Hi, I seem to have a malware problem again. I'm getting pop-ups on ebay, multiple redirects (i.e. reimage site comes up all the time), firefox 'not responding' and greying out, and script errors. Same problem I had a couple of months ago. FRST logs below, thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2016
Ran by Celia (administrator) on CELIA-PC (20-07-2016 09:49:29)
Running from C:\Users\Celia\Desktop
Loaded Profiles: Celia (Available Profiles: Celia)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Dropbox, Inc.) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Fuji Xerox Co., Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Fuji Xerox\BrStMonW.exe [4513280 2014-06-17] (Fuji Xerox Co., Ltd.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [Dropbox Update] => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-24] (AVAST Software)
Startup: C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{73FE20E9-1391-44F4-9EB4-2B112372BCE1}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [NameServer] 208.67.222.222,4.2.2.1
Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: [DhcpNameServer] 10.5.133.45 10.5.136.242
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-24] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FireFox:
========
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-20] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-31] (Apple Inc.)
FF Extension: LavaFox V2-Blue - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-12]
FF Extension: NoSquint Plus - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-24]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-01-13]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-05-24] (Avast Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2014-05-26] (Fuji Xerox Co., Ltd.) [File not signed]
S4 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S4 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-29] (TOSHIBA Corporation)
S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-06] (TOSHIBA Corporation)
S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-10-31] (TOSHIBA Corporation)
S4 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [32792 2016-05-24] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [35096 2016-05-24] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [91168 2016-05-24] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [91232 2016-05-24] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [58776 2016-05-24] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [815792 2016-05-24] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [449640 2016-05-24] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [124808 2016-05-24] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [221368 2016-05-24] (AVAST Software)
R3 enecirhid; C:\windows\System32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
R3 enecirhidma; C:\windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 mod7700; C:\windows\System32\Drivers\dvb7700all.sys [626688 2009-06-12] (DiBcom)
R0 ngvss; C:\windows\system32\Drivers\ngvss.sys [136432 2016-05-24] (AVAST Software)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-24] (Avast Software)
S3 ZTEusbnet; C:\windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-12-28] (ZTE Corporation)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-20 09:49 - 2016-07-20 09:51 - 00018279 _____ C:\Users\Celia\Desktop\FRST.txt
2016-07-20 09:47 - 2016-07-20 09:47 - 01741824 _____ (Farbar) C:\Users\Celia\Desktop\FRST.exe
2016-07-13 10:10 - 2016-06-26 06:01 - 00037096 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-13 10:10 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 01004544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 00779776 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-13 10:10 - 2016-06-26 05:42 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-07-13 10:10 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-07-13 10:10 - 2016-06-26 05:41 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-07-13 10:10 - 2016-06-22 23:06 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 01288192 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-13 10:10 - 2016-06-15 00:57 - 02398208 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-13 10:10 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-13 10:10 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-13 10:10 - 2016-06-11 05:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-13 10:10 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-13 10:10 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-13 10:10 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-13 10:10 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-13 10:10 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-13 10:10 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-13 10:10 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-13 10:10 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-13 10:10 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-13 10:10 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-13 10:10 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-13 10:10 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-13 10:10 - 2016-06-11 04:41 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-13 10:10 - 2016-06-11 04:35 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-13 10:10 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-13 10:10 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 10:10 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-13 10:10 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-13 10:10 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-13 10:10 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-13 10:10 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-13 10:10 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-13 10:10 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-13 10:10 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-13 10:10 - 2016-06-11 04:10 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-13 10:10 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-13 10:10 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-13 10:10 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-13 10:10 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-13 10:10 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-13 10:10 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-13 10:09 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-12 10:12 - 2016-07-12 10:12 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-24 16:47 - 2016-06-24 16:47 - 00087115 _____ C:\Users\Celia\Downloads\Andreana Bonica Avgoloupis 3M.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-20 09:50 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-20 09:50 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-20 09:49 - 2016-05-19 18:19 - 00000000 ____D C:\FRST
2016-07-20 09:25 - 2010-07-03 17:13 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 09:24 - 2012-08-21 08:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-20 09:24 - 2010-07-03 17:13 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 09:16 - 2015-06-18 21:06 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job
2016-07-19 17:38 - 2015-04-01 11:21 - 00000000 ___RD C:\Users\Celia\Dropbox
2016-07-19 17:34 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-19 14:49 - 2013-10-01 23:36 - 00000000 ____D C:\Users\Celia\Downloads\My WAC
2016-07-19 14:12 - 2015-06-18 21:06 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job
2016-07-18 11:34 - 2013-10-01 23:54 - 00000000 ____D C:\Users\Celia\Downloads\Programs Etc
2016-07-16 18:55 - 2010-04-30 08:20 - 00916538 _____ C:\windows\system32\PerfStringBackup.INI
2016-07-16 18:55 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
2016-07-15 02:00 - 2009-07-14 12:37 - 00000000 ____D C:\windows\rescache
2016-07-14 21:44 - 2009-07-14 14:33 - 00455728 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-14 21:42 - 2014-12-12 08:59 - 00000000 ____D C:\windows\system32\appraiser
2016-07-14 21:42 - 2009-07-14 17:49 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 21:36 - 2013-07-16 18:14 - 00000000 ____D C:\windows\system32\MRT
2016-07-14 21:30 - 2010-05-26 22:14 - 141983760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-12 23:09 - 2016-02-14 09:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-12 10:11 - 2015-04-01 11:16 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Dropbox
2016-06-24 16:34 - 2010-04-30 09:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 00:04 - 2013-07-03 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 12:13 - 2010-05-23 14:57 - 00400552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-20 08:36 - 2012-05-21 13:54 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-06-20 08:36 - 2011-07-21 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-20 08:32 - 2014-06-15 22:34 - 00000000 ____D C:\Users\Celia\AppData\Local\Adobe
==================== Files in the root of some directories =======
2010-05-22 11:01 - 2010-05-22 11:01 - 127951849 _____ () C:\Program Files\openofficeorg1.cab
2010-05-22 11:05 - 2010-05-22 11:05 - 3093504 _____ () C:\Program Files\openofficeorg32.msi
2010-05-22 10:13 - 2010-05-22 10:13 - 0000290 _____ () C:\Program Files\setup.ini
2011-01-17 12:33 - 2014-04-16 20:55 - 0006144 _____ () C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-14 20:29 - 2010-12-14 20:29 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Celia\AppData\Local\Temp\libeay32.dll
C:\Users\Celia\AppData\Local\Temp\msvcr120.dll
C:\Users\Celia\AppData\Local\Temp\sqlite3.dll
C:\Users\Celia\AppData\Local\Temp\{0DCD7807-9F20-4D8F-8E26-C88D5408387E}-DropboxClient_4.4.29.exe
C:\Users\Celia\AppData\Local\Temp\{D2F6BECA-06FA-4208-A116-780B12790D65}-DropboxClient_6.4.14.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-18 15:07
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2016
Ran by Celia (2016-07-20 09:52:45)
Running from C:\Users\Celia\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2010-05-23 04:09:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3979224096-2494383751-3139044533-500 - Administrator - Disabled)
Celia (S-1-5-21-3979224096-2494383751-3139044533-1005 - Administrator - Enabled) => C:\Users\Celia
Guest (S-1-5-21-3979224096-2494383751-3139044533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3979224096-2494383751-3139044533-1006 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Pixlr (HKLM\...\Autodesk Pixlr) (Version: 1.0.3.0 - Autodesk)
Autodesk Pixlr (Version: 1.0.3.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DocuPrint P115 w (HKLM\...\{92EA7FDC-323F-406F-BEE9-601B8EB1E209}) (Version: 1.0.0.0 - Fuji Xerox)
Dolby Control Center (HKLM\...\{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}) (Version: 2.2.1 - Dolby)
Dropbox (HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
ENE CIR Receiver Driver (HKLM\...\D751CB2FD39EE07639D08542EEF9BF77AD1D9696) (Version: 2.7.4.1 - ENE)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
InterVideo WinDVD BD for TOSHIBA (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.153 - InterVideo Inc.)
InterVideo WinDVD BD for TOSHIBA (Version: 8.0.20.153 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 47.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Telstra Mobile Broadband Manager (HKLM\...\Telstra Mobile Broadband Manager) (Version: 3.0.514 - Telstra)
Telstra Mobile Broadband Manager (Version: 3.0.514 - Telstra) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.12 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.05.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.07.32 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1.0 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.32 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden
Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B38A649-9F1E-4712-8144-F630B3FFA3EF} - System32\Tasks\{2B304DAF-75E8-4FD3-B03F-39DF58D79679} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12002
Task: {100C92C3-AE05-4B8A-A7D6-B268F8483060} - System32\Tasks\{FB271578-E767-4C96-91CE-B4C000C33CAE} => pcalua.exe -a C:\Users\Celia\Documents\erunt\ERUNT.EXE -d C:\Users\Celia\Documents\erunt
Task: {20E58FCF-A260-45C3-94C0-A9E72DBF7C83} - System32\Tasks\{55F00A89-B569-4BDD-8552-B5975366E7C1} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12007
Task: {31CFACD6-DBED-4CDF-B6DA-8233C9BA6C16} - System32\Tasks\{54B69217-9D97-4C3E-A327-3C9D6F79C5B5} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12002
Task: {3E6077ED-2FD0-403F-80C9-D0C3BAEA5A7B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-24] (AVAST Software)
Task: {439B1BB6-027E-4252-A0D4-20F91E4231FF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-20] (Adobe Systems Incorporated)
Task: {478E14C3-B8CC-4F1A-9EAD-48BC6ED82405} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {49CE06DF-0448-492D-BBBB-C2116204AD78} - System32\Tasks\SafeZone scheduled Autoupdate 1464012472 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {49E12645-39F8-47B5-A988-DC9DCCB4C5FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {50EA36FF-C896-4BA6-9921-0C2B86B61EEF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {558A8A80-5ABD-4AB2-A9A0-FD934894F016} - System32\Tasks\{A73BF785-3482-41CB-9F03-987DDC76B215} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12007
Task: {678AF2BF-115A-4B36-8764-F808D8F8CC3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {78206B44-8E2D-49BA-85F4-1BEA4E218FA8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-29] (TOSHIBA CORPORATION)
Task: {7E6B6E1A-4C4A-49FE-A76E-CCB4CF2AE46D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8F811ACF-3913-4EAA-BAE9-1B32CA4DFFFF} - System32\Tasks\{ECA42B9B-347C-41A3-B74A-63066582EB8F} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9B73DDB4-B5AE-485E-B7DF-B2A12B35478B} - System32\Tasks\{3A395E62-8C9D-47E0-A386-F6F563BE7108} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12002
Task: {9DA78D71-DE3A-467D-B672-DF2012DAB5CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B4C43DAF-26A8-4683-9F55-1A045F849315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B89A471C-D09F-4722-87A4-7DCFC991D7CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B8EB98D3-AAFB-4E5A-B617-6D443BAF002B} - System32\Tasks\{75B8B063-98D4-450A-8604-51F18CE5B7FC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152.259&LastError=12007
Task: {CB8D353A-D93A-496F-8E45-57851864164D} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-24 00:02 - 2016-05-24 00:02 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-24 00:02 - 2016-05-24 00:02 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-19 09:15 - 2016-07-19 09:15 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071801\algo.dll
2016-05-24 00:02 - 2016-05-24 00:02 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-24 00:02 - 2016-05-24 00:02 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-19 21:38 - 2016-07-19 21:38 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071900\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-24 00:03 - 2016-05-24 00:03 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-12 10:01 - 2016-06-07 11:58 - 00034768 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-07-12 10:12 - 2016-06-07 11:58 - 00134088 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-07-12 10:12 - 2016-06-07 11:59 - 00019408 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-07-12 10:12 - 2016-06-07 11:58 - 00116688 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-07-12 10:01 - 2016-06-07 11:58 - 00093640 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-07-12 10:01 - 2016-06-07 11:58 - 00018376 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\select.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00019760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00105928 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-07-12 10:12 - 2016-06-07 11:58 - 00392144 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-07-12 10:01 - 2016-07-06 04:00 - 00381752 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-07-12 10:01 - 2016-06-07 11:58 - 00692688 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00020816 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-07-12 10:01 - 2016-06-07 11:59 - 00123856 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 01682760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00020808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00021840 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00052024 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00038696 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-07-12 10:12 - 2016-06-07 12:00 - 00020936 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00024528 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00114640 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00124880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00021832 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00175560 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00030160 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00043472 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00048592 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00023872 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00026456 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00057808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00246592 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00028616 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00019776 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-07-12 10:01 - 2016-06-07 11:58 - 00134608 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-07-12 10:12 - 2016-06-07 11:59 - 00240584 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00020280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00023376 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00350152 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00022352 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00024392 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-07-12 10:12 - 2016-06-07 12:01 - 00036296 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsync.dll
2016-07-12 10:12 - 2016-07-06 04:00 - 00084280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-12 10:12 - 2016-07-06 04:00 - 01826096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-07-12 10:01 - 2016-06-07 11:59 - 00083912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\sip.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 03928880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 01971504 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00531248 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00132912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00223544 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00207672 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00060880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00024904 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00546096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00357680 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-06-20 08:36 - 2016-06-20 08:36 - 19455168 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:04 - 2010-11-07 22:47 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TRCMan => C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{43EE8DAD-6C08-4D4E-A02E-83E87E210F76}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{48E9EF0B-D6A0-4B37-8A77-A0D5E559C069}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BC84C22-28FA-49B0-B0C2-5618EEF78011}] => (Allow) svchost.exe
FirewallRules: [{0776B301-7894-4F75-AD67-39CE0AA9578E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{35994984-9113-43EC-B221-897E9FF8093A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{398A4635-3BF2-4AE7-8CE4-E0E6D8CB8A08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ABAC755B-E812-4608-AB1E-D5F1A55B3B6F}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1A79D5E8-BF8A-4693-B8B7-6BB0D92AB15F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6CF2275A-E7C7-4E74-8ECD-2160CB7C80B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8D3CB989-BD6C-4058-B2DD-D2DA7AAF9CA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59AED1AD-95B2-4418-A754-6397BD0854D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3F6C9FC6-6D8C-470D-8D4D-455E72FBB786}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{C64A311B-BDEC-4252-8F2E-ED7DE77D3B9E}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0595BB65-7C9F-44CC-B383-973AFB9BCD62}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7487962A-F6D1-49AB-8E5F-069E7A3D5CE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA577E95-76B6-4AF3-89F7-D83164940089}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DA21657D-E80C-4432-AE13-C1D88FAACA9D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{51686515-2772-438C-AB34-A3C6FC52DDC2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Restore Points =========================
11-05-2016 16:22:07 Scheduled Checkpoint
12-05-2016 20:18:25 Windows Update
13-05-2016 09:42:23 Windows Update
16-05-2016 09:58:33 Windows Update
17-05-2016 09:13:57 Windows Update
17-05-2016 15:49:06 Windows Update
18-05-2016 09:01:28 Windows Update
18-05-2016 17:10:35 Windows Update
19-05-2016 08:47:15 Windows Update
20-05-2016 08:53:55 Windows Update
20-05-2016 20:14:45 Windows Update
24-05-2016 03:00:24 Windows Update
24-05-2016 15:19:41 Windows Update
26-05-2016 09:30:48 Windows Update
30-05-2016 09:53:19 Removed Java 8 Update 77
30-05-2016 09:56:22 Windows Update
31-05-2016 15:38:13 Windows Update
02-06-2016 09:04:09 Windows Update
06-06-2016 08:59:17 Windows Update
07-06-2016 08:17:14 Windows Update
09-06-2016 09:32:34 Windows Update
12-06-2016 09:27:26 Windows Update
12-06-2016 21:20:36 Windows Update
14-06-2016 09:12:43 Windows Update
17-06-2016 11:20:24 Windows Update
17-06-2016 13:49:15 Windows Update
20-06-2016 00:59:37 Windows Update
20-06-2016 08:53:16 Windows Update
20-06-2016 11:29:10 Windows Update
20-06-2016 23:03:17 Windows Update
21-06-2016 10:54:53 Windows Update
21-06-2016 22:50:58 Windows Update
22-06-2016 15:59:52 Windows Update
22-06-2016 22:18:39 Windows Update
24-06-2016 00:00:46 Windows Update
24-06-2016 23:37:50 Windows Update
25-06-2016 22:05:35 Windows Update
27-06-2016 00:20:26 Windows Update
29-06-2016 15:49:46 Windows Update
04-07-2016 22:02:15 Windows Update
05-07-2016 23:19:21 Windows Update
08-07-2016 18:08:59 Windows Update
11-07-2016 14:24:13 Windows Update
14-07-2016 21:27:01 Windows Update
15-07-2016 13:32:04 Windows Update
15-07-2016 22:38:34 Windows Update
18-07-2016 10:34:21 Windows Update
18-07-2016 15:52:33 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2016 12:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8128
Error: (07/20/2016 12:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8128
Error: (07/20/2016 12:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/20/2016 12:09:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7098
Error: (07/20/2016 12:09:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7098
Error: (07/20/2016 12:09:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/20/2016 12:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6038
Error: (07/20/2016 12:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6038
Error: (07/20/2016 12:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/20/2016 12:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024
System errors:
=============
Error: (07/19/2016 05:40:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (07/19/2016 05:34:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:32:46 PM on 19/07/2016 was unexpected.
Error: (07/18/2016 06:58:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (07/18/2016 06:58:01 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (07/18/2016 06:57:48 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (07/18/2016 06:57:35 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (07/18/2016 06:57:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (07/18/2016 06:57:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (07/18/2016 06:56:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (07/18/2016 06:56:43 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
==================== Memory info ===========================
Processor: Intel® Core i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 69%
Total physical RAM: 3061.59 MB
Available physical RAM: 924.63 MB
Total Virtual: 6121.51 MB
Available Virtual: 3762.84 MB
==================== Drives ================================
Drive c: (S3A8113D003) (Fixed) (Total:583.45 GB) (Free:338.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (EOS_DIGITAL) (Removable) (Total:14.83 GB) (Free:14.08 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 230D9B41)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================