-02-27 11:38 - 2015-02-27 11:38 - 0007605 _____ () C:\Users\Angie\AppData\Local\Resmon.ResmonCfg
2014-04-19 19:31 - 2014-04-19 19:31 - 0000025 ____H () C:\ProgramData\.811261211181235583101118113995
2015-06-22 01:15 - 2015-04-23 01:15 - 0000032 ____R () C:\ProgramData\hash.dat
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
Task: {634CF5FA-ED84-4CCF-A6C6-256E78E92755} - System32\Tasks\LightningDisk => c:\programdata\{f7c53224-dec9-3ab8-f7c5-53224decc893}\download.exe-1435906117323.exe <==== ATTENTION
c:\programdata\{f7c53224-dec9-3ab8-f7c5-53224decc893}\download.exe-1435906117323.exe

*****************

C:\windows\system32\GroupPolicyUsers\S-1-5-21-2805473387-1554243729-575181077-1001\User => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2805473387-1554243729-575181077-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
catchme => service removed successfully
C:\Users\Angie\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Angie\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\.811261211181235583101118113995 => moved successfully
C:\ProgramData\hash.dat => moved successfully
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} => removed successfully
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} => removed successfully
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{634CF5FA-ED84-4CCF-A6C6-256E78E92755}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{634CF5FA-ED84-4CCF-A6C6-256E78E92755}" => key removed successfully
C:\windows\System32\Tasks\LightningDisk => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LightningDisk" => key removed successfully
"c:\programdata\{f7c53224-dec9-3ab8-f7c5-53224decc893}\download.exe-1435906117323.exe" => not found.


The system needed a reboot.

==== End of Fixlog 12:47:38 ====
 
Good :)

I missed one item so we have to run one more fix...

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    191 bytes · Views: 2
Fix result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Angie (2015-11-20 13:51:24) Run:3
Running from C:\Users\Angie\Desktop
Loaded Profiles: Angie (Available Profiles: Angie & Dylan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\RunOnce: [{621BAAED-7B19-42A7-AA04-7217716FF5D2}] => cmd.exe /C start /D "C:\Users\Angie\AppData\Local\Temp" /B {621BAAED-7B19-42A7-AA04-7217716FF5D2}.exe -accepteula -postboot

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{621BAAED-7B19-42A7-AA04-7217716FF5D2} => value not found.

==== End of Fixlog 13:51:24 ====
 
:/ Roguekiller was going really well until it hit 56%. An error message popped up saying "RogueKiller has stopped working - A problem caused the problem to stop working correctly. Windows will close the program and notify you if a solution is available."
 
Well, after MBAM ran for 2.5 hours,I had to leave the house. When I came back the computer had restarted, so I'm assuming it completed? Here's the log:



Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 20/11/2015 1:13 PM, SYSTEM, SEXY, Scheduler, Domain Database, 2015.11.18.6, 2015.11.19.1,
Update, 20/11/2015 1:13 PM, SYSTEM, SEXY, Scheduler, Malware Database, 2015.11.19.2, 2015.11.19.5,
Protection, 20/11/2015 1:13 PM, SYSTEM, SEXY, Protection, Refresh, Starting,
Protection, 20/11/2015 1:13 PM, SYSTEM, SEXY, Protection, Refresh, Success,
Update, 20/11/2015 3:23 PM, SYSTEM, SEXY, Manual, Malware Database, 2015.11.19.5, 2015.11.20.1,

(end)
 
...And I just started up my computer this morning to find everything besides the recycling bin had disappeared from the desktop and the start menu, and this error message popped up:

"C:\windows\system32\config\systemprofile\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or you network, and then try again. If it still cannot be located, the information might have been moved to a different location."
 
Status
Not open for further replies.

Similar threads

Shawn Knight
NAND flash fabs in Japan halt production to check for earthquake damage
Replies
9
Views
280
LetTheWookieWin
L
J
Ventiva shows off tech to keep chips and devices cool
Replies
5
Views
116
Watzupken
W
A
Toyota's "insufficient disk space" blunder brings car manufacturing plants to a halt
Replies
3
Views
333
Uncle Al
Uncle Al

Latest posts

Back