Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Infection- Pop ups, redirects, irregular fonts & more.

Started by andrea22 , May 19 2016 03:15 AM

Please log in to reply

#1
andrea22

Posted 19 May 2016 - 03:15 AM

Member

Member
139 posts

I seem to have a malware problem. Firefox is randomly 'not responding', fonts on random web pages are overlapping and different sizes, pop-ups galore, numerous redirects. I took this laptop to a local guy recently and it's worse since he fiddled with it. I had a hacking scare and the bank made me take it to someone who could provide a receipt (this is the only way they would unfreeze my accounts). He installed java which I'd never had. Anyway- logs attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-05-2016
Ran by Celia (administrator) on CELIA-PC (19-05-2016 18:21:14)
Running from C:\Users\Celia\Downloads\Programs Etc
Loaded Profiles: Celia (Available Profiles: Celia)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Fuji Xerox Co., Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Irfan Skiljan) C:\Program Files\IrfanView\i_view32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Fuji Xerox\BrStMonW.exe [4513280 2014-06-17] (Fuji Xerox Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [Dropbox Update] => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-02] (Avast Software s.r.o.)
Startup: C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{73FE20E9-1391-44F4-9EB4-2B112372BCE1}: [DhcpNameServer] 192.168.2.1 192.168.0.1
Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [NameServer] 208.67.222.222,4.2.2.1
Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: [DhcpNameServer] 10.5.133.45 10.5.136.242

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-05] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-05-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-31] (Apple Inc.)
FF Extension: NoSquint - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\extensions\[email protected] [2016-05-02]
FF Extension: LavaFox V2-Blue - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-04-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-01-13]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-07-02] (Avast Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2014-05-26] (Fuji Xerox Co., Ltd.) [File not signed]
S4 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S4 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-29] (TOSHIBA Corporation)
S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-06] (TOSHIBA Corporation)
S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-10-31] (TOSHIBA Corporation)
S4 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24144 2015-07-02] ()
R1 aswKbd; C:\windows\system32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [74976 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81728 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49904 2015-07-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787760 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [428120 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [106912 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [209048 2015-07-02] ()
R3 enecirhid; C:\windows\System32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
R3 enecirhidma; C:\windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 mod7700; C:\windows\System32\Drivers\dvb7700all.sys [626688 2009-06-12] (DiBcom)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-02] (Avast Software)
S3 ZTEusbnet; C:\windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-12-28] (ZTE Corporation)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Celia\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 18:19 - 2016-05-19 18:21 - 00000000 ____D C:\FRST
2016-05-17 13:59 - 2016-05-17 15:04 - 00000000 ____D C:\Users\Celia\Downloads\Paypal Statements
2016-05-16 10:09 - 2016-05-16 10:09 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 09:49 - 2016-04-14 23:49 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-05-11 09:49 - 2016-04-09 16:54 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-05-11 09:49 - 2016-04-09 15:40 - 02397696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-05-11 09:49 - 2016-04-09 14:20 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-05-11 09:48 - 2016-04-24 02:24 - 00346312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-05-11 09:48 - 2016-04-23 14:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-05-11 09:48 - 2016-04-23 14:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-05-11 09:48 - 2016-04-23 14:11 - 20350464 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-05-11 09:48 - 2016-04-23 14:08 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-05-11 09:48 - 2016-04-23 14:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-05-11 09:48 - 2016-04-23 14:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-05-11 09:48 - 2016-04-23 14:07 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-05-11 09:48 - 2016-04-23 14:07 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-05-11 09:48 - 2016-04-23 14:04 - 02285568 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-05-11 09:48 - 2016-04-23 14:02 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-05-11 09:48 - 2016-04-23 14:01 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-05-11 09:48 - 2016-04-23 13:59 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-05-11 09:48 - 2016-04-23 13:58 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-05-11 09:48 - 2016-04-23 13:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-05-11 09:48 - 2016-04-23 13:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-05-11 09:48 - 2016-04-23 13:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-05-11 09:48 - 2016-04-23 13:53 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-05-11 09:48 - 2016-04-23 13:50 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-05-11 09:48 - 2016-04-23 13:45 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 09:48 - 2016-04-23 13:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-05-11 09:48 - 2016-04-23 13:43 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-05-11 09:48 - 2016-04-23 13:41 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-05-11 09:48 - 2016-04-23 13:40 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-05-11 09:48 - 2016-04-23 13:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-05-11 09:48 - 2016-04-23 13:36 - 04611072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-05-11 09:48 - 2016-04-23 13:33 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-05-11 09:48 - 2016-04-23 13:31 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-05-11 09:48 - 2016-04-23 13:31 - 00689664 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-05-11 09:48 - 2016-04-23 13:30 - 02056192 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-05-11 09:48 - 2016-04-23 13:30 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-05-11 09:48 - 2016-04-23 13:26 - 13811200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-05-11 09:48 - 2016-04-23 13:12 - 02121216 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-05-11 09:48 - 2016-04-23 13:09 - 01312256 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-05-11 09:48 - 2016-04-23 13:07 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-05-11 09:48 - 2016-04-09 16:54 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-05-11 09:48 - 2016-04-06 20:36 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-05-11 09:48 - 2016-03-10 04:34 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-05-11 09:31 - 2016-04-09 16:59 - 03998952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-05-11 09:31 - 2016-04-09 16:59 - 03943144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-05-11 09:31 - 2016-04-09 16:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-05-11 09:31 - 2016-04-09 16:59 - 00067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-05-11 09:31 - 2016-04-09 16:57 - 01310528 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 01062400 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00260608 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-05-11 09:31 - 2016-04-09 16:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-05-11 09:31 - 2016-04-09 15:42 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-05-11 09:31 - 2016-04-09 15:42 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-05-11 09:31 - 2016-04-09 15:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-05-11 09:31 - 2016-04-09 15:42 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-05-11 09:31 - 2016-04-09 15:42 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-05-11 09:31 - 2016-04-09 15:40 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-05-11 09:31 - 2016-04-09 15:38 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-05-11 09:31 - 2016-04-09 15:38 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-05-11 09:31 - 2016-04-09 15:38 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-05-11 09:31 - 2016-04-09 15:37 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-05-11 09:31 - 2016-04-09 15:37 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-05-11 09:31 - 2016-04-09 15:37 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-05-11 09:31 - 2016-04-09 15:37 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-05-11 09:29 - 2016-04-09 16:59 - 00730344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-05-11 09:29 - 2016-04-09 16:59 - 00218856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-05-11 09:29 - 2016-04-09 16:54 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 18:21 - 2013-10-01 23:54 - 00000000 ____D C:\Users\Celia\Downloads\Programs Etc
2016-05-19 18:16 - 2015-06-18 21:06 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job
2016-05-19 17:25 - 2010-07-03 17:13 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 17:24 - 2012-08-21 08:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-19 16:56 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-19 16:56 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-19 10:16 - 2015-06-18 21:06 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job
2016-05-19 09:24 - 2010-07-03 17:13 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-18 17:21 - 2015-04-01 11:21 - 00000000 ___RD C:\Users\Celia\Dropbox
2016-05-18 17:18 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-17 09:35 - 2013-10-01 23:36 - 00000000 ____D C:\Users\Celia\Downloads\My WAC
2016-05-16 10:13 - 2013-10-01 23:54 - 00000000 ____D C:\Users\Celia\Downloads\Business Reg and Dealer Licence
2016-05-16 10:09 - 2015-04-01 11:16 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Dropbox
2016-05-13 09:47 - 2014-12-12 08:59 - 00000000 ____D C:\windows\system32\appraiser
2016-05-12 20:39 - 2016-02-14 09:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-11 16:23 - 2009-07-14 12:37 - 00000000 ____D C:\windows\rescache
2016-05-11 14:24 - 2010-04-30 08:20 - 00916538 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-11 14:24 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
2016-05-11 14:16 - 2009-07-14 14:33 - 00455728 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-11 14:13 - 2009-07-14 17:49 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 10:28 - 2013-07-16 18:14 - 00000000 ____D C:\windows\system32\MRT
2016-05-11 10:18 - 2010-05-26 22:14 - 136686448 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-05-07 14:07 - 2014-03-29 18:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-07 14:07 - 2012-05-17 13:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-06 09:07 - 2015-04-15 01:27 - 00000000 ___SD C:\windows\system32\GWX
2016-04-21 15:05 - 2010-05-23 14:57 - 00374944 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2010-05-22 11:01 - 2010-05-22 11:01 - 127951849 _____ () C:\Program Files\openofficeorg1.cab
2010-05-22 11:05 - 2010-05-22 11:05 - 3093504 _____ () C:\Program Files\openofficeorg32.msi
2010-05-22 10:13 - 2010-05-22 10:13 - 0000290 _____ () C:\Program Files\setup.ini
2011-01-17 12:33 - 2014-04-16 20:55 - 0006144 _____ () C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-14 20:29 - 2010-12-14 20:29 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Celia\AppData\Local\Temp\libeay32.dll
C:\Users\Celia\AppData\Local\Temp\msvcr120.dll
C:\Users\Celia\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-18 16:37

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-05-2016
Ran by Celia (2016-05-19 18:23:42)
Running from C:\Users\Celia\Downloads\Programs Etc
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2010-05-23 04:09:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3979224096-2494383751-3139044533-500 - Administrator - Disabled)
Celia (S-1-5-21-3979224096-2494383751-3139044533-1005 - Administrator - Enabled) => C:\Users\Celia
Guest (S-1-5-21-3979224096-2494383751-3139044533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3979224096-2494383751-3139044533-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Pixlr (HKLM\...\Autodesk Pixlr) (Version: 1.0.3.0 - Autodesk)
Autodesk Pixlr (Version: 1.0.3.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DocuPrint P115 w (HKLM\...\{92EA7FDC-323F-406F-BEE9-601B8EB1E209}) (Version: 1.0.0.0 - Fuji Xerox)
Dolby Control Center (HKLM\...\{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}) (Version: 2.2.1 - Dolby)
Dropbox (HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
ENE CIR Receiver Driver (HKLM\...\D751CB2FD39EE07639D08542EEF9BF77AD1D9696) (Version: 2.7.4.1 - ENE)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
InterVideo WinDVD BD for TOSHIBA (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.153 - InterVideo Inc.)
InterVideo WinDVD BD for TOSHIBA (Version: 8.0.20.153 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 46.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-GB)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Telstra Mobile Broadband Manager (HKLM\...\Telstra Mobile Broadband Manager) (Version: 3.0.514 - Telstra)
Telstra Mobile Broadband Manager (Version: 3.0.514 - Telstra) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.12 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.05.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.07.32 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1.0 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.32 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden
Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B38A649-9F1E-4712-8144-F630B3FFA3EF} - System32\Tasks\{2B304DAF-75E8-4FD3-B03F-39DF58D79679} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12002
Task: {100C92C3-AE05-4B8A-A7D6-B268F8483060} - System32\Tasks\{FB271578-E767-4C96-91CE-B4C000C33CAE} => pcalua.exe -a C:\Users\Celia\Documents\erunt\ERUNT.EXE -d C:\Users\Celia\Documents\erunt
Task: {20E58FCF-A260-45C3-94C0-A9E72DBF7C83} - System32\Tasks\{55F00A89-B569-4BDD-8552-B5975366E7C1} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12007
Task: {31CFACD6-DBED-4CDF-B6DA-8233C9BA6C16} - System32\Tasks\{54B69217-9D97-4C3E-A327-3C9D6F79C5B5} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12002
Task: {35086492-74B9-4CE1-A89C-4A79505A5523} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-23] (Adobe Systems Incorporated)
Task: {439B1BB6-027E-4252-A0D4-20F91E4231FF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-14] (Adobe Systems Incorporated)
Task: {478E14C3-B8CC-4F1A-9EAD-48BC6ED82405} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {49E12645-39F8-47B5-A988-DC9DCCB4C5FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {50EA36FF-C896-4BA6-9921-0C2B86B61EEF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-09] (AVAST Software)
Task: {558A8A80-5ABD-4AB2-A9A0-FD934894F016} - System32\Tasks\{A73BF785-3482-41CB-9F03-987DDC76B215} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12007
Task: {678AF2BF-115A-4B36-8764-F808D8F8CC3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {78206B44-8E2D-49BA-85F4-1BEA4E218FA8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-29] (TOSHIBA CORPORATION)
Task: {7E6B6E1A-4C4A-49FE-A76E-CCB4CF2AE46D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8DE0F58E-5167-426E-9CAA-AE001F7FF8E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-06] (Avast Software s.r.o.)
Task: {8F811ACF-3913-4EAA-BAE9-1B32CA4DFFFF} - System32\Tasks\{ECA42B9B-347C-41A3-B74A-63066582EB8F} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9B73DDB4-B5AE-485E-B7DF-B2A12B35478B} - System32\Tasks\{3A395E62-8C9D-47E0-A386-F6F563BE7108} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12002
Task: {9DA78D71-DE3A-467D-B672-DF2012DAB5CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B4C43DAF-26A8-4683-9F55-1A045F849315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B8EB98D3-AAFB-4E5A-B617-6D443BAF002B} - System32\Tasks\{75B8B063-98D4-450A-8604-51F18CE5B7FC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12007
Task: {CB8D353A-D93A-496F-8E45-57851864164D} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-02 09:45 - 2015-07-02 09:45 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-02 09:45 - 2015-07-02 09:45 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-18 09:02 - 2016-05-18 09:02 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051703\algo.dll
2016-05-19 14:28 - 2016-05-19 14:28 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\16051802\algo.dll
2015-07-02 09:45 - 2015-07-02 09:45 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-16 10:06 - 2016-04-20 05:47 - 00034768 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-05-16 10:09 - 2016-04-20 05:48 - 00019408 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-05-16 10:09 - 2016-04-20 05:47 - 00116688 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-05-16 10:06 - 2016-04-20 05:47 - 00093640 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-05-16 10:05 - 2016-04-20 05:47 - 00018376 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\select.pyd
2016-05-16 10:05 - 2016-05-07 08:35 - 00019760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00105928 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-05-16 10:09 - 2016-04-20 05:47 - 00392144 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-05-16 10:05 - 2016-05-07 08:35 - 00381752 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-05-16 10:05 - 2016-04-20 05:47 - 00692688 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00020816 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-05-16 10:05 - 2016-04-20 05:48 - 00121296 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 01682760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00020808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-05-16 10:06 - 2016-05-07 08:35 - 00021840 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00038696 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-05-16 10:09 - 2016-04-20 05:49 - 00020936 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00024528 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00114640 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00124880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-05-16 10:06 - 2016-05-07 08:35 - 00021832 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00175560 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00030160 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00043472 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00028616 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00048592 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00026456 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00057808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00117056 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00052024 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-05-16 10:06 - 2016-04-20 05:47 - 00134608 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-05-16 10:09 - 2016-04-20 05:47 - 00134088 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-05-16 10:09 - 2016-04-20 05:48 - 00240584 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-05-16 10:05 - 2016-05-07 08:35 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-05-16 10:05 - 2016-05-07 08:35 - 00021824 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-05-16 10:05 - 2016-05-07 08:35 - 00019776 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-05-16 10:05 - 2016-05-07 08:35 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00024392 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-05-16 10:09 - 2016-04-20 05:50 - 00036296 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsync.dll
2016-05-16 10:09 - 2016-05-07 08:34 - 00020280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-05-16 10:05 - 2016-05-07 08:35 - 00023376 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00350152 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-05-16 10:05 - 2016-05-07 08:35 - 00022352 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00084280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-05-16 10:09 - 2016-05-07 08:34 - 01826096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-05-16 10:05 - 2016-04-20 05:48 - 00083912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\sip.pyd
2016-05-16 10:09 - 2016-05-07 08:35 - 03928880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 01971504 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00531248 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-05-16 10:09 - 2016-05-07 08:35 - 00132912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-05-16 10:09 - 2016-05-07 08:35 - 00223544 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-05-16 10:09 - 2016-05-07 08:34 - 00207672 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-05-16 10:05 - 2016-04-20 05:49 - 00060880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-05-16 10:06 - 2016-05-07 08:35 - 00024904 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-16 10:09 - 2016-05-07 08:35 - 00546096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-16 10:09 - 2016-05-07 08:35 - 00357680 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-04-14 16:51 - 2016-04-14 16:51 - 19403968 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2010-11-07 22:47 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TRCMan => C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{43EE8DAD-6C08-4D4E-A02E-83E87E210F76}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{48E9EF0B-D6A0-4B37-8A77-A0D5E559C069}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BC84C22-28FA-49B0-B0C2-5618EEF78011}] => (Allow) svchost.exe
FirewallRules: [{0776B301-7894-4F75-AD67-39CE0AA9578E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{35994984-9113-43EC-B221-897E9FF8093A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{398A4635-3BF2-4AE7-8CE4-E0E6D8CB8A08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ABAC755B-E812-4608-AB1E-D5F1A55B3B6F}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1A79D5E8-BF8A-4693-B8B7-6BB0D92AB15F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6CF2275A-E7C7-4E74-8ECD-2160CB7C80B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8D3CB989-BD6C-4058-B2DD-D2DA7AAF9CA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59AED1AD-95B2-4418-A754-6397BD0854D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3F6C9FC6-6D8C-470D-8D4D-455E72FBB786}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{C64A311B-BDEC-4252-8F2E-ED7DE77D3B9E}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0595BB65-7C9F-44CC-B383-973AFB9BCD62}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7487962A-F6D1-49AB-8E5F-069E7A3D5CE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA577E95-76B6-4AF3-89F7-D83164940089}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{95EE430E-0D9F-4742-B9BE-E392A8D4A2D9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B4626FE5-9588-46FC-B459-CBFCF574276E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Restore Points =========================

11-05-2016 16:22:07 Scheduled Checkpoint
12-05-2016 20:18:25 Windows Update
13-05-2016 09:42:23 Windows Update
16-05-2016 09:58:33 Windows Update
17-05-2016 09:13:57 Windows Update
17-05-2016 15:49:06 Windows Update
18-05-2016 09:01:28 Windows Update
18-05-2016 17:10:35 Windows Update
19-05-2016 08:47:15 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2016 12:37:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9532

Error: (05/19/2016 12:37:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9532

Error: (05/19/2016 12:37:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/19/2016 08:46:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37963124

Error: (05/19/2016 08:46:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37963124

Error: (05/19/2016 08:46:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/19/2016 08:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37962048

Error: (05/19/2016 08:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37962048

Error: (05/19/2016 08:46:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/19/2016 08:46:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37961049

System errors:
=============
Error: (05/19/2016 12:24:49 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2016 08:54:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3042058).

Error: (05/19/2016 08:50:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3071756).

Error: (05/19/2016 08:50:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3080149).

Error: (05/19/2016 08:50:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3068708).

Error: (05/19/2016 08:49:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3126587).

Error: (05/19/2016 08:49:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3061518).

Error: (05/19/2016 08:49:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3040272).

Error: (05/19/2016 08:49:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3060716).

Error: (05/18/2016 05:26:54 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 73%
Total physical RAM: 3061.59 MB
Available physical RAM: 821.47 MB
Total Virtual: 6121.51 MB
Available Virtual: 3203.86 MB

==================== Drives ================================

Drive c: (S3A8113D003) (Fixed) (Total:583.45 GB) (Free:431.66 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 230D9B41)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)

==================== End of Addition.txt ============================

#2
RKinner

Posted 21 May 2016 - 06:37 PM

Malware Expert

Expert
24,625 posts

Copy the next 2 lines:

reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters" /s > \junk.txt
notepad \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, (Yes). Right click and Paste or Edit then Paste and the copied lines should appear.

Hit Enter if notepad does not open.

Copy and past the text from notepad into a reply.

Update your Avast Program. You are at 10.2. You should be at 11.2. Then at night just before you go to sleep have Avast do a boot time scan:

Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan. Then at the bottom of the page click on Scan Settings.

Make sure both boxes are checked and click on the gray box to the right of the orange ones. It should turn orange. Change where it says "Fix Automatically" to "Move to

Chest." OK. Now click on Start and then close Avast. Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start. It will tell you where it saves its log. Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

#3
andrea22

Posted 23 May 2016 - 07:58 AM

Member

Topic Starter
Member
139 posts

notepad stuff as follows

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters
    queuePriorityEnable    REG_DWORD    0x0
    BusType    REG_DWORD    0x3

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port0
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port1
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port2
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port3
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port4
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port5
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

#4
RKinner

Posted 23 May 2016 - 08:53 AM

Malware Expert

Expert
24,625 posts

OK. Download and save the attached iastor.zip

Right click on it and Extract All. Find iastor.reg and right click and Merge. OK

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#5
andrea22

Posted 23 May 2016 - 06:28 PM

Member

Topic Starter
Member
139 posts

Avast log as follows. Hopefully this is the right one!

05/24/2016 00:31
Scan of C:

Scan of *STARTUP

File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601.18766_875fdb4529604f8428ed2441b2e79b17e3cfc26e_cab_15538c76\CbsPersist_20160319102059.cab|>CbsPersist_20160319102059.log Error 42127 {CAB archive is corrupted.}
Number of searched folders: 36136
Number of tested files: 1352176
Number of infected files: 0

#6
andrea22

Posted 23 May 2016 - 06:28 PM

Member

Topic Starter
Member
139 posts

Avast log as follows. Hopefully this is the right one!

#7
andrea22

Posted 23 May 2016 - 06:43 PM

Member

Topic Starter
Member
139 posts

notepad stuff as follows

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters
    queuePriorityEnable    REG_DWORD    0x0
    BusType    REG_DWORD    0x3

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port0
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port1
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port2
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port3
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port4
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor\Parameters\Port5
    AN    REG_DWORD    0x0
    LPM    REG_DWORD    0x1
    LPMSTATE    REG_DWORD    0x0
    LPMDSTATE    REG_DWORD    0x1
    GTF    REG_DWORD    0x1
    DIPM    REG_DWORD    0x1

OI'm stuck with the iastor thing...I can't find iastor.reg

#8
RKinner

Posted 23 May 2016 - 06:49 PM

Malware Expert

Expert
24,625 posts

If you download and save iastor.zip from my earlier post and right click on it and Extract All it will show you a file. It may only say iastor since by default Windows hides extensions. Right click on it, If it shows Merge as an option you have the right one.

#9
andrea22

Posted 24 May 2016 - 04:20 AM

Member

Topic Starter
Member
139 posts

this is a screenshot of where I'm up to. Not sure what to click on here, so didn't click anything.

#10
RKinner

Posted 24 May 2016 - 08:16 AM

Malware Expert

Expert
24,625 posts

Just hit Extract. The next window that opens will show the iastor.reg file. You may not see the .reg but go ahead and right click and Merge.

#11
andrea22

Posted 25 May 2016 - 06:27 PM

Member

Topic Starter
Member
139 posts

2016-05-26 10:00:57, Info                  CSI    0000000d [SR] Verifying 100 (0x00000064) components
2016-05-26 10:00:57, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:18, Info                  CSI    00000010 [SR] Verify complete
2016-05-26 10:01:22, Info                  CSI    00000011 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:22, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:29, Info                  CSI    00000014 [SR] Verify complete
2016-05-26 10:01:31, Info                  CSI    00000015 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:31, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:37, Info                  CSI    00000018 [SR] Verify complete
2016-05-26 10:01:39, Info                  CSI    00000019 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:39, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:41, Info                  CSI    0000001c [SR] Verify complete
2016-05-26 10:01:42, Info                  CSI    0000001d [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:42, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:44, Info                  CSI    00000020 [SR] Verify complete
2016-05-26 10:01:46, Info                  CSI    00000021 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:46, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:48, Info                  CSI    00000024 [SR] Verify complete
2016-05-26 10:01:50, Info                  CSI    00000025 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:50, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:52, Info                  CSI    00000028 [SR] Verify complete
2016-05-26 10:01:53, Info                  CSI    00000029 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:53, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:55, Info                  CSI    0000002c [SR] Verify complete
2016-05-26 10:01:57, Info                  CSI    0000002d [SR] Verifying 100 (0x00000064) components
2016-05-26 10:01:57, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2016-05-26 10:01:57, Info                  CSI    0000002f [SR] Cannot verify component files for 2d4586315e84b9d6407ead47fc74c160, Version = 6.1.7601.18741, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-05-26 10:01:58, Info                  CSI    00000031 [SR] Verify complete
2016-05-26 10:02:00, Info                  CSI    00000032 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:00, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:02, Info                  CSI    00000035 [SR] Verify complete
2016-05-26 10:02:03, Info                  CSI    00000036 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:03, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:05, Info                  CSI    00000039 [SR] Verify complete
2016-05-26 10:02:07, Info                  CSI    0000003a [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:07, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:08, Info                  CSI    0000003d [SR] Verify complete
2016-05-26 10:02:10, Info                  CSI    0000003e [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:10, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:12, Info                  CSI    00000041 [SR] Verify complete
2016-05-26 10:02:13, Info                  CSI    00000042 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:13, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:15, Info                  CSI    00000045 [SR] Verify complete
2016-05-26 10:02:16, Info                  CSI    00000046 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:16, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:18, Info                  CSI    00000049 [SR] Verify complete
2016-05-26 10:02:19, Info                  CSI    0000004a [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:19, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:21, Info                  CSI    0000004d [SR] Verify complete
2016-05-26 10:02:22, Info                  CSI    0000004e [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:22, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:24, Info                  CSI    00000051 [SR] Verify complete
2016-05-26 10:02:25, Info                  CSI    00000052 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:25, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:27, Info                  CSI    00000055 [SR] Verify complete
2016-05-26 10:02:28, Info                  CSI    00000056 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:28, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:30, Info                  CSI    00000059 [SR] Verify complete
2016-05-26 10:02:31, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:31, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:33, Info                  CSI    0000005c [SR] Cannot verify component files for 933aeb16137e08f78048b3f4990b165a, Version = 6.1.7601.18741, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-05-26 10:02:33, Info                  CSI    0000005e [SR] Verify complete
2016-05-26 10:02:34, Info                  CSI    0000005f [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:34, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:36, Info                  CSI    00000062 [SR] Verify complete
2016-05-26 10:02:37, Info                  CSI    00000063 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:37, Info                  CSI    00000064 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:38, Info                  CSI    00000065 [SR] Cannot verify component files for a358d64e924d48559c54648750e128d6, Version = 6.1.7601.18741, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-05-26 10:02:38, Info                  CSI    00000067 [SR] Verify complete
2016-05-26 10:02:40, Info                  CSI    00000068 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:40, Info                  CSI    00000069 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:41, Info                  CSI    0000006b [SR] Verify complete
2016-05-26 10:02:42, Info                  CSI    0000006c [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:42, Info                  CSI    0000006d [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:47, Info                  CSI    0000006f [SR] Verify complete
2016-05-26 10:02:48, Info                  CSI    00000070 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:48, Info                  CSI    00000071 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:50, Info                  CSI    00000073 [SR] Verify complete
2016-05-26 10:02:51, Info                  CSI    00000074 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:51, Info                  CSI    00000075 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:54, Info                  CSI    00000077 [SR] Verify complete
2016-05-26 10:02:55, Info                  CSI    00000078 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:55, Info                  CSI    00000079 [SR] Beginning Verify and Repair transaction
2016-05-26 10:02:57, Info                  CSI    0000007b [SR] Verify complete
2016-05-26 10:02:58, Info                  CSI    0000007c [SR] Verifying 100 (0x00000064) components
2016-05-26 10:02:58, Info                  CSI    0000007d [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:00, Info                  CSI    0000007f [SR] Verify complete
2016-05-26 10:03:01, Info                  CSI    00000080 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:01, Info                  CSI    00000081 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:04, Info                  CSI    00000083 [SR] Verify complete
2016-05-26 10:03:05, Info                  CSI    00000084 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:05, Info                  CSI    00000085 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:06, Info                  CSI    00000087 [SR] Verify complete
2016-05-26 10:03:08, Info                  CSI    00000088 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:08, Info                  CSI    00000089 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:10, Info                  CSI    0000008b [SR] Verify complete
2016-05-26 10:03:11, Info                  CSI    0000008c [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:11, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:13, Info                  CSI    0000008f [SR] Verify complete
2016-05-26 10:03:14, Info                  CSI    00000090 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:14, Info                  CSI    00000091 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:16, Info                  CSI    00000093 [SR] Verify complete
2016-05-26 10:03:17, Info                  CSI    00000094 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:17, Info                  CSI    00000095 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:19, Info                  CSI    00000097 [SR] Verify complete
2016-05-26 10:03:20, Info                  CSI    00000098 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:20, Info                  CSI    00000099 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:23, Info                  CSI    0000009b [SR] Verify complete
2016-05-26 10:03:24, Info                  CSI    0000009c [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:24, Info                  CSI    0000009d [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:30, Info                  CSI    0000009f [SR] Verify complete
2016-05-26 10:03:30, Info                  CSI    000000a0 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:30, Info                  CSI    000000a1 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:35, Info                  CSI    000000a3 [SR] Verify complete
2016-05-26 10:03:35, Info                  CSI    000000a4 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:35, Info                  CSI    000000a5 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:39, Info                  CSI    000000a7 [SR] Verify complete
2016-05-26 10:03:40, Info                  CSI    000000a8 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:40, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:50, Info                  CSI    000000ab [SR] Verify complete
2016-05-26 10:03:50, Info                  CSI    000000ac [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:50, Info                  CSI    000000ad [SR] Beginning Verify and Repair transaction
2016-05-26 10:03:58, Info                  CSI    000000af [SR] Verify complete
2016-05-26 10:03:59, Info                  CSI    000000b0 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:03:59, Info                  CSI    000000b1 [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:05, Info                  CSI    000000b6 [SR] Verify complete
2016-05-26 10:04:06, Info                  CSI    000000b7 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:06, Info                  CSI    000000b8 [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:12, Info                  CSI    000000bb [SR] Verify complete
2016-05-26 10:04:13, Info                  CSI    000000bc [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:13, Info                  CSI    000000bd [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:20, Info                  CSI    000000c1 [SR] Verify complete
2016-05-26 10:04:20, Info                  CSI    000000c2 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:20, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:29, Info                  CSI    000000cd [SR] Verify complete
2016-05-26 10:04:30, Info                  CSI    000000ce [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:30, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:36, Info                  CSI    000000d1 [SR] Verify complete
2016-05-26 10:04:37, Info                  CSI    000000d2 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:37, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:44, Info                  CSI    000000d5 [SR] Verify complete
2016-05-26 10:04:45, Info                  CSI    000000d6 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:45, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:50, Info                  CSI    000000d9 [SR] Verify complete
2016-05-26 10:04:51, Info                  CSI    000000da [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:51, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2016-05-26 10:04:58, Info                  CSI    000000dd [SR] Verify complete
2016-05-26 10:04:59, Info                  CSI    000000de [SR] Verifying 100 (0x00000064) components
2016-05-26 10:04:59, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2016-05-26 10:05:05, Info                  CSI    000000e1 [SR] Verify complete
2016-05-26 10:05:06, Info                  CSI    000000e2 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:05:06, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2016-05-26 10:05:14, Info                  CSI    000000e5 [SR] Verify complete
2016-05-26 10:05:15, Info                  CSI    000000e6 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:05:15, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2016-05-26 10:05:26, Info                  CSI    000000eb [SR] Verify complete
2016-05-26 10:05:27, Info                  CSI    000000ec [SR] Verifying 100 (0x00000064) components
2016-05-26 10:05:27, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2016-05-26 10:05:36, Info                  CSI    000000ef [SR] Verify complete
2016-05-26 10:05:37, Info                  CSI    000000f0 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:05:37, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2016-05-26 10:05:55, Info                  CSI    000000f3 [SR] Verify complete
2016-05-26 10:05:56, Info                  CSI    000000f4 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:05:56, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:01, Info                  CSI    000000f7 [SR] Verify complete
2016-05-26 10:06:01, Info                  CSI    000000f8 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:01, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:05, Info                  CSI    000000fb [SR] Verify complete
2016-05-26 10:06:05, Info                  CSI    000000fc [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:05, Info                  CSI    000000fd [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:07, Info                  CSI    000000ff [SR] Verify complete
2016-05-26 10:06:08, Info                  CSI    00000100 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:08, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:17, Info                  CSI    0000011b [SR] Verify complete
2016-05-26 10:06:18, Info                  CSI    0000011c [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:18, Info                  CSI    0000011d [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:23, Info                  CSI    00000123 [SR] Verify complete
2016-05-26 10:06:24, Info                  CSI    00000124 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:24, Info                  CSI    00000125 [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:30, Info                  CSI    00000127 [SR] Verify complete
2016-05-26 10:06:31, Info                  CSI    00000128 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:31, Info                  CSI    00000129 [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:36, Info                  CSI    0000012b [SR] Verify complete
2016-05-26 10:06:37, Info                  CSI    0000012c [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:37, Info                  CSI    0000012d [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:44, Info                  CSI    0000012f [SR] Verify complete
2016-05-26 10:06:46, Info                  CSI    00000130 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:46, Info                  CSI    00000131 [SR] Beginning Verify and Repair transaction
2016-05-26 10:06:57, Info                  CSI    00000133 [SR] Verify complete
2016-05-26 10:06:58, Info                  CSI    00000134 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:06:58, Info                  CSI    00000135 [SR] Beginning Verify and Repair transaction
2016-05-26 10:07:06, Info                  CSI    00000138 [SR] Verify complete
2016-05-26 10:07:07, Info                  CSI    00000139 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:07:07, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2016-05-26 10:07:10, Info                  CSI    0000013c [SR] Verify complete
2016-05-26 10:07:12, Info                  CSI    0000013d [SR] Verifying 100 (0x00000064) components
2016-05-26 10:07:12, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2016-05-26 10:07:20, Info                  CSI    00000140 [SR] Verify complete
2016-05-26 10:07:21, Info                  CSI    00000141 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:07:21, Info                  CSI    00000142 [SR] Beginning Verify and Repair transaction
2016-05-26 10:07:31, Info                  CSI    00000144 [SR] Verify complete
2016-05-26 10:07:32, Info                  CSI    00000145 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:07:32, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2016-05-26 10:07:39, Info                  CSI    00000148 [SR] Verify complete
2016-05-26 10:07:40, Info                  CSI    00000149 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:07:40, Info                  CSI    0000014a [SR] Beginning Verify and Repair transaction
2016-05-26 10:07:52, Info                  CSI    0000014d [SR] Verify complete
2016-05-26 10:07:53, Info                  CSI    0000014e [SR] Verifying 100 (0x00000064) components
2016-05-26 10:07:53, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2016-05-26 10:08:05, Info                  CSI    00000174 [SR] Verify complete
2016-05-26 10:08:06, Info                  CSI    00000175 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:08:06, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
2016-05-26 10:08:15, Info                  CSI    00000178 [SR] Verify complete
2016-05-26 10:08:15, Info                  CSI    00000179 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:08:15, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2016-05-26 10:08:33, Info                  CSI    0000017c [SR] Verify complete
2016-05-26 10:08:34, Info                  CSI    0000017d [SR] Verifying 100 (0x00000064) components
2016-05-26 10:08:34, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2016-05-26 10:08:57, Info                  CSI    00000181 [SR] Verify complete
2016-05-26 10:08:58, Info                  CSI    00000182 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:08:58, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2016-05-26 10:09:11, Info                  CSI    00000185 [SR] Verify complete
2016-05-26 10:09:12, Info                  CSI    00000186 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:09:12, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2016-05-26 10:09:21, Info                  CSI    00000189 [SR] Verify complete
2016-05-26 10:09:22, Info                  CSI    0000018a [SR] Verifying 100 (0x00000064) components
2016-05-26 10:09:22, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
2016-05-26 10:09:28, Info                  CSI    0000018d [SR] Verify complete
2016-05-26 10:09:29, Info                  CSI    0000018e [SR] Verifying 100 (0x00000064) components
2016-05-26 10:09:29, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2016-05-26 10:09:34, Info                  CSI    00000191 [SR] Verify complete
2016-05-26 10:09:35, Info                  CSI    00000192 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:09:35, Info                  CSI    00000193 [SR] Beginning Verify and Repair transaction
2016-05-26 10:09:42, Info                  CSI    00000196 [SR] Verify complete
2016-05-26 10:09:43, Info                  CSI    00000197 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:09:43, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2016-05-26 10:10:01, Info                  CSI    0000019a [SR] Verify complete
2016-05-26 10:10:01, Info                  CSI    0000019b [SR] Verifying 100 (0x00000064) components
2016-05-26 10:10:01, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2016-05-26 10:10:11, Info                  CSI    0000019f [SR] Verify complete
2016-05-26 10:10:12, Info                  CSI    000001a0 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:10:12, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2016-05-26 10:10:19, Info                  CSI    000001a3 [SR] Verify complete
2016-05-26 10:10:20, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:10:20, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2016-05-26 10:10:27, Info                  CSI    000001a7 [SR] Verify complete
2016-05-26 10:10:28, Info                  CSI    000001a8 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:10:28, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2016-05-26 10:10:39, Info                  CSI    000001ac [SR] Verify complete
2016-05-26 10:10:40, Info                  CSI    000001ad [SR] Verifying 100 (0x00000064) components
2016-05-26 10:10:40, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
2016-05-26 10:10:46, Info                  CSI    000001b0 [SR] Verify complete
2016-05-26 10:10:47, Info                  CSI    000001b1 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:10:47, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
2016-05-26 10:10:54, Info                  CSI    000001b4 [SR] Verify complete
2016-05-26 10:10:55, Info                  CSI    000001b5 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:10:55, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2016-05-26 10:11:02, Info                  CSI    000001b8 [SR] Verify complete
2016-05-26 10:11:03, Info                  CSI    000001b9 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:11:03, Info                  CSI    000001ba [SR] Beginning Verify and Repair transaction
2016-05-26 10:11:13, Info                  CSI    000001bd [SR] Verify complete
2016-05-26 10:11:14, Info                  CSI    000001be [SR] Verifying 100 (0x00000064) components
2016-05-26 10:11:14, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
2016-05-26 10:11:19, Info                  CSI    000001c1 [SR] Verify complete
2016-05-26 10:11:19, Info                  CSI    000001c2 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:11:19, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
2016-05-26 10:11:26, Info                  CSI    000001c5 [SR] Verify complete
2016-05-26 10:11:27, Info                  CSI    000001c6 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:11:27, Info                  CSI    000001c7 [SR] Beginning Verify and Repair transaction
2016-05-26 10:11:33, Info                  CSI    000001c9 [SR] Verify complete
2016-05-26 10:11:34, Info                  CSI    000001ca [SR] Verifying 100 (0x00000064) components
2016-05-26 10:11:34, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
2016-05-26 10:11:42, Info                  CSI    000001ce [SR] Verify complete
2016-05-26 10:11:43, Info                  CSI    000001cf [SR] Verifying 100 (0x00000064) components
2016-05-26 10:11:43, Info                  CSI    000001d0 [SR] Beginning Verify and Repair transaction
2016-05-26 10:11:51, Info                  CSI    000001d2 [SR] Verify complete
2016-05-26 10:11:52, Info                  CSI    000001d3 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:11:52, Info                  CSI    000001d4 [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:00, Info                  CSI    000001d6 [SR] Verify complete
2016-05-26 10:12:01, Info                  CSI    000001d7 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:01, Info                  CSI    000001d8 [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:09, Info                  CSI    000001da [SR] Verify complete
2016-05-26 10:12:09, Info                  CSI    000001db [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:09, Info                  CSI    000001dc [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:12, Info                  CSI    000001de [SR] Verify complete
2016-05-26 10:12:12, Info                  CSI    000001df [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:12, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:18, Info                  CSI    000001e2 [SR] Verify complete
2016-05-26 10:12:18, Info                  CSI    000001e3 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:18, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:24, Info                  CSI    000001e6 [SR] Verify complete
2016-05-26 10:12:25, Info                  CSI    000001e7 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:25, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:32, Info                  CSI    000001ea [SR] Verify complete
2016-05-26 10:12:33, Info                  CSI    000001eb [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:33, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:38, Info                  CSI    000001ee [SR] Verify complete
2016-05-26 10:12:38, Info                  CSI    000001ef [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:38, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:43, Info                  CSI    000001f2 [SR] Verify complete
2016-05-26 10:12:43, Info                  CSI    000001f3 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:43, Info                  CSI    000001f4 [SR] Beginning Verify and Repair transaction
2016-05-26 10:12:58, Info                  CSI    000001f6 [SR] Verify complete
2016-05-26 10:12:58, Info                  CSI    000001f7 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:12:58, Info                  CSI    000001f8 [SR] Beginning Verify and Repair transaction
2016-05-26 10:13:30, Info                  CSI    000001fa [SR] Verify complete
2016-05-26 10:13:31, Info                  CSI    000001fb [SR] Verifying 100 (0x00000064) components
2016-05-26 10:13:31, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2016-05-26 10:13:47, Info                  CSI    000001fe [SR] Verify complete
2016-05-26 10:13:48, Info                  CSI    000001ff [SR] Verifying 100 (0x00000064) components
2016-05-26 10:13:48, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2016-05-26 10:13:57, Info                  CSI    00000202 [SR] Verify complete
2016-05-26 10:13:57, Info                  CSI    00000203 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:13:57, Info                  CSI    00000204 [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:00, Info                  CSI    00000206 [SR] Verify complete
2016-05-26 10:14:01, Info                  CSI    00000207 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:14:01, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:06, Info                  CSI    0000020a [SR] Verify complete
2016-05-26 10:14:07, Info                  CSI    0000020b [SR] Verifying 100 (0x00000064) components
2016-05-26 10:14:07, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:12, Info                  CSI    0000020e [SR] Verify complete
2016-05-26 10:14:13, Info                  CSI    0000020f [SR] Verifying 100 (0x00000064) components
2016-05-26 10:14:13, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:17, Info                  CSI    00000212 [SR] Verify complete
2016-05-26 10:14:17, Info                  CSI    00000213 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:14:17, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:18, Info                  CSI    00000216 [SR] Verify complete
2016-05-26 10:14:19, Info                  CSI    00000217 [SR] Verifying 100 (0x00000064) components
2016-05-26 10:14:19, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:23, Info                  CSI    0000021a [SR] Verify complete
2016-05-26 10:14:24, Info                  CSI    0000021b [SR] Verifying 63 (0x0000003f) components
2016-05-26 10:14:24, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:27, Info                  CSI    0000021e [SR] Verify complete
2016-05-26 10:14:27, Info                  CSI    0000021f [SR] Repairing 3 components
2016-05-26 10:14:27, Info                  CSI    00000220 [SR] Beginning Verify and Repair transaction
2016-05-26 10:14:27, Info                  CSI    00000221 [SR] Cannot verify component files for 2d4586315e84b9d6407ead47fc74c160, Version = 6.1.7601.18741, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-05-26 10:14:27, Info                  CSI    00000222 [SR] Cannot verify component files for 933aeb16137e08f78048b3f4990b165a, Version = 6.1.7601.18741, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-05-26 10:14:27, Info                  CSI    00000223 [SR] Cannot verify component files for a358d64e924d48559c54648750e128d6, Version = 6.1.7601.18741, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-05-26 10:14:27, Info                  CSI    00000225 [SR] Repair complete
2016-05-26 10:14:27, Info                  CSI    00000226 [SR] Committing transaction
2016-05-26 10:14:27, Info                  CSI    0000022a [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

#12
andrea22

Posted 25 May 2016 - 06:33 PM

Member

Topic Starter
Member
139 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/05/2016 10:32:42 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/05/2016 11:57:42 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.pfsis.boq.com.au timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/05/2016 11:54:32 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 25/05/2016 11:53:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

#13
andrea22

Posted 25 May 2016 - 06:37 PM

Member

Topic Starter
Member
139 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/05/2016 10:34:28 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/05/2016 11:55:04 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Log: 'Application' Date/Time: 25/05/2016 11:55:04 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 25/05/2016 11:52:58 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes:
Process 4964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3979224096-2494383751-3139044533-1005_CLASSES

Log: 'Application' Date/Time: 25/05/2016 11:52:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3979224096-2494383751-3139044533-1005:
Process 1348 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3979224096-2494383751-3139044533-1005
Process 4964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3979224096-2494383751-3139044533-1005

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/05/2016 11:57:42 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.pfsis.boq.com.au timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/05/2016 11:54:32 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 25/05/2016 11:53:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

#14
andrea22

Posted 25 May 2016 - 06:43 PM

Member

Topic Starter
Member
139 posts

#15
RKinner

Posted 26 May 2016 - 07:14 PM

Malware Expert

Expert
24,625 posts

Sorry for the delay. Was on a trio and the WiFi at the hotel was broken.

It looks like we may have fixed this error:

Error: (05/19/2016 12:24:49 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

The above error often causes the PC to stop working for 10-20 seconds so I'm hoping that yours is running a bit better.

I see you have speccy. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.