Toshiba Satellite Freezing Up

Started by mare_wbpa, October 12, 2015, 10:45:57 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mare_wbpa

I'm having problems with this laptop. It's almost 1 1/2 yrs old. Toshiba, Satellite C55-B5270,  Intel Pentium processor, Windows 8.1, 8Gb DDR, 500 Gb HDD, DVD multi drive R+/-  double layer.  It's getting slow and freezing up.  Message box pops up with a message that the program is not responding and I have the option to close it or wait for it to respond.  It usually won't respond if I go with the wait option.  Sometimes won't close when I go with that. I've done an Avast scan and also an MBAM scan with no improvement.  Help please.

winchester73

Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

mare_wbpa

Here's the 1st part of the log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
Ran by MaryAnn (administrator) on MYLAPTOP (13-10-2015 18:13:13)
Running from C:\Users\MaryAnn\Downloads
Loaded Profiles: MaryAnn (Available Profiles: MaryAnn)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Storage Appliance Corporation) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-08] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Run: [SacReminderHDDV2N] => C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corp.)
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\RunOnce: [Application Restart #1] => C:\Users\MaryAnn\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-c (the data entry has 553 more characters).
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\MountPoints2: {c385f38f-404f-11e4-8265-f8a9637b4579} - "E:\StartClickFreeBackup.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => No File
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\MaryAnn\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\MaryAnn\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\MaryAnn\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-08] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\MaryAnn\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\MaryAnn\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\MaryAnn\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 24.229.54.212 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{8F335277-EFEF-401C-B78E-A1D7DE584501}: [DhcpNameServer] 192.168.2.1 24.229.54.212 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{F51A1292-21F4-4109-8550-6BB957785427}: [DhcpNameServer] 24.229.54.212 216.144.187.199 204.186.0.180

Internet Explorer:
==================
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1428794892-2092620193-513533578-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1428794892-2092620193-513533578-1001 -> {56CA4318-392F-423C-87DC-BC0898B1A9C4} URL =
SearchScopes: HKU\S-1-5-21-1428794892-2092620193-513533578-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-08] (AVAST Software)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-08] (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\noewtotp.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\noewtotp.default\searchplugins\yahoo-avast.xml [2014-12-10]
FF Extension: MEGA - C:\Users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\noewtotp.default\Extensions\firefox@mega.co.nz.xpi [2015-09-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-17]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (YouTube) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (avast! Online Security) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-08] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-08] (Avast Software)
R2 CFUACProxy_officeguardianv2n; C:\ProgramData\OfficeGuardianV2N\UACProxy.exe [83792 2010-11-18] (Storage Appliance Corp.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 MBAMService; C:\AdwCleaner\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 Util Klip Pal; "C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-08] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-08] (AVAST Software)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-08] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 18:13 - 2015-10-13 18:14 - 00020593 _____ C:\Users\MaryAnn\Downloads\FRST.txt
2015-10-13 18:13 - 2015-10-13 18:13 - 00000000 ____D C:\FRST
2015-10-13 18:12 - 2015-10-13 18:12 - 02196480 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST64.exe
2015-10-09 18:38 - 2015-10-09 18:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-09 18:38 - 2015-10-09 18:38 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-09 18:38 - 2015-10-09 18:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-08 22:37 - 2015-10-08 22:37 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-08 22:37 - 2015-10-08 22:37 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-10-08 22:37 - 2015-10-08 22:37 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-08 19:22 - 2015-10-08 19:22 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-08 19:22 - 2015-10-08 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-08 19:21 - 2015-10-08 19:22 - 00000000 ____D C:\Program Files\iTunes
2015-10-08 19:21 - 2015-10-08 19:21 - 00000000 ____D C:\Program Files\iPod
2015-10-08 19:21 - 2015-10-08 19:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-08 19:18 - 2015-10-08 19:18 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-08 19:18 - 2015-10-08 19:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-08 19:17 - 2015-10-08 19:17 - 00000000 ____D C:\Program Files\Bonjour
2015-10-08 19:17 - 2015-10-08 19:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-03 11:58 - 2015-10-08 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-29 21:44 - 2015-09-29 21:44 - 00000870 _____ C:\Users\MaryAnn\AppData\Local\recently-used.xbel
2015-09-28 22:29 - 2015-09-28 22:29 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-09-28 22:17 - 2015-09-28 22:26 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2015-09-28 18:35 - 2015-09-28 18:35 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2015-09-28 18:35 - 2015-09-28 18:35 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-09-28 18:12 - 2015-09-28 18:12 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2015-09-28 18:11 - 2015-10-06 10:28 - 00000000 ____D C:\Users\MaryAnn\AppData\Roaming\canon
2015-09-28 18:11 - 2015-10-01 23:01 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-09-28 18:05 - 2013-03-24 05:00 - 00393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBX.DLL
2015-09-28 18:05 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BXL.dll
2015-09-28 18:05 - 2012-11-09 10:43 - 00088064 _____ C:\Windows\SysWOW64\CNC176DD.TBL
2015-09-28 18:05 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-09-28 18:03 - 2015-09-28 18:03 - 00000000 ____D C:\Users\MaryAnn\AppData\LocalLow\Canon Easy-WebPrint EX2
2015-09-28 18:03 - 2015-09-28 18:03 - 00000000 ____D C:\Users\MaryAnn\AppData\LocalLow\Canon Easy-WebPrint EX
2015-09-28 18:03 - 2015-09-28 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series User Registration
2015-09-28 18:02 - 2015-09-28 18:02 - 00002048 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-09-28 18:02 - 2015-09-28 18:02 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2015-09-28 17:58 - 2015-09-28 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-09-28 17:58 - 2015-09-28 18:03 - 00000000 ____D C:\Program Files\Canon
2015-09-28 17:58 - 2015-09-28 17:58 - 00002389 _____ C:\Users\Public\Desktop\Canon MG2500 series On-screen Manual.lnk
2015-09-28 17:58 - 2015-09-28 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series Manual
2015-09-28 17:58 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BXL.dll
2015-09-28 17:58 - 2012-11-09 10:43 - 00088064 _____ C:\Windows\system32\CNC176DD.TBL
2015-09-28 17:58 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BXC.dll
2015-09-28 17:58 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BXI.dll
2015-09-28 17:58 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-09-28 17:57 - 2015-09-28 17:58 - 00000000 ___HD C:\Program Files\CanonBJ
2015-09-28 17:57 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBX.DLL
2015-09-28 17:47 - 2015-09-28 18:05 - 00000000 ____D C:\Program Files (x86)\Canon
2015-09-21 15:55 - 2015-09-21 16:07 - 00000000 ____D C:\Philips
2015-09-21 15:55 - 2015-09-21 15:55 - 00000635 _____ C:\Windows\DirectX.log
2015-09-21 12:19 - 2015-09-21 12:36 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\MEGAsync
2015-09-21 11:16 - 2015-09-21 16:10 - 00000000 ___RD C:\Users\MaryAnn\Documents\MEGAsync
2015-09-21 11:16 - 2015-09-21 11:16 - 00000000 ____D C:\Users\MaryAnn\Documents\MEGA
2015-09-21 11:11 - 2015-09-21 11:11 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\Mega Limited
2015-09-21 11:10 - 2015-09-21 11:10 - 09983584 _____ (MEGA Limited) C:\Users\MaryAnn\Downloads\MEGAsyncSetup.exe
2015-09-15 10:08 - 2015-09-15 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 18:09 - 2014-09-16 18:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-13 18:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-13 17:54 - 2014-05-17 11:48 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-13 17:18 - 2014-05-17 11:14 - 01130519 _____ C:\Windows\WindowsUpdate.log
2015-10-13 17:11 - 2014-07-25 16:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C60893C6-B163-44F7-AB18-E737E9186912}
2015-10-13 17:09 - 2014-09-16 18:42 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-13 09:48 - 2014-07-25 16:39 - 00000000 __RDO C:\Users\MaryAnn\OneDrive
2015-10-13 09:48 - 2014-05-17 11:48 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-11 19:39 - 2014-09-16 19:19 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\CrashDumps
2015-10-09 21:06 - 2014-09-18 16:48 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 19:52 - 2014-07-25 16:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1428794892-2092620193-513533578-1001
2015-10-09 18:39 - 2015-06-26 20:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-09 18:39 - 2014-07-25 16:57 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\Adobe
2015-10-09 18:37 - 2014-04-14 07:41 - 00000000 ____D C:\ProgramData\Adobe
2015-10-09 18:10 - 2013-08-22 10:46 - 00039431 _____ C:\Windows\setupact.log
2015-10-09 18:10 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 18:09 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-09 10:47 - 2014-11-23 13:14 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-09 10:47 - 2014-11-23 13:14 - 00000000 ____D C:\Windows\system32\vbox
2015-10-08 22:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-08 22:49 - 2014-07-25 16:36 - 00000000 ____D C:\Users\MaryAnn\AppData\Local\Packages
2015-10-08 22:39 - 2014-09-16 19:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-08 22:39 - 2014-03-18 05:44 - 00932218 _____ C:\Windows\PFRO.log
2015-10-08 22:37 - 2014-09-17 17:05 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-08 22:37 - 2014-09-17 17:03 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-08 22:37 - 2014-09-17 17:03 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-08 22:37 - 2014-09-17 17:03 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-08 22:37 - 2014-09-17 17:03 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-08 22:37 - 2014-09-17 17:03 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-08 22:37 - 2014-09-17 17:03 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-08 22:37 - 2014-09-17 17:03 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-08 22:37 - 2014-09-17 17:03 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-08 19:21 - 2015-04-22 11:11 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-10-08 19:21 - 2014-09-30 18:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-08 19:18 - 2014-09-30 18:43 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-06 20:20 - 2014-09-20 19:58 - 00143360 ___SH C:\Users\MaryAnn\Documents\Thumbs.db
2015-10-06 10:30 - 2015-04-04 10:50 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-05 20:13 - 2015-04-04 10:50 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-05 20:13 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-04 17:55 - 2014-05-17 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-09-29 21:44 - 2015-05-28 00:16 - 00000000 ____D C:\Users\MaryAnn\.gimp-2.8
2015-09-29 20:47 - 2015-05-28 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-09-29 20:47 - 2014-05-17 11:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-29 20:00 - 2014-07-25 16:37 - 00000000 ____D C:\Users\MaryAnn\AppData\Roaming\Adobe
2015-09-28 18:05 - 2013-08-22 11:36 - 00000000 __RSD C:\Windows\Media
2015-09-26 10:55 - 2015-08-28 19:57 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 16:07 - 2014-04-14 07:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-21 15:59 - 2014-11-29 01:02 - 00000000 __SHD C:\Users\MaryAnn\AppData\Local\EmieBrowserModeList
2015-09-21 15:59 - 2014-07-25 16:41 - 00000000 __SHD C:\Users\MaryAnn\AppData\Local\EmieUserList
2015-09-21 15:59 - 2014-07-25 16:41 - 00000000 __SHD C:\Users\MaryAnn\AppData\Local\EmieSiteList
2015-09-15 10:49 - 2014-05-17 11:48 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 10:49 - 2014-05-17 11:48 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 10:09 - 2014-05-17 11:37 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-15 10:08 - 2015-07-13 18:04 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-09-15 10:08 - 2015-07-13 18:04 - 00001917 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-09-15 10:08 - 2015-07-13 18:04 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-14 21:18 - 2015-08-13 10:36 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-08-13 10:36 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-16 19:13 - 2014-09-16 19:13 - 0617369 _____ (ClickMeIn Limited) C:\Users\MaryAnn\AppData\Local\nsy6F8C.tmp
2015-09-29 21:44 - 2015-09-29 21:44 - 0000870 _____ () C:\Users\MaryAnn\AppData\Local\recently-used.xbel
2014-05-17 11:22 - 2014-05-17 11:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\MaryAnn\AppData\Local\Temp\1_flashplayer.exe
C:\Users\MaryAnn\AppData\Local\Temp\cli.exe
C:\Users\MaryAnn\AppData\Local\Temp\COMAP.EXE
C:\Users\MaryAnn\AppData\Local\Temp\instructionsGalgk4.exe
C:\Users\MaryAnn\AppData\Local\Temp\MSETUP4.EXE
C:\Users\MaryAnn\AppData\Local\Temp\oct85FE.tmp.exe
C:\Users\MaryAnn\AppData\Local\Temp\optprosetup.exe
C:\Users\MaryAnn\AppData\Local\Temp\post1.exe
C:\Users\MaryAnn\AppData\Local\Temp\post2.dll
C:\Users\MaryAnn\AppData\Local\Temp\post2.exe
C:\Users\MaryAnn\AppData\Local\Temp\Quarantine.exe
C:\Users\MaryAnn\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\MaryAnn\AppData\Local\Temp\System.Data.SQLite16192.dll
C:\Users\MaryAnn\AppData\Local\Temp\System.Data.SQLite30235.dll
C:\Users\MaryAnn\AppData\Local\Temp\System.Data.SQLite36672.dll
C:\Users\MaryAnn\AppData\Local\Temp\System.Data.SQLite42109.dll
C:\Users\MaryAnn\AppData\Local\Temp\System.Data.SQLite69269.dll
C:\Users\MaryAnn\AppData\Local\Temp\System.Data.SQLite92172.dll
C:\Users\MaryAnn\AppData\Local\Temp\tmp2149.exe
C:\Users\MaryAnn\AppData\Local\Temp\tmp34B6.exe
C:\Users\MaryAnn\AppData\Local\Temp\tmpAEF.exe
C:\Users\MaryAnn\AppData\Local\Temp\tmpAF5F.exe
C:\Users\MaryAnn\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-05 11:06

==================== End of FRST.txt ============================

mare_wbpa

Here's part 2.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by MaryAnn (2015-10-13 18:15:03)
Running from C:\Users\MaryAnn\Downloads
Windows 8.1 (X64) (2014-07-25 20:36:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1428794892-2092620193-513533578-500 - Administrator - Disabled)
Guest (S-1-5-21-1428794892-2092620193-513533578-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1428794892-2092620193-513533578-1003 - Limited - Enabled)
MaryAnn (S-1-5-21-1428794892-2092620193-513533578-1001 - Administrator - Enabled) => C:\Users\MaryAnn
SACNETDRIVEUSER01 (S-1-5-21-1428794892-2092620193-513533578-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
Dragons of Atlantis (HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: 1.1.5.54813 - Pokki)
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
Edgeworld (HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: 1.1.5.54816 - Pokki)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
FarmVille 2 (HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Goodgame Empire (HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: 1.1.4.56249 - Pokki)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Groupon (HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Pokki_893e2a8f4b240ed6d7def79e56791067c96f41be) (Version: 1.0.2.55621 - Pokki)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Outlook (HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Pokki_6d08a8275642ade9111e6660f734ff578dcfe9bc) (Version: 1.0.3.40220 - Pokki)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-1428794892-2092620193-513533578-1001\...\Pokki_Start_Menu) (Version: 0.269.3.181 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
SA30xx Media Converter (x32 Version: 1.0.0.1000 - Philips) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-10-2015 22:29:34 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {188472CC-7810-4DA3-AF55-5E11701A80E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-13] (Adobe Systems Incorporated)
Task: {3812A783-83A6-480C-AF00-E835A1E190F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4984AB52-1F52-4CC6-AA4E-04728FC749D9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {51D19849-32BD-4685-9C71-47C02AD4B5D9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {552D2C46-69AD-4EF0-B9A2-FA247F52DB89} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-08] (AVAST Software)
Task: {56EFA128-DBCE-4CCC-AA65-76084986E901} - \PastaQuotes -> No File <==== ATTENTION
Task: {6A26CBAC-B77F-4527-BB42-5EEB5289F6A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {90D7F1A5-6049-4A94-94AF-8986742C2226} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9F29C43A-2F6D-4A0C-9131-05DA8F2E0F3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A3E59B23-95CA-4BBA-B278-5DC392984658} - \Advanced System Protector_startup -> No File <==== ATTENTION
Task: {C78804C7-4F5E-4CFF-AEA0-66B0D2DD13E7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {DAA77209-83C8-4015-8927-23E4D308AA40} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {FD68B0B0-08CB-4C28-9414-285AD10EB2B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-03 16:30 - 2014-03-03 16:30 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-09-28 18:11 - 2012-03-27 23:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\MaryAnn\AppData\Local\MEGAsync\ShellExtX64.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-10-08 22:37 - 2015-10-08 22:37 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-08 22:37 - 2015-10-08 22:37 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-08 18:24 - 2015-10-08 18:24 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100802\algo.dll
2015-10-09 18:12 - 2015-10-09 18:12 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15100901\algo.dll
2015-10-12 20:19 - 2015-10-12 20:19 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101202\algo.dll
2015-10-08 22:37 - 2015-10-08 22:37 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MaryAnn\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1428794892-2092620193-513533578-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MaryAnn\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.2.1 - 24.229.54.212
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C0FB46A5-6755-4EEE-9682-FDF030E8A089}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{C78DB251-E935-4E81-A8D2-BDC2549C5A3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A28B27D-5D26-4014-BBF2-7E6F8FF5C214}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DF22075D-40AD-4849-A97C-1E44D164B973}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D3BD2C86-EF2E-418D-B3C0-DEF3732534AE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9D1192B2-CB1A-4CF7-85F1-35CBB0CF33DB}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
FirewallRules: [{F6EC79F0-6970-4A9F-9142-F320C3B19E21}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
FirewallRules: [{89CEA7F9-00B0-4824-8FFD-0BD3D6F6E6C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BB8857C-0DBF-4DDE-BDEE-213867F7C0D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B4F1289-3626-48B0-99B6-EAB621802043}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4E01C92-CC43-4B42-95D7-2B63D59C2609}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{052FB9B0-0DBA-4133-A57C-38C16FCB44B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C857AB9F-3DE4-42D2-968D-3B956D14B368}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9DFAC0BF-F513-4EB7-A079-881AAE5E97C7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8D50EE5E-3313-42AE-BF41-BA57EA13B592}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2015 05:55:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FlashPlayerPlugin_19_0_0_185.exe version 19.0.0.185 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e88

Start Time: 01d1053068c08205

Termination Time: 15

Application Path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe

Report Id: e527af00-712b-11e5-829c-f8a9637b4579

Faulting package full name:

Faulting package-relative application ID:

Error: (10/11/2015 07:39:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.1.5750 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1440

Start Time: 01d1043890e4f21a

Termination Time: 115

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 421acd34-7071-11e5-829c-f8a9637b4579

Faulting package full name:

Faulting package-relative application ID:

Error: (10/11/2015 07:39:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.1.5750, time stamp: 0x560b37be
Faulting module name: mozglue.dll, version: 41.0.1.5750, time stamp: 0x560b229d
Exception code: 0x80000003
Fault offset: 0x0000ec7f
Faulting process id: 0x15c0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (10/11/2015 06:11:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1063

Error: (10/11/2015 06:11:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1063

Error: (10/11/2015 06:11:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2015 06:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20146391

Error: (10/11/2015 06:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20146391

Error: (10/11/2015 06:11:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2015 12:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2141


System errors:
=============
Error: (10/10/2015 10:12:54 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (10/09/2015 06:11:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Klip Pal service failed to start due to the following error:
%%2

Error: (10/08/2015 10:41:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Klip Pal service failed to start due to the following error:
%%2

Error: (10/05/2015 10:24:48 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.2

Error: (10/05/2015 10:24:48 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.2

Error: (10/05/2015 10:24:48 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.2

Error: (10/05/2015 10:24:48 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.2

Error: (10/05/2015 10:24:48 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.2

Error: (10/05/2015 10:24:48 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.2

Error: (10/05/2015 10:24:48 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.2


CodeIntegrity:
===================================
  Date: 2015-08-24 16:41:27.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3530 @ 2.16GHz
Percentage of memory in use: 28%
Total physical RAM: 8077.84 MB
Available physical RAM: 5811.39 MB
Total Virtual: 9357.84 MB
Available Virtual: 6861.64 MB

==================== Drives ================================

Drive c: (TI10695300B) (Fixed) (Total:455.78 GB) (Free:380.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

mare_wbpa

Security check.

Results of screen317's Security Check version 1.010 --- 10/01/15 
   x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Windows Defender   
avast! Antivirus   
Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
Adobe Flash Player    19.0.0.207 
Mozilla Firefox (41.0.1)
Google Chrome (45.0.2454.101)
Google Chrome (45.0.2454.99)
````````Process Check: objlist.exe by Laurent````````[/u] 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

Corrine

Let's see what we an do to get your problem solved.

1.  Go to installed programs and unintall ConvertAd. Added to FRST script since unable to uninstall.

2.  Please do the following to run FRST: 

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.

start
CreateRestorePoint:
CloseProcesses:
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => No File
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 Util Klip Pal; "C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe" [X]
Task: {56EFA128-DBCE-4CCC-AA65-76084986E901} - \PastaQuotes -> No File <==== ATTENTION
Task: {A3E59B23-95CA-4BBA-B278-5DC392984658} - \Advanced System Protector_startup -> No File <==== ATTENTION
EmptyTemp:
end

  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
3.  Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin.  Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
4.  Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

mare_wbpa

I tried to uninstall Convert Ad and a windo opened telling me that it "may have already been uninstalled.  Would you like to remove Convert Ad from Programs and Features list."

Corrine

Hold on.  I'll update the script to add it and that will take care of it.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Done!  Ok, if you already copied the script and saved it as fixlist.txt, delete the file you saved and make a new copy of the code above which now includes ConvertAd.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

mare_wbpa

I'm confused by your 2nd post today asking if I was done. I haven't done anything til just now. I just tried to uninstall Convert Ad again and got the same window with the same message.  Am I missing something?

winchester73

Corrine wanted to make sure you hadn't done the second step (running the script in FRST) yet.  She edited what is in the box to remove ConvertAd since you were unable to uninstall it manually.  The "Done!" comment was a follow up to the "Hold on" in the previous post.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Corrine

Sorry for the confusion -- yes, it was me who was "done".  :)  Please return to my instructions above.  Skip #1 and start with #2.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

mare_wbpa

So sorry.  I misunderstood.  I get it now. I think I read the last one before the one with instructions about the Code.  I'm working on it. Thanks for being patient.

Corrine



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

mare_wbpa

Here's what I have.  I won't go an further til I hear from you in case I have to re do it.

Fix result of Farbar Recovery Scan Tool (x64) Version:16-10-2015
Ran by MaryAnn (2015-10-16 18:05:02) Run:2
Running from C:\Users\MaryAnn\Downloads
Loaded Profiles: MaryAnn (Available Profiles: MaryAnn)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
HKLM\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => No File
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 Util Klip Pal; "C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe" [X]
Task: {56EFA128-DBCE-4CCC-AA65-76084986E901} - \PastaQuotes -> No File <==== ATTENTION
Task: {A3E59B23-95CA-4BBA-B278-5DC392984658} - \Advanced System Protector_startup -> No File <==== ATTENTION
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL" => Value data not found.
"c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" => Value data not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Folder not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
HKU\S-1-5-21-1428794892-2092620193-513533578-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
Util Klip Pal => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56EFA128-DBCE-4CCC-AA65-76084986E901} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3E59B23-95CA-4BBA-B278-5DC392984658} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => key not found.
EmptyTemp: => 10.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:07:42 ====