Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Bella (administrator) on BELLA-PC on 26-10-2014 10:41:52
Running from C:\Users\Bella\Downloads
Loaded Profile: Bella (Available profiles: Bella)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-20] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1504608 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1044241667-917603167-2797466746-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A5901E20-427E-4D27-B328-AD8A98F6FF64}: [NameServer] 0.0.0.0
Tcpip\..\Interfaces\{F447F826-232F-4087-B3E5-7BBBD96D5BAE}: [NameServer] 0.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\Bella\AppData\Roaming\Mozilla\Firefox\Profiles\77ptt2qu.default-1413647069098
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bella\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-mx.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-mx.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-23]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-26] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 10:41 - 2014-10-26 10:42 - 00017888 _____ () C:\Users\Bella\Downloads\FRST.txt
2014-10-26 10:41 - 2014-10-26 10:41 - 00000000 ____D () C:\FRST
2014-10-26 10:39 - 2014-10-26 10:39 - 02113024 _____ (Farbar) C:\Users\Bella\Downloads\FRST64.exe
2014-10-26 10:05 - 2014-10-26 10:05 - 00008050 _____ () C:\windows\system32\.crusader
2014-10-26 09:53 - 2014-10-26 10:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-26 09:53 - 2014-10-26 09:53 - 00001864 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-26 09:52 - 2014-10-26 09:53 - 11194928 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro_x64.exe
2014-10-26 09:49 - 2014-10-26 09:50 - 10280824 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro.exe
2014-10-25 07:08 - 2014-10-25 07:08 - 00283984 _____ () C:\windows\Minidump\102514-26442-01.dmp
2014-10-23 21:37 - 2014-10-23 21:38 - 00283984 _____ () C:\windows\Minidump\102314-19952-01.dmp
2014-10-20 08:24 - 2014-10-20 08:24 - 00283984 _____ () C:\windows\Minidump\102014-20202-01.dmp
2014-10-18 09:17 - 2014-10-26 10:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 09:17 - 2014-10-18 09:17 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-18 09:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-18 09:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-18 09:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-18 09:13 - 2014-10-18 09:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bella\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 08:54 - 2014-10-18 08:54 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000(1).exe
2014-10-18 08:53 - 2014-10-18 08:53 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000.exe
2014-10-18 07:30 - 2014-10-18 07:30 - 00003098 _____ () C:\windows\System32\Tasks\{9C6EA312-3EEC-4047-ABEF-A8F2450ECBE0}
2014-10-18 07:20 - 2014-10-18 07:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-18 07:17 - 2014-10-26 10:10 - 00001338 _____ () C:\windows\Tasks\YSPBIM.job
2014-10-18 07:17 - 2014-10-26 10:10 - 00001334 _____ () C:\windows\Tasks\QQPK.job
2014-10-18 07:17 - 2014-10-18 07:22 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-18 07:17 - 2014-10-18 07:17 - 00004364 _____ () C:\windows\System32\Tasks\YSPBIM
2014-10-18 07:17 - 2014-10-18 07:17 - 00004360 _____ () C:\windows\System32\Tasks\QQPK
2014-10-18 07:17 - 2014-10-18 07:17 - 00000000 ____D () C:\Users\Bella\AppData\Local\globalUpdate
2014-10-18 07:15 - 2014-10-18 09:44 - 00000000 ____D () C:\ProgramData\rdoOQMEVSwI
2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\Users\Bella\AppData\Local\TVWizard
2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\ProgramData\TVWizard
2014-10-18 07:13 - 2014-10-18 07:13 - 00004026 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-10-18 07:07 - 2014-10-18 07:07 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-16 05:50 - 2014-10-09 18:53 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-16 05:50 - 2014-10-09 18:53 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-16 05:50 - 2014-10-09 18:47 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-16 05:50 - 2014-09-14 17:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-14 20:21 - 2014-10-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 09:36 - 2014-10-03 09:36 - 00088576 ___SH () C:\Users\Bella\Desktop\Thumbs.db
2014-10-03 09:35 - 2014-10-18 07:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 09:35 - 2014-10-03 09:35 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 09:35 - 2014-10-03 09:35 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-03 09:32 - 2014-10-03 09:32 - 00244272 _____ () C:\Users\Bella\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-01 08:34 - 2014-10-01 08:34 - 00021504 ___SH () C:\Users\Bella\Downloads\Thumbs.db
2014-09-30 07:10 - 2014-09-30 07:10 - 00012832 _____ () C:\Users\Bella\Downloads\Sept pay.zip
2014-09-29 07:27 - 2014-09-29 07:32 - 00000000 ____D () C:\Users\Bella\Documents\MAISON
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 10:30 - 2012-01-23 18:07 - 00000000 ____D () C:\Users\Bella\AppData\Roaming\Skype
2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 10:16 - 2010-06-19 11:06 - 01812471 _____ () C:\windows\WindowsUpdate.log
2014-10-26 10:09 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-26 10:09 - 2009-07-13 21:51 - 00089797 _____ () C:\windows\setupact.log
2014-10-26 08:09 - 2012-08-09 10:27 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job
2014-10-26 06:55 - 2012-07-07 07:13 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-25 13:27 - 2012-08-09 10:27 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job
2014-10-25 07:08 - 2010-07-21 22:30 - 570054710 _____ () C:\windows\MEMORY.DMP
2014-10-25 07:08 - 2010-07-21 22:30 - 00000000 ____D () C:\windows\Minidump
2014-10-20 08:24 - 2010-05-17 07:23 - 00386926 _____ () C:\windows\PFRO.log
2014-10-18 11:19 - 2014-07-31 21:11 - 00000000 ____D () C:\Users\Bella\AppData\Local\Adobe
2014-10-18 11:18 - 2012-04-27 09:27 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 11:18 - 2011-09-17 14:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 09:44 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-18 08:01 - 2011-10-07 11:12 - 00000000 ____D () C:\Users\Bella\AppData\Local\CrashDumps
2014-10-18 07:51 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-10-18 07:17 - 2010-05-17 07:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 07:01 - 2009-07-13 21:45 - 00338960 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-18 07:00 - 2014-07-10 07:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-18 05:42 - 2010-06-19 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 05:41 - 2013-08-15 06:03 - 00000000 ____D () C:\windows\system32\MRT
2014-10-18 05:38 - 2012-03-15 12:36 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 09:44 - 2010-07-10 22:52 - 00000000 ____D () C:\Users\Bella\AppData\Local\Google
2014-10-02 15:53 - 2010-07-10 22:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-01 08:34 - 2014-08-08 20:52 - 00000000 ____D () C:\Users\Bella\Downloads\Alaclair Ensemble - TOUTE EST IMPOSSIBLE
2014-09-29 08:24 - 2012-01-23 17:41 - 00001023 _____ () C:\Users\Bella\Desktop\Internet Explorer.lnk
2014-09-29 07:30 - 2014-08-13 04:54 - 00000000 ____D () C:\Users\Bella\Documents\PÉLI
Files to move or delete:
====================
C:\Users\Bella\ICS_s64.exe
Some content of TEMP:
====================
C:\Users\Bella\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bella\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Bella\AppData\Local\Temp\mediaimpression_2.0.63.630_2.0.63.952_update_all.exe
C:\Users\Bella\AppData\Local\Temp\Quarantine.exe
C:\Users\Bella\AppData\Local\Temp\ResetDevice.exe
C:\Users\Bella\AppData\Local\Temp\ri8_vmhh.dll
C:\Users\Bella\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Bella\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bella\AppData\Local\Temp\sqlite3.dll
C:\Users\Bella\AppData\Local\Temp\tbRadi.dll
C:\Users\Bella\AppData\Local\Temp\wlsetup.exe
C:\Users\Bella\AppData\Local\Temp\wlsetupc.exe
C:\Users\Bella\AppData\Local\Temp\~tmp1366308164410.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 07:32
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Bella at 2014-10-26 10:42:42
Running from C:\Users\Bella\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{3676B6E2-15D9-4829-9703-29FFD9CED18B}) (Version: 1.2.18.10 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaImpression 2.0 for PENTAX (HKLM-x32\...\{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}) (Version: 2.0.63.630 - ArcSoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 es-MX)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.1 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.1 - NEC Electronics Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
RICOH R5U230 Media Driver ver.2.08.03.04 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.08.03.04 - RICOH)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.12.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.2.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.8 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.12.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.13 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TV Wizard (HKLM-x32\...\TVWizard) (Version: 2.7.43 - Small Island Development) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-10-2014 14:02:06 Windows Update
11-10-2014 04:04:22 Windows Update
14-10-2014 13:23:43 Windows Update
18-10-2014 12:37:31 Windows Update
18-10-2014 14:19:56 Removed MySafeProxy for Internet Explorer
18-10-2014 14:22:34 Removed MySafeProxy for Internet Explorer
21-10-2014 13:06:29 Windows Update
26-10-2014 17:01:02 Checkpoint by HitmanPro
26-10-2014 17:05:10 Checkpoint by HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2CC36FAC-9BE6-42BC-99D1-568740A666E3} - System32\Tasks\YSPBIM => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION
Task: {34818A3A-D320-4669-AA38-1DB145CE6154} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3FFBC680-6456-473A-B869-821E988E867B} - System32\Tasks\QQPK => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION
Task: {493F8827-97B5-49D6-A248-264FB379AB1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {6515744D-AE1A-4D91-864C-2FFD87902569} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)
Task: {757D02AC-613B-4167-BF2F-CD89A21523B6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EC57929C-75B0-49F3-91CE-F2916261B3A7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F859BDC3-BD9C-46FD-B115-71B308ED5C88} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F98A2592-E43B-4F55-9CAE-3A0095087B4A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\QQPK.job => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION
Task: C:\windows\Tasks\YSPBIM.job => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-17 07:17 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-04 22:17 - 2014-08-04 22:17 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-25 17:28 - 2014-10-25 17:28 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll
2012-08-27 18:33 - 2012-08-27 18:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 18:33 - 2012-08-27 18:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-04 22:17 - 2014-08-04 22:17 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-14 20:21 - 2014-10-14 20:21 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-18 11:18 - 2014-10-18 11:18 - 16832176 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1044241667-917603167-2797466746-500 - Administrator - Disabled)
Bella (S-1-5-21-1044241667-917603167-2797466746-1000 - Administrator - Enabled) => C:\Users\Bella
Guest (S-1-5-21-1044241667-917603167-2797466746-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1044241667-917603167-2797466746-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000207F030.72). hr = 0x80070005, Access is denied.
.
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000237EDA0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {bdf25eff-4263-46e9-9e23-9db4643ace65}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000228EF40.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {1fcfb0c4-033b-4541-96ee-bd935ea68bd8}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000220EC20.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {cc48c333-cc9f-4ea1-b6ca-37b1b880f6ec}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd}
System errors:
=============
Error: (10/26/2014 10:12:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (10/26/2014 10:09:49 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (10/26/2014 10:08:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (10/26/2014 10:06:29 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 10:01:19 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 09:56:09 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 09:50:59 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 09:45:49 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 54%
Total physical RAM: 3824.43 MB
Available physical RAM: 1740.13 MB
Total Pagefile: 7646.99 MB
Available Pagefile: 5217.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (TI105872W0F) (Fixed) (Total:455.04 GB) (Free:354.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6D3E2460)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.3 GB) - (Type=17)
==================== End Of Log ============================
Ran by Bella (administrator) on BELLA-PC on 26-10-2014 10:41:52
Running from C:\Users\Bella\Downloads
Loaded Profile: Bella (Available profiles: Bella)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-20] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1504608 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1044241667-917603167-2797466746-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A5901E20-427E-4D27-B328-AD8A98F6FF64}: [NameServer] 0.0.0.0
Tcpip\..\Interfaces\{F447F826-232F-4087-B3E5-7BBBD96D5BAE}: [NameServer] 0.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\Bella\AppData\Roaming\Mozilla\Firefox\Profiles\77ptt2qu.default-1413647069098
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bella\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-mx.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-mx.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-23]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-26] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 10:41 - 2014-10-26 10:42 - 00017888 _____ () C:\Users\Bella\Downloads\FRST.txt
2014-10-26 10:41 - 2014-10-26 10:41 - 00000000 ____D () C:\FRST
2014-10-26 10:39 - 2014-10-26 10:39 - 02113024 _____ (Farbar) C:\Users\Bella\Downloads\FRST64.exe
2014-10-26 10:05 - 2014-10-26 10:05 - 00008050 _____ () C:\windows\system32\.crusader
2014-10-26 09:53 - 2014-10-26 10:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-26 09:53 - 2014-10-26 09:53 - 00001864 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-26 09:52 - 2014-10-26 09:53 - 11194928 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro_x64.exe
2014-10-26 09:49 - 2014-10-26 09:50 - 10280824 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro.exe
2014-10-25 07:08 - 2014-10-25 07:08 - 00283984 _____ () C:\windows\Minidump\102514-26442-01.dmp
2014-10-23 21:37 - 2014-10-23 21:38 - 00283984 _____ () C:\windows\Minidump\102314-19952-01.dmp
2014-10-20 08:24 - 2014-10-20 08:24 - 00283984 _____ () C:\windows\Minidump\102014-20202-01.dmp
2014-10-18 09:17 - 2014-10-26 10:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 09:17 - 2014-10-18 09:17 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-18 09:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-18 09:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-18 09:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-18 09:13 - 2014-10-18 09:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bella\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-18 08:54 - 2014-10-18 08:54 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000(1).exe
2014-10-18 08:53 - 2014-10-18 08:53 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000.exe
2014-10-18 07:30 - 2014-10-18 07:30 - 00003098 _____ () C:\windows\System32\Tasks\{9C6EA312-3EEC-4047-ABEF-A8F2450ECBE0}
2014-10-18 07:20 - 2014-10-18 07:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-18 07:17 - 2014-10-26 10:10 - 00001338 _____ () C:\windows\Tasks\YSPBIM.job
2014-10-18 07:17 - 2014-10-26 10:10 - 00001334 _____ () C:\windows\Tasks\QQPK.job
2014-10-18 07:17 - 2014-10-18 07:22 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-18 07:17 - 2014-10-18 07:17 - 00004364 _____ () C:\windows\System32\Tasks\YSPBIM
2014-10-18 07:17 - 2014-10-18 07:17 - 00004360 _____ () C:\windows\System32\Tasks\QQPK
2014-10-18 07:17 - 2014-10-18 07:17 - 00000000 ____D () C:\Users\Bella\AppData\Local\globalUpdate
2014-10-18 07:15 - 2014-10-18 09:44 - 00000000 ____D () C:\ProgramData\rdoOQMEVSwI
2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\Users\Bella\AppData\Local\TVWizard
2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\ProgramData\TVWizard
2014-10-18 07:13 - 2014-10-18 07:13 - 00004026 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-10-18 07:07 - 2014-10-18 07:07 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-16 05:50 - 2014-10-09 18:53 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-16 05:50 - 2014-10-09 18:53 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-16 05:50 - 2014-10-09 18:47 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-16 05:50 - 2014-09-14 17:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-14 20:21 - 2014-10-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 09:36 - 2014-10-03 09:36 - 00088576 ___SH () C:\Users\Bella\Desktop\Thumbs.db
2014-10-03 09:35 - 2014-10-18 07:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 09:35 - 2014-10-03 09:35 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 09:35 - 2014-10-03 09:35 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-03 09:32 - 2014-10-03 09:32 - 00244272 _____ () C:\Users\Bella\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-01 08:34 - 2014-10-01 08:34 - 00021504 ___SH () C:\Users\Bella\Downloads\Thumbs.db
2014-09-30 07:10 - 2014-09-30 07:10 - 00012832 _____ () C:\Users\Bella\Downloads\Sept pay.zip
2014-09-29 07:27 - 2014-09-29 07:32 - 00000000 ____D () C:\Users\Bella\Documents\MAISON
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 10:30 - 2012-01-23 18:07 - 00000000 ____D () C:\Users\Bella\AppData\Roaming\Skype
2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 10:16 - 2010-06-19 11:06 - 01812471 _____ () C:\windows\WindowsUpdate.log
2014-10-26 10:09 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-26 10:09 - 2009-07-13 21:51 - 00089797 _____ () C:\windows\setupact.log
2014-10-26 08:09 - 2012-08-09 10:27 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job
2014-10-26 06:55 - 2012-07-07 07:13 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-25 13:27 - 2012-08-09 10:27 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job
2014-10-25 07:08 - 2010-07-21 22:30 - 570054710 _____ () C:\windows\MEMORY.DMP
2014-10-25 07:08 - 2010-07-21 22:30 - 00000000 ____D () C:\windows\Minidump
2014-10-20 08:24 - 2010-05-17 07:23 - 00386926 _____ () C:\windows\PFRO.log
2014-10-18 11:19 - 2014-07-31 21:11 - 00000000 ____D () C:\Users\Bella\AppData\Local\Adobe
2014-10-18 11:18 - 2012-04-27 09:27 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 11:18 - 2011-09-17 14:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 09:44 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-18 08:01 - 2011-10-07 11:12 - 00000000 ____D () C:\Users\Bella\AppData\Local\CrashDumps
2014-10-18 07:51 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-10-18 07:17 - 2010-05-17 07:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 07:01 - 2009-07-13 21:45 - 00338960 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-18 07:00 - 2014-07-10 07:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-18 05:42 - 2010-06-19 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 05:41 - 2013-08-15 06:03 - 00000000 ____D () C:\windows\system32\MRT
2014-10-18 05:38 - 2012-03-15 12:36 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 09:44 - 2010-07-10 22:52 - 00000000 ____D () C:\Users\Bella\AppData\Local\Google
2014-10-02 15:53 - 2010-07-10 22:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-01 08:34 - 2014-08-08 20:52 - 00000000 ____D () C:\Users\Bella\Downloads\Alaclair Ensemble - TOUTE EST IMPOSSIBLE
2014-09-29 08:24 - 2012-01-23 17:41 - 00001023 _____ () C:\Users\Bella\Desktop\Internet Explorer.lnk
2014-09-29 07:30 - 2014-08-13 04:54 - 00000000 ____D () C:\Users\Bella\Documents\PÉLI
Files to move or delete:
====================
C:\Users\Bella\ICS_s64.exe
Some content of TEMP:
====================
C:\Users\Bella\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bella\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Bella\AppData\Local\Temp\mediaimpression_2.0.63.630_2.0.63.952_update_all.exe
C:\Users\Bella\AppData\Local\Temp\Quarantine.exe
C:\Users\Bella\AppData\Local\Temp\ResetDevice.exe
C:\Users\Bella\AppData\Local\Temp\ri8_vmhh.dll
C:\Users\Bella\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Bella\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bella\AppData\Local\Temp\sqlite3.dll
C:\Users\Bella\AppData\Local\Temp\tbRadi.dll
C:\Users\Bella\AppData\Local\Temp\wlsetup.exe
C:\Users\Bella\AppData\Local\Temp\wlsetupc.exe
C:\Users\Bella\AppData\Local\Temp\~tmp1366308164410.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 07:32
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Bella at 2014-10-26 10:42:42
Running from C:\Users\Bella\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{3676B6E2-15D9-4829-9703-29FFD9CED18B}) (Version: 1.2.18.10 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaImpression 2.0 for PENTAX (HKLM-x32\...\{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}) (Version: 2.0.63.630 - ArcSoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 es-MX)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.1 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.1 - NEC Electronics Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
RICOH R5U230 Media Driver ver.2.08.03.04 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.08.03.04 - RICOH)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.12.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.2.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.8 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.12.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.13 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TV Wizard (HKLM-x32\...\TVWizard) (Version: 2.7.43 - Small Island Development) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-10-2014 14:02:06 Windows Update
11-10-2014 04:04:22 Windows Update
14-10-2014 13:23:43 Windows Update
18-10-2014 12:37:31 Windows Update
18-10-2014 14:19:56 Removed MySafeProxy for Internet Explorer
18-10-2014 14:22:34 Removed MySafeProxy for Internet Explorer
21-10-2014 13:06:29 Windows Update
26-10-2014 17:01:02 Checkpoint by HitmanPro
26-10-2014 17:05:10 Checkpoint by HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2CC36FAC-9BE6-42BC-99D1-568740A666E3} - System32\Tasks\YSPBIM => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION
Task: {34818A3A-D320-4669-AA38-1DB145CE6154} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3FFBC680-6456-473A-B869-821E988E867B} - System32\Tasks\QQPK => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION
Task: {493F8827-97B5-49D6-A248-264FB379AB1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {6515744D-AE1A-4D91-864C-2FFD87902569} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)
Task: {757D02AC-613B-4167-BF2F-CD89A21523B6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EC57929C-75B0-49F3-91CE-F2916261B3A7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F859BDC3-BD9C-46FD-B115-71B308ED5C88} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F98A2592-E43B-4F55-9CAE-3A0095087B4A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\QQPK.job => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION
Task: C:\windows\Tasks\YSPBIM.job => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-17 07:17 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-04 22:17 - 2014-08-04 22:17 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-25 17:28 - 2014-10-25 17:28 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll
2012-08-27 18:33 - 2012-08-27 18:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 18:33 - 2012-08-27 18:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-04 22:17 - 2014-08-04 22:17 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-14 20:21 - 2014-10-14 20:21 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-18 11:18 - 2014-10-18 11:18 - 16832176 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1044241667-917603167-2797466746-500 - Administrator - Disabled)
Bella (S-1-5-21-1044241667-917603167-2797466746-1000 - Administrator - Enabled) => C:\Users\Bella
Guest (S-1-5-21-1044241667-917603167-2797466746-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1044241667-917603167-2797466746-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000207F030.72). hr = 0x80070005, Access is denied.
.
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000237EDA0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {bdf25eff-4263-46e9-9e23-9db4643ace65}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000228EF40.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {1fcfb0c4-033b-4541-96ee-bd935ea68bd8}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000220EC20.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {cc48c333-cc9f-4ea1-b6ca-37b1b880f6ec}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29}
Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd}
System errors:
=============
Error: (10/26/2014 10:12:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (10/26/2014 10:09:49 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (10/26/2014 10:08:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (10/26/2014 10:06:29 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 10:01:19 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 09:56:09 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 09:50:59 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Error: (10/26/2014 09:45:49 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 54%
Total physical RAM: 3824.43 MB
Available physical RAM: 1740.13 MB
Total Pagefile: 7646.99 MB
Available Pagefile: 5217.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (TI105872W0F) (Fixed) (Total:455.04 GB) (Free:354.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6D3E2460)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.3 GB) - (Type=17)
==================== End Of Log ============================