Solved Laptop very slow after Windows Update

D

djr4yman

New Member
Thread author
May 11, 2016
1
My Laptop is a Toshiba Satellite C655-S5049. It does not have many programs installed but since it restarted after a Windows Update it has been painfully slow. pasted FRST and Addition .txt's here as it wont hurry up and upload.


FRST.txt
------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by TBS (administrator) on TBS-PC (22-05-2016 04:27:21)
Running from C:\Users\TBS\Downloads
Loaded Profiles: TBS (Available Profiles: TBS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Users\TBS\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\TBS\AppData\Local\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3037345196-995968483-4216386591-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_Plugin.exe [1172672 2016-04-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3037345196-995968483-4216386591-1000\...\MountPoints2: {d5aea5b6-070e-11e6-abd6-00266c63ace3} - E:\MotorolaDeviceManagerSetup.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-06] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6B55C70C-F1A6-44A3-A1C5-B53CC52DB735}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7B6D05D8-8876-4240-AEAD-A853DDCDF3B6}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{888C70AD-1925-486A-9DF1-70976B5620E5}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-3037345196-995968483-4216386591-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-3037345196-995968483-4216386591-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {25C033BD-5FBD-46A9-8484-9AA67942135A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {25C033BD-5FBD-46A9-8484-9AA67942135A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {7DF4D518-D7BC-44BE-99F2-BB650CB51376} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7DF4D518-D7BC-44BE-99F2-BB650CB51376} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3037345196-995968483-4216386591-1000 -> DefaultScope {E6466F9A-2DF2-41D1-B2BF-B362297F34EE} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3037345196-995968483-4216386591-1000 -> {E6466F9A-2DF2-41D1-B2BF-B362297F34EE} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2010-04-04] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-08] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-04-04] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-04-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-04-04] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-08] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-04] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-04-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-04-04] (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-04] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-03] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-04-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-04] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\TBS\AppData\Roaming\Mozilla\Firefox\Profiles\75yb287e.default
FF Homepage: hxxps://www.google.com.pr/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-21] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin HKU\S-1-5-21-3037345196-995968483-4216386591-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\TBS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3037345196-995968483-4216386591-1000: @talk.google.com/O1DPlugin -> C:\Users\TBS\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3037345196-995968483-4216386591-1000: @tools.google.com/Google Update;version=3 -> C:\Users\TBS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3037345196-995968483-4216386591-1000: @tools.google.com/Google Update;version=9 -> C:\Users\TBS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\TBS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TBS\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Personas Plus - C:\Users\TBS\AppData\Roaming\Mozilla\Firefox\Profiles\75yb287e.default\extensions\personas@christopher.beard.xpi [2016-04-27]
FF Extension: Download Manager (S3) - C:\Users\TBS\AppData\Roaming\Mozilla\Firefox\Profiles\75yb287e.default\extensions\s3download@statusbar.xpi [2016-05-10]
FF Extension: New Tab Homepage - C:\Users\TBS\AppData\Roaming\Mozilla\Firefox\Profiles\75yb287e.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-04-08]
FF Extension: Adblock Plus - C:\Users\TBS\AppData\Roaming\Mozilla\Firefox\Profiles\75yb287e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\TBS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\TBS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TBS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-06] (AVAST Software)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-06] (AVAST Software)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2016-04-28] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2016-04-28] (Dev47Apps)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2291784 2013-03-25] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 14:49 - 2016-05-11 14:56 - 00028958 _____ C:\Users\TBS\Downloads\Addition.txt
2016-05-11 14:28 - 2016-05-22 04:27 - 00017725 _____ C:\Users\TBS\Downloads\FRST.txt
2016-05-11 14:27 - 2016-05-22 04:27 - 00000000 ____D C:\FRST
2016-05-11 14:25 - 2016-05-11 14:27 - 02381312 _____ (Farbar) C:\Users\TBS\Downloads\FRST64.exe
2016-05-11 13:45 - 2016-05-11 14:24 - 04786157 _____ C:\Users\TBS\Downloads\mde-free-portable.zip
2016-05-09 15:17 - 2016-05-21 21:09 - 00003752 _____ C:\windows\System32\Tasks\AutoKMS
2016-05-06 21:48 - 2016-05-22 00:07 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-06 21:48 - 2016-05-22 00:07 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-06 21:13 - 2016-05-22 04:45 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-06 21:13 - 2016-05-21 21:07 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-06 21:13 - 2016-05-07 18:40 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-06 21:13 - 2016-05-07 18:40 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 19:26 - 2016-05-06 19:26 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-05-06 19:25 - 2016-05-06 19:25 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-05-05 21:18 - 2016-05-05 21:18 - 00041428 _____ C:\Users\TBS\Desktop\mini flayer.pptx
2016-05-05 19:29 - 2016-05-05 20:15 - 00063854 _____ C:\Users\TBS\Desktop\Se limpian casas.pptx
2016-05-05 13:32 - 2016-05-10 00:22 - 00000000 ____D C:\Users\TBS\AppData\Roaming\vlc
2016-05-04 21:17 - 2016-05-04 21:17 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-04 21:17 - 2016-05-04 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-05-04 21:04 - 2016-05-04 21:04 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-05-04 20:48 - 2016-05-04 20:53 - 30503216 _____ C:\Users\TBS\Downloads\vlc-2.2.3-win32.exe
2016-05-02 17:15 - 2016-05-02 19:09 - 00000000 ____D C:\Users\TBS\Desktop\Mera's Phone
2016-05-02 17:13 - 2016-05-02 17:13 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_motoandroid_01007.Wdf
2016-05-01 12:46 - 2016-05-01 12:46 - 00000000 ____D C:\Users\TBS\AppData\Local\ElevatedDiagnostics
2016-04-30 13:24 - 2016-04-30 13:24 - 00021582 _____ C:\Users\TBS\Documents\cc_20160430_132346.reg
2016-04-30 13:19 - 2016-04-30 13:19 - 00002782 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-04-30 13:19 - 2016-04-30 13:19 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-30 13:19 - 2016-04-30 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-30 13:19 - 2016-04-30 13:19 - 00000000 ____D C:\Program Files\CCleaner
2016-04-28 13:34 - 2016-04-28 13:34 - 00000031 _____ C:\ProgramData\droidcam-settings
2016-04-28 13:32 - 2016-04-28 13:32 - 00001033 _____ C:\Users\TBS\Desktop\DroidCamApp.lnk
2016-04-28 13:32 - 2016-04-28 13:32 - 00000000 ____D C:\Users\TBS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2016-04-28 13:21 - 2016-04-28 13:21 - 00229432 _____ (Dev47Apps) C:\windows\system32\Drivers\droidcamvideo.sys
2016-04-28 13:20 - 2016-04-28 13:20 - 00033592 _____ (Dev47Apps) C:\windows\system32\Drivers\droidcam.sys
2016-04-28 13:18 - 2016-04-28 13:32 - 00000000 ____D C:\Program Files (x86)\DroidCam
2016-04-28 13:15 - 2016-04-28 13:15 - 00708871 _____ C:\Users\TBS\Downloads\DroidCam.Client.6.0.zip
2016-04-28 13:07 - 2016-05-22 05:01 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000UA.job
2016-04-28 13:07 - 2016-05-15 16:52 - 00001050 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000Core.job
2016-04-28 13:07 - 2016-05-09 15:33 - 00000000 ____D C:\Users\TBS\AppData\Local\Google
2016-04-28 13:07 - 2016-04-28 13:07 - 00004068 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000UA
2016-04-28 13:07 - 2016-04-28 13:07 - 00003672 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000Core
2016-04-28 13:06 - 2016-04-28 13:07 - 00987728 _____ (Google Inc.) C:\Users\TBS\Downloads\GoogleVoiceAndVideoSetup.exe
2016-04-24 17:54 - 2016-04-24 17:54 - 00000000 ____D C:\Users\TBS\AppData\Roaming\Macromedia
2016-04-24 17:54 - 2016-04-24 17:54 - 00000000 ____D C:\Users\TBS\AppData\Local\Macromedia
2016-04-24 16:24 - 2016-04-24 17:54 - 00000000 ____D C:\Users\TBS\AppData\Roaming\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-22 04:41 - 2016-04-21 10:57 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-21 21:14 - 2009-07-14 00:45 - 00015568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 21:14 - 2009-07-14 00:45 - 00015568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 21:13 - 2009-07-14 01:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-21 21:13 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-05-21 21:06 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-21 16:18 - 2016-04-08 18:33 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-05-20 16:34 - 2016-04-08 19:32 - 00000000 ____D C:\Users\TBS\Desktop\Trabajos
2016-05-15 12:58 - 2016-04-20 12:01 - 00000000 ____D C:\Users\TBS\Desktop\tumblr
2016-05-07 01:58 - 2016-04-08 18:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 21:45 - 2010-04-04 01:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-06 21:14 - 2016-04-15 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-06 19:26 - 2016-04-08 18:32 - 00465792 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-05-06 19:26 - 2016-04-08 18:32 - 00287528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2016-05-06 19:26 - 2016-04-08 18:32 - 00166432 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-05-06 19:26 - 2016-04-08 18:32 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-05-06 19:26 - 2016-04-08 18:32 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-05-06 19:26 - 2016-04-08 18:32 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-05-06 19:26 - 2016-04-08 18:32 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-05-06 19:25 - 2016-04-08 18:32 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-05-05 21:53 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-05-05 13:47 - 2016-04-20 13:32 - 00000000 ____D C:\Users\TBS\Downloads\Vuze Leap
2016-04-30 13:25 - 2010-04-04 17:38 - 00000000 ____D C:\windows\Panther
2016-04-28 13:08 - 2016-04-08 18:20 - 00000000 ____D C:\Users\TBS\AppData\Roaming\Mozilla
2016-04-24 17:10 - 2016-04-21 10:54 - 00000000 ____D C:\Users\TBS\AppData\Local\Adobe
2016-04-24 16:26 - 2010-04-04 01:23 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2016-04-28 13:34 - 2016-04-28 13:34 - 0000031 _____ () C:\ProgramData\droidcam-settings

Some files in TEMP:
====================
C:\Users\TBS\AppData\Local\Temp\{1F5C5381-255B-48A5-967C-E69A765E7D8D}-GoogleUpdateSetup.exe
C:\Users\TBS\AppData\Local\Temp\{C9A723DA-2ECD-4B02-AC55-1D651B69C2F3}-50.0.2661.102_50.0.2661.94_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-09 00:48

==================== End of FRST.txt ============================


Addition.txt
--------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by TBS (2016-05-11 14:49:00)
Running from C:\Users\TBS\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-08 22:05:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3037345196-995968483-4216386591-500 - Administrator - Disabled)
Guest (S-1-5-21-3037345196-995968483-4216386591-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3037345196-995968483-4216386591-1002 - Limited - Enabled)
TBS (S-1-5-21-3037345196-995968483-4216386591-1000 - Administrator - Enabled) => C:\Users\TBS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
Game Maker 8.0 (HKLM-x32\...\Game Maker 8.0) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.04 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vuze Leap 2.1 (HKU\S-1-5-21-3037345196-995968483-4216386591-1000\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 2.1 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3037345196-995968483-4216386591-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\TBS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3037345196-995968483-4216386591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TBS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21AEA0A0-D748-4842-83BA-1411D66D8226} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000UA => C:\Users\TBS\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {32003FC5-8928-47B7-A6D1-0B35CFC43282} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {369BA0F1-FF41-442C-B28A-F6710F03FFCC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-21] (Adobe Systems Incorporated)
Task: {5E56FB6A-75B1-45BB-92C6-4CB86070A464} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-08] (AVAST Software)
Task: {6A982260-900B-4C69-9732-955874A604C3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6B3DF50A-7474-4192-9083-901EE6CBF19F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07] (Google Inc.)
Task: {7823A335-5973-4C28-8E7A-CE469ED4F826} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-06] (AVAST Software)
Task: {7E75A3F8-B2E4-40F7-B84D-592D1EE23AAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {97720549-A5A0-4E94-ACEF-AAC671B413EC} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {B3E6C192-BA6D-46B1-90E9-395FF6A381A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {B5900B79-64FB-4F31-8D75-91E9C824EFC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-07] (Google Inc.)
Task: {B9CE6AAC-C91D-454C-BBFF-ABDF228A775A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000Core => C:\Users\TBS\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {CE315C6E-FFC8-4642-8A59-20D53769FC75} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe [2016-04-08] ()
Task: {CE56B9D3-7469-4DDA-8EE0-5C2D764BE76C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D622D273-A176-4601-9631-75B5E1130B9E} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000Core.job => C:\Users\TBS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037345196-995968483-4216386591-1000UA.job => C:\Users\TBS\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-03-03 17:15 - 2010-03-03 17:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-04-04 01:16 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2016-05-06 19:25 - 2016-05-06 19:25 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-06 19:25 - 2016-05-06 19:25 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-10 17:05 - 2016-05-10 17:05 - 02892800 _____ () C:\Program Files\AVAST Software\Avast\defs\16051002\algo.dll
2016-05-11 13:04 - 2016-05-11 13:04 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\16051100\algo.dll
2016-05-06 19:25 - 2016-05-06 19:25 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-08 18:32 - 2016-04-08 18:32 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3037345196-995968483-4216386591-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TBS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{099EA7C5-0341-4F8F-A3C3-7A23EA9BBAC6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{0B062990-A6E9-4C74-B63D-A82F260D3264}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D179B4E2-6896-4650-A906-81F602C59988}] => (Allow) svchost.exe
FirewallRules: [{E8DD5518-41FA-432A-A4EA-02034471D64C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{7CCE945A-86E9-470F-8DCC-0ED5131AC7BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6F2921B-97BB-457B-AEAB-27190C5BB2A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A12DB45-9DC6-4113-8007-71C0413394D6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A1323248-61EB-4FB6-B248-DD777C600793}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{430B750B-70E2-4436-AC44-E9E01D43A2BC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{503E2B17-2F3C-4CB4-AAEE-EFCAE9B6C8B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{554D902E-8091-482F-8A75-5FDBDDEF5AC9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E04D3457-3444-4236-BF78-99487225FAD2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{51E360BB-465A-47A8-A8B9-50047197FF60}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D7EA62AE-7284-41CC-BD18-3A17AE1B95C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DD0D353E-B97E-48CD-BED2-79B180655C78}] => (Allow) C:\Users\TBS\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{82A2542E-9620-4D15-BF6F-F6E88BBF8A69}] => (Allow) C:\Users\TBS\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{FBC9EBC2-ADEC-46E0-9CFA-DD8D0E67A6FD}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{252FF5C9-DD74-4E5E-BE89-BFC55B0D9CA8}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{9883D5FE-7D72-4172-AD6F-819428B3A909}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-04-2016 13:13:54 Windows 7 Service Pack 1
20-04-2016 14:50:47 Windows Update
21-04-2016 10:22:00 Windows Update
21-04-2016 12:22:00 Windows Update
28-04-2016 13:22:12 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers
28-04-2016 13:29:04 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2016 01:18:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 15.0.4815.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a8c

Start Time: 01d1aba7a78b600e

Termination Time: 3463

Application Path: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE

Report Id: 26b30331-179c-11e6-9dfc-00266c63ace3

Error: (05/10/2016 10:20:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.Windows.Diagnosis.SDEngine, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86 . Error code = 0x80070020

Error: (05/10/2016 05:55:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 46.0.1.5966 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ad4

Start Time: 01d1ab03ae4287a1

Termination Time: 515

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 67af1875-16f9-11e6-81f0-00266c63ace3

Error: (05/02/2016 09:45:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c50

Start Time: 01d1a4c44eb83393

Termination Time: 1264

Application Path: C:\windows\explorer.exe

Report Id: ad3c1135-10d0-11e6-983d-00266c63ace3

Error: (05/02/2016 06:45:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7c4

Start Time: 01d1a4c2ec455093

Termination Time: 3151

Application Path: C:\windows\Explorer.EXE

Report Id: 208a8527-10b7-11e6-983d-00266c63ace3

Error: (05/02/2016 06:32:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 508

Start Time: 01d1a4c16f4dbe17

Termination Time: 530

Application Path: C:\windows\explorer.exe

Report Id: 8a46d277-10b5-11e6-a814-00266c63ace3

Error: (05/02/2016 06:24:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5d4

Start Time: 01d1a4c0ee329b7b

Termination Time: 858

Application Path: C:\windows\explorer.exe

Report Id: 867926a9-10b4-11e6-a814-00266c63ace3

Error: (05/02/2016 06:21:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e44

Start Time: 01d1a4bacad33ba2

Termination Time: 265

Application Path: C:\Windows\explorer.exe

Report Id: f7ee5fa2-10b3-11e6-a814-00266c63ace3

Error: (05/02/2016 05:37:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a84

Start Time: 01d1a4b96eea47ea

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id:

Error: (05/02/2016 05:27:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6c4

Start Time: 01d1a4b6b8a692e5

Termination Time: 1670

Application Path: C:\windows\Explorer.EXE

Report Id:


System errors:
=============
Error: (05/11/2016 01:46:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/11/2016 01:35:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/11/2016 01:40:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (05/11/2016 01:40:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

Error: (05/10/2016 08:54:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (05/10/2016 08:54:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (05/10/2016 08:54:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/10/2016 06:34:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (05/10/2016 05:57:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (05/10/2016 05:23:33 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
Percentage of memory in use: 43%
Total physical RAM: 1915.98 MB
Available physical RAM: 1088.15 MB
Total Virtual: 3831.95 MB
Available Virtual: 1611.38 MB

==================== Drives ================================

Drive c: (TI105847W0E) (Fixed) (Total:222.47 GB) (Free:171.84 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 4E0E547E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=17)

==================== End of Addition.txt ============================
 

Similar threads

F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,824
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,823
Windows Malware Removal Help & Support
nasdaq
nasdaq
K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,965
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top