Hello, I was running Google Chrome and when browsing a website came across a message from Interpol saying I have to pay Interpol £100 to unlock Chrome. I suspect this to be a virus from internet research, in any case Chrome now refuses to run and I am nervous of the virus still being on my system. I'd be grateful for any advice from you about how to check my system for this virus and/or other relating viruses.
My Internet Explorer is currently working.
Many thanks for your help!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Toshiba-laptop (administrator) on TOSHIBA on 30-05-2015 10:18:39
Running from C:\Users\Toshiba-laptop\Desktop
Loaded Profiles: Toshiba-laptop (Available Profiles: Toshiba-laptop)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Flux Software LLC) C:\Users\Toshiba-laptop\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Toshiba-laptop\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4521272 2015-04-27] (iolo technologies, LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-03] (Avast Software s.r.o.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-30] (CyberLink Corp.)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [f.lux] => C:\Users\Toshiba-laptop\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [GoogleChromeAutoLaunch_A20EA583DEF46BFA013087ED20694C35] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [Spotify Web Helper] => C:\Users\Toshiba-laptop\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
AppInit_DLLs-x32: AirfoilInjector_3_7.dll => "AirfoilInjector_3_7.dll" File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-03] (Avast Software s.r.o.)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-967705235-186355052-2569062438-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-967705235-186355052-2569062438-1001 -> DefaultScope {B2D96509-5650-4F69-AE4B-05D226BF4373} URL =
SearchScopes: HKU\S-1-5-21-967705235-186355052-2569062438-1001 -> {B2D96509-5650-4F69-AE4B-05D226BF4373} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-03] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-03] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-31] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-03]
Chrome:
=======
CHR Profile: C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-31]
CHR Extension: (Google Docs) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-31]
CHR Extension: (Google Drive) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (Rapport) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-31]
CHR Extension: (YouTube) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-31]
CHR Extension: (Adblock Plus) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-04-03]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-03-31]
CHR Extension: (Google Search) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (Avast SafePrice) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-17]
CHR Extension: (Google Sheets) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-31]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-03-31]
CHR Extension: (Bookmark Manager) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Avast Online Security) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-31]
CHR Extension: (G.lux) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinolicfmhnjadpggledmhnffommefaf [2015-03-31]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-03-31]
CHR Extension: (Hangouts) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Hangouts) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-03-31]
CHR Extension: (Google Wallet) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-31]
CHR Extension: (Gmail) - C:\Users\Toshiba-laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKU\S-1-5-21-967705235-186355052-2569062438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-03] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-03] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-03] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4676408 2015-04-27] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2214168 2015-05-08] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-03] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-03] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-03] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-22] (Microsoft Corporation)
R1 RapportCerberus_1412097; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412097.sys [910872 2015-05-18] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-08] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-08] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-08] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-08] (IBM Corp.)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2015-03-23] (EldoS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-03] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-02] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-30] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-30 10:18 - 2015-05-30 10:18 - 00019400 _____ () C:\Users\Toshiba-laptop\Desktop\FRST.txt
2015-05-30 10:18 - 2015-05-30 10:18 - 00000000 ____D () C:\FRST
2015-05-30 10:17 - 2015-05-30 10:16 - 02108928 _____ (Farbar) C:\Users\Toshiba-laptop\Desktop\FRST64.exe
2015-05-30 10:16 - 2015-05-30 10:16 - 02108928 _____ (Farbar) C:\Users\Toshiba-laptop\Downloads\FRST64.exe
2015-05-29 20:45 - 2015-05-29 20:46 - 231301114 _____ () C:\Users\Toshiba-laptop\Documents\Agents.of.SHIELD.S01E09_findvideo.biz.mp4
2015-05-29 20:01 - 2015-05-29 20:02 - 288790331 _____ () C:\Users\Toshiba-laptop\Documents\Agents.of.SHIELD.S01E08_findvideo.biz.mp4
2015-05-24 23:29 - 2015-05-24 23:29 - 00002182 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 15.lnk
2015-05-24 23:29 - 2015-05-24 23:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 15
2015-05-24 23:27 - 2015-05-24 23:27 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-05-20 11:01 - 2015-05-20 11:01 - 00762368 _____ () C:\Users\Toshiba-laptop\Desktop\fem_1112.xls
2015-05-20 11:01 - 2015-05-20 11:01 - 00673792 _____ () C:\Users\Toshiba-laptop\Desktop\fem_1011_revised2.xls
2015-05-20 11:00 - 2015-05-20 11:00 - 00878592 _____ () C:\Users\Toshiba-laptop\Desktop\fraud-and-error-in-the-benefit-system-2012-13_estimates.xls
2015-05-20 11:00 - 2015-05-20 11:00 - 00318101 _____ () C:\Users\Toshiba-laptop\Desktop\FEMA_Tables_1415P-v2.xlsx
2015-05-20 10:59 - 2015-05-20 10:59 - 00449536 _____ () C:\Users\Toshiba-laptop\Desktop\Tables_FEMA_1314.xls
2015-05-18 19:55 - 2015-05-18 19:55 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2015-05-18 19:55 - 2015-05-18 19:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2015-05-17 11:10 - 2015-05-18 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-05-17 11:10 - 2015-05-17 11:10 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Local\Trusteer
2015-05-17 11:10 - 2015-05-17 11:10 - 00000000 ____D () C:\Program Files (x86)\Trusteer
2015-05-17 11:10 - 2015-05-08 17:25 - 00375128 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-05-17 11:10 - 2015-05-08 17:25 - 00121208 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-05-17 11:09 - 2015-05-17 11:09 - 00436504 _____ (IBM Corp.) C:\Users\Toshiba-laptop\Desktop\RapportSetup.exe
2015-05-17 11:09 - 2015-05-17 11:09 - 00000000 ____D () C:\ProgramData\Trusteer
2015-05-14 18:49 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-14 18:49 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 21:36 - 2015-05-24 23:32 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\CyberLink
2015-05-13 21:36 - 2015-05-13 21:38 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-05-13 21:36 - 2015-05-13 21:36 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\CyberLink
2015-05-13 21:36 - 2015-05-13 21:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-13 21:34 - 2015-05-24 23:29 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Local\CyberLink
2015-05-13 21:34 - 2015-05-13 21:34 - 00000000 ____D () C:\ProgramData\PDVD
2015-05-13 21:33 - 2015-05-24 23:27 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-05-13 21:33 - 2015-05-13 21:33 - 00000000 ____D () C:\ProgramData\install_clap
2015-05-13 21:32 - 2015-05-24 23:24 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-13 21:32 - 2015-05-13 21:32 - 01209192 _____ (CyberLink) C:\Users\Toshiba-laptop\Desktop\CyberLink_PowerDVD_Downloader.exe
2015-05-13 21:21 - 2015-05-13 21:21 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\sMedio
2015-05-13 21:21 - 2015-05-13 21:21 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\dvdcss
2015-05-12 22:23 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:23 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:35 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 18:35 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 18:35 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 18:34 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 18:34 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 18:34 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 18:34 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 18:34 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 18:34 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 18:34 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 18:34 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 18:34 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 18:34 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 18:34 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 18:34 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 18:34 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 18:34 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 18:34 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 18:34 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 18:34 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 18:34 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 18:34 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 18:34 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 18:34 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 18:34 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 18:34 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 18:34 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 18:34 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 18:34 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 18:34 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 18:34 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 18:34 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 18:34 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 18:34 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 18:34 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 18:34 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 18:34 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 18:34 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 18:34 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 18:34 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 18:34 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 18:34 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 18:34 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 18:34 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 18:34 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 18:34 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 18:34 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 18:34 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 18:34 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 18:34 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 18:34 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 18:34 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 18:34 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 18:34 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 18:34 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 18:34 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 18:34 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 18:34 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 18:34 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 18:34 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 18:34 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 18:34 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 18:34 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 18:34 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 18:34 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 18:34 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 18:34 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 18:34 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 18:34 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 18:34 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 18:34 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 18:34 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 18:34 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 18:34 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 18:34 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 18:34 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-10 16:13 - 2015-05-10 16:55 - 00008704 _____ () C:\Users\Toshiba-laptop\Desktop\CA expenditure & caseload.xls
2015-05-10 16:08 - 2015-05-10 16:08 - 01120249 _____ () C:\Users\Toshiba-laptop\Desktop\Outturn-and-forecast-Budget-2015.xlsx
2015-05-06 17:43 - 2015-05-06 17:46 - 00031744 _____ () C:\Users\Toshiba-laptop\Documents\150506 Bills joe.xls
2015-05-06 17:42 - 2015-05-06 17:42 - 00044544 _____ () C:\Users\Toshiba-laptop\Documents\150405 Bills joe DA.xls
2015-05-02 13:30 - 2015-05-15 22:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-02 13:30 - 2015-05-15 22:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-02 13:30 - 2015-05-12 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-30 19:56 - 2015-04-27 10:16 - 02142520 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-30 10:17 - 2015-04-02 00:35 - 01336022 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-30 10:05 - 2015-03-31 22:31 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\vlc
2015-05-30 10:04 - 2014-11-22 02:01 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-30 10:00 - 2015-04-02 08:13 - 00000000 ___DO () C:\Users\Toshiba-laptop\OneDrive
2015-05-30 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-30 09:59 - 2015-04-02 00:32 - 00000000 ____D () C:\Users\Toshiba-laptop
2015-05-30 09:59 - 2015-03-31 22:24 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 09:59 - 2013-08-22 15:46 - 00292266 _____ () C:\WINDOWS\setupact.log
2015-05-30 09:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-30 09:34 - 2015-03-31 22:24 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 05:05 - 2015-04-03 05:34 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EAC0E400-71B2-4028-B99A-104530FA0E22}
2015-05-30 05:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-30 04:59 - 2015-04-01 22:05 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Roaming\Spotify
2015-05-29 22:19 - 2015-04-04 12:39 - 00103729 _____ () C:\Users\Toshiba-laptop\Documents\tasks1.odt
2015-05-29 18:24 - 2015-04-01 22:05 - 00000000 ____D () C:\Users\Toshiba-laptop\AppData\Local\Spotify
2015-05-25 21:42 - 2015-03-30 11:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-967705235-186355052-2569062438-1001
2015-05-25 21:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-25 19:35 - 2015-03-31 22:24 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 23:29 - 2012-11-28 00:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-24 23:25 - 2014-11-21 17:51 - 00039874 _____ () C:\WINDOWS\PFRO.log
2015-05-24 14:38 - 2015-04-03 06:10 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup
2015-05-23 11:16 - 2015-04-04 12:40 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\Budget
2015-05-22 15:30 - 2015-04-04 12:40 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\Pass
2015-05-21 20:20 - 2015-04-02 01:18 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-21 20:20 - 2015-04-02 01:18 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-21 20:20 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 11:03 - 2015-04-05 14:19 - 00032256 ___SH () C:\Users\Toshiba-laptop\Desktop\Thumbs.db
2015-05-16 11:29 - 2015-03-31 22:24 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 11:29 - 2015-03-31 22:24 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 22:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-15 22:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 22:05 - 2013-08-22 15:44 - 00362544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 22:05 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 21:33 - 2015-04-03 05:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-13 17:45 - 2015-04-03 05:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 22:23 - 2015-03-31 22:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 22:21 - 2015-03-31 22:35 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-12 22:20 - 2014-11-22 01:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-08 14:50 - 2015-04-19 18:42 - 00000000 ____D () C:\download
2015-05-08 05:09 - 2015-04-04 12:40 - 00000000 ____D () C:\Users\Toshiba-laptop\Documents\Batman
2015-05-05 18:59 - 2015-04-03 05:41 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2015-04-03 05:41 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-30 20:12 - 2015-04-03 05:50 - 00000000 ____D () C:\ProgramData\iolo
2015-04-30 19:56 - 2015-04-03 05:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-04-30 19:55 - 2015-04-03 05:51 - 00003118 _____ () C:\WINDOWS\System32\Tasks\iolo Process Governor
2015-04-30 19:55 - 2015-04-03 05:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-04-30 19:55 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-20 18:12
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Toshiba-laptop at 2015-05-30 10:19:13
Running from C:\Users\Toshiba-laptop\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-967705235-186355052-2569062438-500 - Administrator - Disabled)
Guest (S-1-5-21-967705235-186355052-2569062438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-967705235-186355052-2569062438-1005 - Limited - Enabled)
Toshiba-laptop (S-1-5-21-967705235-186355052-2569062438-1001 - Administrator - Enabled) => C:\Users\Toshiba-laptop
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Airfoil (HKLM-x32\...\Airfoil) (Version: 3.6.5 - Rogue Amoeba)
AMD Catalyst Install Manager (HKLM\...\{97F61E19-8AE5-28D8-1A79-EB1497596A43}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.3 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
f.lux (HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Flux) (Version: - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.2 - iolo technologies, LLC)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{2EF76291-8647-46F0-89D8-0AA8B72A5420}) (Version: 12.0.00600 - Nero AG)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Rapport (x32 Version: 3.5.1412.158 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-967705235-186355052-2569062438-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.158 - Trusteer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
13-05-2015 21:33:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-05-2015 11:10:14 Installed Rapport
18-05-2015 19:55:24 Installed Rapport
21-05-2015 20:20:13 Windows Update
28-05-2015 21:50:44 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {066E05F0-3CF3-4F06-AD56-B30BB3BD472F} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {13213E5E-D5F0-4CFC-BED2-76BDF8D39CF7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-03] (Avast Software s.r.o.)
Task: {20AEEA1B-D538-4391-9598-D85A7A6661ED} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-04-27] (iolo technologies, LLC)
Task: {2C270434-2A98-42B3-8838-4FB60568FDB7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {345839DF-928D-4948-9954-04E5681B6292} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {587FD855-94C2-49AE-8C50-0609183D0E44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {84C5D30E-18A1-4679-9212-22309FCE827B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {9672ABBF-8550-4CD0-ACD8-CD184AB072CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {AA7315B0-9A6D-409F-AA75-326C4F41556D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CB773349-7D8E-4225-AE5B-45D93F8A9FC3} - System32\Tasks\iolo DelOnReboot => cmd.exe /c del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {F0E6AE60-238F-473B-A18C-CF3BB81617D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {F34018F4-CF97-420B-BB2C-BDCCA7D2861E} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 20:13 - 2012-08-13 20:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2015-01-27 13:18 - 2015-01-27 13:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2015-04-03 05:59 - 2015-04-03 05:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-03 05:59 - 2015-04-03 05:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-30 09:42 - 2015-05-30 09:42 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053000\algo.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-05-25 19:35 - 2015-05-22 21:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 19:35 - 2015-05-22 21:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-04-03 05:59 - 2015-04-03 05:59 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-24 23:28 - 2015-03-30 10:09 - 00867592 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
2015-05-24 23:28 - 2013-12-10 12:31 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
2015-05-24 23:28 - 2013-12-10 12:31 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
2015-05-24 23:28 - 2013-12-10 12:31 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
2015-05-24 23:28 - 2013-12-10 12:31 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
2013-03-01 03:48 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Toshiba-laptop\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-967705235-186355052-2569062438-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Toshiba-laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C7A8CC79-C0A3-494F-850B-E3DB4796BD03}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3068C748-FC9E-4DEB-AAC7-4DA25CBA338E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4ADECCC7-EA69-4BC7-BB2D-BDD158E1489D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D00A890D-3F46-4399-802A-9917BAA7F4E9}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{F80B71E2-C261-4AE7-B522-A6F32C0948F3}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{CCF8394C-F32C-4AE6-B7DD-49F19C477DBE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{BF4D3990-89C2-4F46-9825-BD2701873E30}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{37A13F5A-0E0E-4558-A760-B53E6C107E52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7005B827-8EAD-443C-9F79-7AD969623E61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{926CFA85-1A94-484B-9A1B-CB89656E1038}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B8C1448C-7BBE-467C-8B1A-3D3DB3A4BCA3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{2E38FCB4-ADDD-4F31-BE4F-C8EF2A9BB283}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{511398FC-150D-45AA-AFFF-01BB71E89ADA}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{64853AFA-A82D-47FD-94F2-66BE65594EAB}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe
FirewallRules: [UDP Query User{49B89E46-3952-4934-B2BA-BB68BF2B50C1}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe
FirewallRules: [TCP Query User{AAC4C27E-37F0-4EA4-89AF-6427DDC4C90A}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FBFEF647-A782-467B-8698-50CE26219B5E}C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\toshiba-laptop\appdata\roaming\spotify\spotify.exe
FirewallRules: [{61DB5DC8-B34A-45D0-8E45-BBB0D11112D4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{2C99AFE1-B1F2-4FE1-B6DE-234BF01B1438}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{066A0B2C-49B2-419A-9A0B-32B1F6C3FB47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{F832E625-D453-4AC3-9422-4A99931DE656}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{EFD63964-FBCC-433C-B88B-E9AE959A0099}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{2C49D439-8359-4D00-9D8C-5C9A2AF5D470}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
System errors:
=============
Error: (05/30/2015 09:59:32 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
Error: (05/30/2015 09:59:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:42:20 on 30/05/2015 was unexpected.
Error: (05/24/2015 00:11:27 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.6 with the system
having network hardware address 2C-54-CF-FE-73-5D. Network operations on this system may
be disrupted as a result.
Error: (05/20/2015 10:58:29 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74
Error: (05/19/2015 05:29:07 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74
Error: (05/18/2015 07:54:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062
Error: (05/18/2015 05:51:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74
Error: (05/17/2015 06:35:48 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter, {1905A849-A9C0-4832-8784-501910459F03}, had event 74
Error: (05/17/2015 00:39:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (05/17/2015 00:03:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Microsoft Office:
=========================
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/30/2015 10:13:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
==================== Memory info ===========================
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16336.22 MB
Available physical RAM: 13702.59 MB
Total Pagefile: 18768.22 MB
Available Pagefile: 15937.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (TI31027000A) (Fixed) (Total:100.21 GB) (Free:38.86 GB) NTFS
Drive e: (TI31027000A) (Fixed) (Total:687.84 GB) (Free:531.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================