Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Help Needed- Pop-ups, redirects, etc.


  • Please log in to reply

#1
andrea22

andrea22

    Member

  • Member
  • PipPipPip
  • 139 posts

Hi, I seem to have a malware problem again. I'm getting pop-ups on ebay, multiple redirects (i.e. reimage site comes up all the time), firefox 'not responding' and greying out, and script errors. Same problem I had a couple of months ago. FRST logs below, thank you.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2016
Ran by Celia (administrator) on CELIA-PC (20-07-2016 09:49:29)
Running from C:\Users\Celia\Desktop
Loaded Profiles: Celia (Available Profiles: Celia)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Dropbox, Inc.) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Fuji Xerox Co., Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Fuji Xerox\BrStMonW.exe [4513280 2014-06-17] (Fuji Xerox Co., Ltd.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [Dropbox Update] => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-24] (AVAST Software)
Startup: C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{73FE20E9-1391-44F4-9EB4-2B112372BCE1}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [NameServer] 208.67.222.222,4.2.2.1
Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: [DhcpNameServer] 10.5.133.45 10.5.136.242

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-24] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-20] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-31] (Apple Inc.)
FF Extension: LavaFox V2-Blue - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-12]
FF Extension: NoSquint Plus - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-24]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-01-13]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (Avast Online Security) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-05-24] (Avast Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2014-05-26] (Fuji Xerox Co., Ltd.) [File not signed]
S4 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S4 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-29] (TOSHIBA Corporation)
S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-06] (TOSHIBA Corporation)
S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-10-31] (TOSHIBA Corporation)
S4 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [32792 2016-05-24] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [35096 2016-05-24] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [91168 2016-05-24] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [91232 2016-05-24] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [58776 2016-05-24] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [815792 2016-05-24] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [449640 2016-05-24] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [124808 2016-05-24] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [221368 2016-05-24] (AVAST Software)
R3 enecirhid; C:\windows\System32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
R3 enecirhidma; C:\windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 mod7700; C:\windows\System32\Drivers\dvb7700all.sys [626688 2009-06-12] (DiBcom)
R0 ngvss; C:\windows\system32\Drivers\ngvss.sys [136432 2016-05-24] (AVAST Software)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-24] (Avast Software)
S3 ZTEusbnet; C:\windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-12-28] (ZTE Corporation)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 09:49 - 2016-07-20 09:51 - 00018279 _____ C:\Users\Celia\Desktop\FRST.txt
2016-07-20 09:47 - 2016-07-20 09:47 - 01741824 _____ (Farbar) C:\Users\Celia\Desktop\FRST.exe
2016-07-13 10:10 - 2016-06-26 06:01 - 00037096 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-13 10:10 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 01004544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 00779776 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-13 10:10 - 2016-06-26 05:53 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-13 10:10 - 2016-06-26 05:42 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-07-13 10:10 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-07-13 10:10 - 2016-06-26 05:41 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-07-13 10:10 - 2016-06-22 23:06 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 01288192 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-13 10:10 - 2016-06-18 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-13 10:10 - 2016-06-15 00:57 - 02398208 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-13 10:10 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-13 10:10 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-13 10:10 - 2016-06-11 05:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-13 10:10 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-13 10:10 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-13 10:10 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-13 10:10 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-13 10:10 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-13 10:10 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-13 10:10 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-13 10:10 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-13 10:10 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-13 10:10 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-13 10:10 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-13 10:10 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-13 10:10 - 2016-06-11 04:41 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-13 10:10 - 2016-06-11 04:35 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-13 10:10 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-13 10:10 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 10:10 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-13 10:10 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-13 10:10 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-13 10:10 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-13 10:10 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-13 10:10 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-13 10:10 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-13 10:10 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-13 10:10 - 2016-06-11 04:10 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-13 10:10 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-13 10:10 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-13 10:10 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-13 10:10 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-13 10:10 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-13 10:10 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-13 10:09 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-12 10:12 - 2016-07-12 10:12 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-24 16:47 - 2016-06-24 16:47 - 00087115 _____ C:\Users\Celia\Downloads\Andreana Bonica Avgoloupis 3M.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 09:50 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-20 09:50 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-20 09:49 - 2016-05-19 18:19 - 00000000 ____D C:\FRST
2016-07-20 09:25 - 2010-07-03 17:13 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 09:24 - 2012-08-21 08:50 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-20 09:24 - 2010-07-03 17:13 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 09:16 - 2015-06-18 21:06 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job
2016-07-19 17:38 - 2015-04-01 11:21 - 00000000 ___RD C:\Users\Celia\Dropbox
2016-07-19 17:34 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-19 14:49 - 2013-10-01 23:36 - 00000000 ____D C:\Users\Celia\Downloads\My WAC
2016-07-19 14:12 - 2015-06-18 21:06 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job
2016-07-18 11:34 - 2013-10-01 23:54 - 00000000 ____D C:\Users\Celia\Downloads\Programs Etc
2016-07-16 18:55 - 2010-04-30 08:20 - 00916538 _____ C:\windows\system32\PerfStringBackup.INI
2016-07-16 18:55 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
2016-07-15 02:00 - 2009-07-14 12:37 - 00000000 ____D C:\windows\rescache
2016-07-14 21:44 - 2009-07-14 14:33 - 00455728 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-14 21:42 - 2014-12-12 08:59 - 00000000 ____D C:\windows\system32\appraiser
2016-07-14 21:42 - 2009-07-14 17:49 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 21:36 - 2013-07-16 18:14 - 00000000 ____D C:\windows\system32\MRT
2016-07-14 21:30 - 2010-05-26 22:14 - 141983760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-12 23:09 - 2016-02-14 09:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-12 10:11 - 2015-04-01 11:16 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Dropbox
2016-06-24 16:34 - 2010-04-30 09:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 00:04 - 2013-07-03 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 12:13 - 2010-05-23 14:57 - 00400552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-20 08:36 - 2012-05-21 13:54 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-06-20 08:36 - 2011-07-21 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-20 08:32 - 2014-06-15 22:34 - 00000000 ____D C:\Users\Celia\AppData\Local\Adobe

==================== Files in the root of some directories =======

2010-05-22 11:01 - 2010-05-22 11:01 - 127951849 _____ () C:\Program Files\openofficeorg1.cab
2010-05-22 11:05 - 2010-05-22 11:05 - 3093504 _____ () C:\Program Files\openofficeorg32.msi
2010-05-22 10:13 - 2010-05-22 10:13 - 0000290 _____ () C:\Program Files\setup.ini
2011-01-17 12:33 - 2014-04-16 20:55 - 0006144 _____ () C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-14 20:29 - 2010-12-14 20:29 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Celia\AppData\Local\Temp\libeay32.dll
C:\Users\Celia\AppData\Local\Temp\msvcr120.dll
C:\Users\Celia\AppData\Local\Temp\sqlite3.dll
C:\Users\Celia\AppData\Local\Temp\{0DCD7807-9F20-4D8F-8E26-C88D5408387E}-DropboxClient_4.4.29.exe
C:\Users\Celia\AppData\Local\Temp\{D2F6BECA-06FA-4208-A116-780B12790D65}-DropboxClient_6.4.14.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-18 15:07

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2016
Ran by Celia (2016-07-20 09:52:45)
Running from C:\Users\Celia\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2010-05-23 04:09:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3979224096-2494383751-3139044533-500 - Administrator - Disabled)
Celia (S-1-5-21-3979224096-2494383751-3139044533-1005 - Administrator - Enabled) => C:\Users\Celia
Guest (S-1-5-21-3979224096-2494383751-3139044533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3979224096-2494383751-3139044533-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Pixlr (HKLM\...\Autodesk Pixlr) (Version: 1.0.3.0 - Autodesk)
Autodesk Pixlr (Version: 1.0.3.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DocuPrint P115 w (HKLM\...\{92EA7FDC-323F-406F-BEE9-601B8EB1E209}) (Version: 1.0.0.0 - Fuji Xerox)
Dolby Control Center (HKLM\...\{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}) (Version: 2.2.1 - Dolby)
Dropbox (HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
ENE CIR Receiver Driver (HKLM\...\D751CB2FD39EE07639D08542EEF9BF77AD1D9696) (Version: 2.7.4.1 - ENE)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
InterVideo WinDVD BD for TOSHIBA (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.153 - InterVideo Inc.)
InterVideo WinDVD BD for TOSHIBA (Version: 8.0.20.153 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 47.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Telstra Mobile Broadband Manager (HKLM\...\Telstra Mobile Broadband Manager) (Version: 3.0.514 - Telstra)
Telstra Mobile Broadband Manager (Version: 3.0.514 - Telstra) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.12 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.05.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.07.32 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1.0 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.32 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden
Windows Driver Package - Cmotech (cmusbnet) Net  (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem  (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Driver Package - Cmotech Ports  (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B38A649-9F1E-4712-8144-F630B3FFA3EF} - System32\Tasks\{2B304DAF-75E8-4FD3-B03F-39DF58D79679} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12002
Task: {100C92C3-AE05-4B8A-A7D6-B268F8483060} - System32\Tasks\{FB271578-E767-4C96-91CE-B4C000C33CAE} => pcalua.exe -a C:\Users\Celia\Documents\erunt\ERUNT.EXE -d C:\Users\Celia\Documents\erunt
Task: {20E58FCF-A260-45C3-94C0-A9E72DBF7C83} - System32\Tasks\{55F00A89-B569-4BDD-8552-B5975366E7C1} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12007
Task: {31CFACD6-DBED-4CDF-B6DA-8233C9BA6C16} - System32\Tasks\{54B69217-9D97-4C3E-A327-3C9D6F79C5B5} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12002
Task: {3E6077ED-2FD0-403F-80C9-D0C3BAEA5A7B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-24] (AVAST Software)
Task: {439B1BB6-027E-4252-A0D4-20F91E4231FF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-20] (Adobe Systems Incorporated)
Task: {478E14C3-B8CC-4F1A-9EAD-48BC6ED82405} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {49CE06DF-0448-492D-BBBB-C2116204AD78} - System32\Tasks\SafeZone scheduled Autoupdate 1464012472 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {49E12645-39F8-47B5-A988-DC9DCCB4C5FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {50EA36FF-C896-4BA6-9921-0C2B86B61EEF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {558A8A80-5ABD-4AB2-A9A0-FD934894F016} - System32\Tasks\{A73BF785-3482-41CB-9F03-987DDC76B215} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12007
Task: {678AF2BF-115A-4B36-8764-F808D8F8CC3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {78206B44-8E2D-49BA-85F4-1BEA4E218FA8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-29] (TOSHIBA CORPORATION)
Task: {7E6B6E1A-4C4A-49FE-A76E-CCB4CF2AE46D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8F811ACF-3913-4EAA-BAE9-1B32CA4DFFFF} - System32\Tasks\{ECA42B9B-347C-41A3-B74A-63066582EB8F} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9B73DDB4-B5AE-485E-B7DF-B2A12B35478B} - System32\Tasks\{3A395E62-8C9D-47E0-A386-F6F563BE7108} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12002
Task: {9DA78D71-DE3A-467D-B672-DF2012DAB5CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B4C43DAF-26A8-4683-9F55-1A045F849315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B89A471C-D09F-4722-87A4-7DCFC991D7CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B8EB98D3-AAFB-4E5A-B617-6D443BAF002B} - System32\Tasks\{75B8B063-98D4-450A-8604-51F18CE5B7FC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12007
Task: {CB8D353A-D93A-496F-8E45-57851864164D} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-24 00:02 - 2016-05-24 00:02 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-24 00:02 - 2016-05-24 00:02 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-19 09:15 - 2016-07-19 09:15 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071801\algo.dll
2016-05-24 00:02 - 2016-05-24 00:02 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-24 00:02 - 2016-05-24 00:02 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-19 21:38 - 2016-07-19 21:38 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071900\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-24 00:03 - 2016-05-24 00:03 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-12 10:01 - 2016-06-07 11:58 - 00034768 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-07-12 10:12 - 2016-06-07 11:58 - 00134088 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-07-12 10:12 - 2016-06-07 11:59 - 00019408 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-07-12 10:12 - 2016-06-07 11:58 - 00116688 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-07-12 10:01 - 2016-06-07 11:58 - 00093640 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-07-12 10:01 - 2016-06-07 11:58 - 00018376 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\select.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00019760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00105928 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-07-12 10:12 - 2016-06-07 11:58 - 00392144 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-07-12 10:01 - 2016-07-06 04:00 - 00381752 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-07-12 10:01 - 2016-06-07 11:58 - 00692688 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00020816 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-07-12 10:01 - 2016-06-07 11:59 - 00123856 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 01682760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00020808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00021840 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00052024 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00038696 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-07-12 10:12 - 2016-06-07 12:00 - 00020936 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00024528 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00114640 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00124880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00021832 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00175560 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00030160 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00043472 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00048592 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00023872 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00026456 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00057808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00246592 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00028616 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00019776 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-07-12 10:01 - 2016-06-07 11:58 - 00134608 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-07-12 10:12 - 2016-06-07 11:59 - 00240584 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-07-12 10:12 - 2016-07-06 03:59 - 00020280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00023376 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00350152 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00022352 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00024392 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-07-12 10:12 - 2016-06-07 12:01 - 00036296 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsync.dll
2016-07-12 10:12 - 2016-07-06 04:00 - 00084280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-12 10:12 - 2016-07-06 04:00 - 01826096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-07-12 10:01 - 2016-06-07 11:59 - 00083912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\sip.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 03928880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 01971504 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00531248 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00132912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00223544 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00207672 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-07-12 10:01 - 2016-06-07 12:00 - 00060880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-07-12 10:01 - 2016-07-06 04:00 - 00024904 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00546096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-07-12 10:12 - 2016-07-06 04:00 - 00357680 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-06-20 08:36 - 2016-06-20 08:36 - 19455168 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2010-11-07 22:47 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TRCMan => C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{43EE8DAD-6C08-4D4E-A02E-83E87E210F76}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{48E9EF0B-D6A0-4B37-8A77-A0D5E559C069}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BC84C22-28FA-49B0-B0C2-5618EEF78011}] => (Allow) svchost.exe
FirewallRules: [{0776B301-7894-4F75-AD67-39CE0AA9578E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{35994984-9113-43EC-B221-897E9FF8093A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{398A4635-3BF2-4AE7-8CE4-E0E6D8CB8A08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ABAC755B-E812-4608-AB1E-D5F1A55B3B6F}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1A79D5E8-BF8A-4693-B8B7-6BB0D92AB15F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6CF2275A-E7C7-4E74-8ECD-2160CB7C80B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8D3CB989-BD6C-4058-B2DD-D2DA7AAF9CA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59AED1AD-95B2-4418-A754-6397BD0854D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3F6C9FC6-6D8C-470D-8D4D-455E72FBB786}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{C64A311B-BDEC-4252-8F2E-ED7DE77D3B9E}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0595BB65-7C9F-44CC-B383-973AFB9BCD62}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7487962A-F6D1-49AB-8E5F-069E7A3D5CE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA577E95-76B6-4AF3-89F7-D83164940089}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DA21657D-E80C-4432-AE13-C1D88FAACA9D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{51686515-2772-438C-AB34-A3C6FC52DDC2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Restore Points =========================

11-05-2016 16:22:07 Scheduled Checkpoint
12-05-2016 20:18:25 Windows Update
13-05-2016 09:42:23 Windows Update
16-05-2016 09:58:33 Windows Update
17-05-2016 09:13:57 Windows Update
17-05-2016 15:49:06 Windows Update
18-05-2016 09:01:28 Windows Update
18-05-2016 17:10:35 Windows Update
19-05-2016 08:47:15 Windows Update
20-05-2016 08:53:55 Windows Update
20-05-2016 20:14:45 Windows Update
24-05-2016 03:00:24 Windows Update
24-05-2016 15:19:41 Windows Update
26-05-2016 09:30:48 Windows Update
30-05-2016 09:53:19 Removed Java 8 Update 77
30-05-2016 09:56:22 Windows Update
31-05-2016 15:38:13 Windows Update
02-06-2016 09:04:09 Windows Update
06-06-2016 08:59:17 Windows Update
07-06-2016 08:17:14 Windows Update
09-06-2016 09:32:34 Windows Update
12-06-2016 09:27:26 Windows Update
12-06-2016 21:20:36 Windows Update
14-06-2016 09:12:43 Windows Update
17-06-2016 11:20:24 Windows Update
17-06-2016 13:49:15 Windows Update
20-06-2016 00:59:37 Windows Update
20-06-2016 08:53:16 Windows Update
20-06-2016 11:29:10 Windows Update
20-06-2016 23:03:17 Windows Update
21-06-2016 10:54:53 Windows Update
21-06-2016 22:50:58 Windows Update
22-06-2016 15:59:52 Windows Update
22-06-2016 22:18:39 Windows Update
24-06-2016 00:00:46 Windows Update
24-06-2016 23:37:50 Windows Update
25-06-2016 22:05:35 Windows Update
27-06-2016 00:20:26 Windows Update
29-06-2016 15:49:46 Windows Update
04-07-2016 22:02:15 Windows Update
05-07-2016 23:19:21 Windows Update
08-07-2016 18:08:59 Windows Update
11-07-2016 14:24:13 Windows Update
14-07-2016 21:27:01 Windows Update
15-07-2016 13:32:04 Windows Update
15-07-2016 22:38:34 Windows Update
18-07-2016 10:34:21 Windows Update
18-07-2016 15:52:33 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2016 12:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8128

Error: (07/20/2016 12:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8128

Error: (07/20/2016 12:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2016 12:09:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7098

Error: (07/20/2016 12:09:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7098

Error: (07/20/2016 12:09:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2016 12:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6038

Error: (07/20/2016 12:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6038

Error: (07/20/2016 12:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2016 12:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024


System errors:
=============
Error: (07/19/2016 05:40:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/19/2016 05:34:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:32:46 PM on ‎19/‎07/‎2016 was unexpected.

Error: (07/18/2016 06:58:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2016 06:58:01 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2016 06:57:48 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2016 06:57:35 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2016 06:57:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2016 06:57:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2016 06:56:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (07/18/2016 06:56:43 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 69%
Total physical RAM: 3061.59 MB
Available physical RAM: 924.63 MB
Total Virtual: 6121.51 MB
Available Virtual: 3762.84 MB

==================== Drives ================================

Drive c: (S3A8113D003) (Fixed) (Total:583.45 GB) (Free:338.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (EOS_DIGITAL) (Removable) (Total:14.83 GB) (Free:14.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 230D9B41)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
    I would also let Avast run a boot-time scan tonight while you sleep (it takes about 6 hours).  Make sure you set it up as follows:
     

    Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
     
    Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
    Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
     
    When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
     
     
    Copy and paste the text from the log to a Reply when done.
     
     

    • 0

    #3
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Thanks so much, will get to this tomorrow, waylaid with visitors.


    • 0

    #4
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    # AdwCleaner v5.201 - Logfile created 26/07/2016 at 10:56:43
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-25.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X86)
    # Username : Celia - CELIA-PC
    # Running from : C:\Users\Celia\Desktop\AdwCleaner.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [1837 bytes] - [05/04/2016 15:07:46]
    C:\AdwCleaner\AdwCleaner[C2].txt - [803 bytes] - [26/07/2016 10:56:43]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1833 bytes] - [05/04/2016 15:06:15]
    C:\AdwCleaner\AdwCleaner[S2].txt - [937 bytes] - [26/07/2016 10:54:23]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1020 bytes] ##########
     


    • 0

    #5
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Home Premium x86
    Ran by Celia (Administrator) on Tue 26/07/2016 at 11:13:58.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 49

    Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00ID605C (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G4S2GT7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48A1UNLW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LAM7FXB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JNW191V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OMQSMMQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTS5RIL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX4OYGEV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F08LLY16 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4YAUTZP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8868HBZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUKJ9YPS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G361RWJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GR5RLRPF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT2GVKU8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMHQ13WQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8C6XC0G (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ2GDH2V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZRJXST3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1QT8TOZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T542B69V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4CZ2SCE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5Y3JF2P (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Celia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE8B1NFO (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00ID605C (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G4S2GT7 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48A1UNLW (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LAM7FXB (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JNW191V (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OMQSMMQ (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTS5RIL (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX4OYGEV (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F08LLY16 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4YAUTZP (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8868HBZ (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUKJ9YPS (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G361RWJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GR5RLRPF (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT2GVKU8 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMHQ13WQ (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8C6XC0G (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ2GDH2V (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZRJXST3 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1QT8TOZ (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T542B69V (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4CZ2SCE (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5Y3JF2P (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE8B1NFO (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 26/07/2016 at 11:16:36.67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Still waiting for the Avast boot-time scan log.

     

    Uninstall Bonjour.

     

    I'm going to give you a FRST list tho I don't think it's your problem.
     
     
    Download the attached fixlist.txt to the same location as FRST
     
    [attachment=82170:fixlist.txt]
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

     

    You do have a hard drive that needs a disk check:

     

    Error: (07/18/2016 06:58:17 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk1\DR1, has a bad block.

     

     

     

    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. The disk check will run and will probably take an hour or more to finish.  If you have more than one drive then repeat  the disk check for each drive.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
    Do you see the problem only in Firefox?  If so try running Firefox in Safe mode:
     
     
    If the problem goes away then it's one of your extensions.  They look OK but could be corrupt.
     

    • 0

    #7
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    I somehow missed the avast scan sorry! Hopefully this is the correct log for that scan-

     

    05/24/2016 00:31
    Scan of C:

    Scan of *STARTUP

    File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601.18766_875fdb4529604f8428ed2441b2e79b17e3cfc26e_cab_15538c76\CbsPersist_20160319102059.cab|>CbsPersist_20160319102059.log Error 42127 {CAB archive is corrupted.}
    Number of searched folders: 36136
    Number of tested files: 1352176
    Number of infected files: 0

    ----------------------------------------
    05/31/2016 21:12
    Scan of C:

    Scan of *STARTUP

    File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7601.18766_875fdb4529604f8428ed2441b2e79b17e3cfc26e_cab_15538c76\CbsPersist_20160319102059.cab|>CbsPersist_20160319102059.log Error 42127 {CAB archive is corrupted.}
    Number of searched folders: 36589
    Number of tested files: 1345767
    Number of infected files: 0

    ----------------------------------------
    08/10/2016 13:36
    Scan of C:

    Scan of *STARTUP

    Number of searched folders: 34054
    Number of tested files: 1274462
    Number of infected files: 0


    • 0

    #8
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Fix result of Farbar Recovery Scan Tool (x86) Version: 09-08-2016 01
    Ran by Celia (2016-08-10 16:58:54) Run:1
    Running from C:\Users\Celia\Desktop
    Loaded Profiles: Celia (Available Profiles: Celia)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    Task: {0B38A649-9F1E-4712-8144-F630B3FFA3EF} - System32\Tasks\{2B304DAF-75E8-4FD3-B03F-39DF58D79679} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12002
    Task: {20E58FCF-A260-45C3-94C0-A9E72DBF7C83} - System32\Tasks\{55F00A89-B569-4BDD-8552-B5975366E7C1} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12007
    Task: {31CFACD6-DBED-4CDF-B6DA-8233C9BA6C16} - System32\Tasks\{54B69217-9D97-4C3E-A327-3C9D6F79C5B5} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12002
    Task: {558A8A80-5ABD-4AB2-A9A0-FD934894F016} - System32\Tasks\{A73BF785-3482-41CB-9F03-987DDC76B215} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12007
    Task: {8F811ACF-3913-4EAA-BAE9-1B32CA4DFFFF} - System32\Tasks\{ECA42B9B-347C-41A3-B74A-63066582EB8F} => C:\Program Files\Skype\\Phone\Skype.exe
    Task: {9B73DDB4-B5AE-485E-B7DF-B2A12B35478B} - System32\Tasks\{3A395E62-8C9D-47E0-A386-F6F563BE7108} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12002
    Task: {B8EB98D3-AAFB-4E5A-B617-6D443BAF002B} - System32\Tasks\{75B8B063-98D4-450A-8604-51F18CE5B7FC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152.259&amp;LastError=12007
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    *****************

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B38A649-9F1E-4712-8144-F630B3FFA3EF}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B38A649-9F1E-4712-8144-F630B3FFA3EF}" => key removed successfully.
    C:\Windows\System32\Tasks\{2B304DAF-75E8-4FD3-B03F-39DF58D79679} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B304DAF-75E8-4FD3-B03F-39DF58D79679}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20E58FCF-A260-45C3-94C0-A9E72DBF7C83}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20E58FCF-A260-45C3-94C0-A9E72DBF7C83}" => key removed successfully.
    C:\Windows\System32\Tasks\{55F00A89-B569-4BDD-8552-B5975366E7C1} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55F00A89-B569-4BDD-8552-B5975366E7C1}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31CFACD6-DBED-4CDF-B6DA-8233C9BA6C16}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31CFACD6-DBED-4CDF-B6DA-8233C9BA6C16}" => key removed successfully.
    C:\Windows\System32\Tasks\{54B69217-9D97-4C3E-A327-3C9D6F79C5B5} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54B69217-9D97-4C3E-A327-3C9D6F79C5B5}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{558A8A80-5ABD-4AB2-A9A0-FD934894F016}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{558A8A80-5ABD-4AB2-A9A0-FD934894F016}" => key removed successfully.
    C:\Windows\System32\Tasks\{A73BF785-3482-41CB-9F03-987DDC76B215} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A73BF785-3482-41CB-9F03-987DDC76B215}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F811ACF-3913-4EAA-BAE9-1B32CA4DFFFF}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F811ACF-3913-4EAA-BAE9-1B32CA4DFFFF}" => key removed successfully.
    C:\Windows\System32\Tasks\{ECA42B9B-347C-41A3-B74A-63066582EB8F} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ECA42B9B-347C-41A3-B74A-63066582EB8F}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B73DDB4-B5AE-485E-B7DF-B2A12B35478B}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B73DDB4-B5AE-485E-B7DF-B2A12B35478B}" => key removed successfully.
    C:\Windows\System32\Tasks\{3A395E62-8C9D-47E0-A386-F6F563BE7108} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A395E62-8C9D-47E0-A386-F6F563BE7108}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8EB98D3-AAFB-4E5A-B617-6D443BAF002B}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8EB98D3-AAFB-4E5A-B617-6D443BAF002B}" => key removed successfully.
    C:\Windows\System32\Tasks\{75B8B063-98D4-450A-8604-51F18CE5B7FC} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75B8B063-98D4-450A-8604-51F18CE5B7FC}" => key removed successfully.
    C:\windows\Tasks\Adobe Flash Player Updater.job => moved successfully
    C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core.job => moved successfully
    C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA.job => moved successfully
    C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
    C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

    ==== End of Fixlog 16:58:56 ====


    • 0

    #9
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2016 01
    Ran by Celia (administrator) on CELIA-PC (10-08-2016 17:03:29)
    Running from C:\Users\Celia\Desktop
    Loaded Profiles: Celia (Available Profiles: Celia)
    Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Dropbox, Inc.) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Fuji Xerox Co., Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Fuji Xerox\BrStMonW.exe [4513280 2014-06-17] (Fuji Xerox Co., Ltd.)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [Dropbox Update] => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-24] (AVAST Software)
    Startup: C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-08]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{73FE20E9-1391-44F4-9EB4-2B112372BCE1}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [NameServer] 208.67.222.222,4.2.2.1
    Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: [DhcpNameServer] 10.5.133.45 10.5.136.242

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
    SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
    SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-24] (AVAST Software)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    IE Session Restore: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> is enabled.
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118
    FF Session Restore: -> is enabled.
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-26] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-31] (Apple Inc.)
    FF Extension: LavaFox V2-Blue - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-12]
    FF Extension: NoSquint Plus - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-02]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-24]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-24]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
    CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
    CHR Extension: (Google Search) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
    CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
    CHR Extension: (Avast Online Security) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
    CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-24]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-24] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-05-24] (Avast Software)
    R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2014-05-26] (Fuji Xerox Co., Ltd.) [File not signed]
    S4 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)
    S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
    S4 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
    S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
    S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-29] (TOSHIBA Corporation)
    S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-06] (TOSHIBA Corporation)
    S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-10-31] (TOSHIBA Corporation)
    S4 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [32792 2016-05-24] (AVAST Software)
    R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [35096 2016-05-24] (AVAST Software)
    R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [91168 2016-05-24] (AVAST Software)
    R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [91232 2016-05-24] (AVAST Software)
    R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [58776 2016-05-24] (AVAST Software)
    R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [815792 2016-05-24] (AVAST Software)
    R1 aswSP; C:\windows\system32\drivers\aswSP.sys [449640 2016-05-24] (AVAST Software)
    R2 aswStm; C:\windows\system32\drivers\aswStm.sys [124808 2016-05-24] (AVAST Software)
    R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [224616 2016-08-08] (AVAST Software)
    R3 enecirhid; C:\windows\System32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
    R3 enecirhidma; C:\windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
    R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
    S3 mod7700; C:\windows\System32\Drivers\dvb7700all.sys [603648 2013-07-31] (DiBcom)
    R0 ngvss; C:\windows\system32\Drivers\ngvss.sys [136432 2016-05-24] (AVAST Software)
    R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
    R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-24] (Avast Software)
    R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [44776 2016-07-22] (Microsoft Corporation)
    S3 ZTEusbnet; C:\windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-12-28] (ZTE Corporation)
    U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-10 17:03 - 2016-08-10 17:05 - 00018544 _____ C:\Users\Celia\Desktop\FRST.txt
    2016-08-10 16:58 - 2016-08-10 16:58 - 00006596 _____ C:\Users\Celia\Desktop\Fixlog.txt
    2016-08-10 16:58 - 2016-08-10 16:58 - 00000000 ____D C:\Users\Celia\Desktop\FRST-OlderVersion
    2016-08-10 16:57 - 2016-08-10 16:57 - 00004220 _____ C:\Users\Celia\Downloads\fixlist.txt
    2016-08-10 16:32 - 2016-08-10 16:32 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WirelessDevice_01_09_00.Wdf
    2016-08-08 22:24 - 2016-08-08 22:24 - 00000000 ____D C:\Users\Celia\AppData\Local\ElevatedDiagnostics
    2016-08-08 21:18 - 2016-08-08 21:18 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
    2016-08-08 21:02 - 2013-09-05 02:39 - 00053024 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
    2016-08-08 21:01 - 2016-08-08 21:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-08-08 20:51 - 2015-12-17 04:47 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
    2016-08-08 20:51 - 2015-12-17 04:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
    2016-08-08 20:51 - 2015-12-17 04:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
    2016-08-08 20:51 - 2015-12-17 04:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
    2016-08-08 20:50 - 2016-06-11 01:24 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2016-08-08 20:50 - 2016-06-11 01:24 - 00067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2016-08-08 20:50 - 2016-06-11 01:20 - 01062400 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00260608 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2016-08-08 20:50 - 2016-06-11 00:57 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2016-08-08 20:50 - 2016-06-11 00:53 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2016-08-08 20:50 - 2016-06-11 00:53 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2016-08-08 20:50 - 2016-06-11 00:53 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2016-08-08 20:50 - 2016-06-11 00:52 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2016-08-08 20:50 - 2016-06-11 00:52 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2016-08-08 20:50 - 2016-06-11 00:52 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 01176064 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
    2016-08-08 20:50 - 2016-05-17 09:18 - 03998952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2016-08-08 20:50 - 2016-05-17 09:18 - 03943144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2016-08-08 20:50 - 2016-05-17 09:16 - 01311064 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2016-08-08 20:50 - 2016-05-17 07:15 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2016-08-08 20:50 - 2016-05-17 07:14 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2016-08-08 20:50 - 2016-05-17 07:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2016-08-08 20:50 - 2016-05-17 07:14 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2016-08-08 20:50 - 2016-05-17 07:12 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2016-08-08 20:50 - 2016-05-17 07:09 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2016-08-08 20:50 - 2016-05-14 07:50 - 02945536 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2016-08-08 20:50 - 2016-05-14 07:50 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2016-08-08 20:50 - 2016-05-14 07:47 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2016-08-08 20:50 - 2016-05-14 07:39 - 02060288 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00573440 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2016-08-08 20:50 - 2016-05-14 07:38 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2016-08-08 20:50 - 2016-05-14 07:38 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
    2016-08-08 20:50 - 2016-05-13 01:18 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2016-08-08 20:50 - 2016-05-13 01:18 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\olepro32.dll
    2016-08-08 20:50 - 2016-05-13 01:18 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
    2016-08-08 20:50 - 2016-05-05 03:21 - 00105192 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2016-08-08 20:50 - 2016-05-05 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 01806848 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
    2016-08-08 20:50 - 2016-05-05 00:55 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
    2016-08-08 09:44 - 2016-08-08 09:44 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-07-26 11:13 - 2016-07-26 11:13 - 01610560 _____ (Malwarebytes) C:\Users\Celia\Desktop\JRT.exe
    2016-07-26 10:49 - 2016-07-26 10:49 - 03712064 _____ C:\Users\Celia\Desktop\AdwCleaner.exe
    2016-07-22 07:20 - 2016-07-22 07:20 - 01846032 _____ (Microsoft Corporation) C:\windows\system32\WudfUpdate_01009.dll
    2016-07-22 07:19 - 2016-07-22 07:19 - 00044776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WirelessKeyboardFilter.sys
    2016-07-21 19:30 - 2016-07-21 19:30 - 00000000 ____D C:\windows\EOONotify
    2016-07-20 09:47 - 2016-08-10 16:58 - 01743872 _____ (Farbar) C:\Users\Celia\Desktop\FRST.exe
    2016-07-13 10:10 - 2016-06-26 06:01 - 00037096 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2016-07-13 10:10 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 01004544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 00779776 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
    2016-07-13 10:10 - 2016-06-26 05:42 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
    2016-07-13 10:10 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
    2016-07-13 10:10 - 2016-06-26 05:41 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
    2016-07-13 10:10 - 2016-06-22 23:06 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 01288192 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2016-07-13 10:10 - 2016-06-15 00:57 - 02398208 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2016-07-13 10:10 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2016-07-13 10:10 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2016-07-13 10:10 - 2016-06-11 05:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2016-07-13 10:10 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2016-07-13 10:10 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2016-07-13 10:10 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2016-07-13 10:10 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2016-07-13 10:10 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2016-07-13 10:10 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2016-07-13 10:10 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2016-07-13 10:10 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2016-07-13 10:10 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2016-07-13 10:10 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2016-07-13 10:10 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2016-07-13 10:10 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2016-07-13 10:10 - 2016-06-11 04:41 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2016-07-13 10:10 - 2016-06-11 04:35 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2016-07-13 10:10 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2016-07-13 10:10 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2016-07-13 10:10 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2016-07-13 10:10 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2016-07-13 10:10 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2016-07-13 10:10 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2016-07-13 10:10 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2016-07-13 10:10 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2016-07-13 10:10 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2016-07-13 10:10 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2016-07-13 10:10 - 2016-06-11 04:10 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2016-07-13 10:10 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2016-07-13 10:10 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2016-07-13 10:10 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2016-07-13 10:10 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2016-07-13 10:10 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2016-07-13 10:10 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2016-07-13 10:09 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-10 17:03 - 2016-05-19 18:19 - 00000000 ____D C:\FRST
    2016-08-10 16:39 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-10 16:39 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-10 16:32 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
    2016-08-10 16:30 - 2011-02-10 22:36 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Apple Computer
    2016-08-10 16:27 - 2015-04-01 11:21 - 00000000 ___RD C:\Users\Celia\Dropbox
    2016-08-10 16:23 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-08-09 21:06 - 2009-07-14 14:33 - 00455728 _____ C:\windows\system32\FNTCACHE.DAT
    2016-08-08 23:41 - 2009-07-14 12:37 - 00000000 ____D C:\windows\rescache
    2016-08-08 21:37 - 2010-04-30 08:20 - 00916538 _____ C:\windows\system32\PerfStringBackup.INI
    2016-08-08 21:30 - 2010-04-30 08:18 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-08-08 21:03 - 2010-08-08 15:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-08-08 17:59 - 2016-04-05 15:06 - 00000000 ____D C:\AdwCleaner
    2016-08-08 17:46 - 2014-03-29 18:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-08-08 17:46 - 2012-05-17 13:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-08-08 17:46 - 2012-03-05 19:41 - 00000000 ____D C:\Users\Celia\AppData\Local\Thunderbird
    2016-08-08 17:46 - 2012-03-05 19:41 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
    2016-08-08 09:44 - 2015-04-01 11:16 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Dropbox
    2016-08-08 09:33 - 2014-05-03 18:53 - 00224616 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
    2016-08-03 22:20 - 2016-02-14 09:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-08-03 22:18 - 2010-05-23 14:14 - 00000000 ____D C:\Users\Celia\AppData\Local\Google
    2016-08-02 21:01 - 2013-10-01 23:36 - 00000000 ____D C:\Users\Celia\Downloads\My WAC
    2016-07-26 14:24 - 2010-05-23 14:57 - 00406184 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2016-07-26 09:12 - 2014-06-15 22:34 - 00000000 ____D C:\Users\Celia\AppData\Local\Adobe
    2016-07-26 09:12 - 2013-10-01 23:54 - 00000000 ____D C:\Users\Celia\Downloads\Programs Etc
    2016-07-26 09:07 - 2012-05-21 13:54 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2016-07-26 09:07 - 2011-07-21 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2016-07-26 09:07 - 2010-04-30 08:45 - 00000000 ____D C:\windows\system32\Macromed
    2016-07-21 19:32 - 2015-04-15 01:27 - 00000000 ___SD C:\windows\system32\GWX
    2016-07-14 21:42 - 2014-12-12 08:59 - 00000000 ____D C:\windows\system32\appraiser
    2016-07-14 21:36 - 2013-07-16 18:14 - 00000000 ____D C:\windows\system32\MRT
    2016-07-14 21:30 - 2010-05-26 22:14 - 141983760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2010-05-22 11:01 - 2010-05-22 11:01 - 127951849 _____ () C:\Program Files\openofficeorg1.cab
    2010-05-22 11:05 - 2010-05-22 11:05 - 3093504 _____ () C:\Program Files\openofficeorg32.msi
    2010-05-22 10:13 - 2010-05-22 10:13 - 0000290 _____ () C:\Program Files\setup.ini
    2011-01-17 12:33 - 2014-04-16 20:55 - 0006144 _____ () C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-12-14 20:29 - 2010-12-14 20:29 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

    Some files in TEMP:
    ====================
    C:\Users\Celia\AppData\Local\Temp\GUR8AA2.exe
    C:\Users\Celia\AppData\Local\Temp\{0DCD7807-9F20-4D8F-8E26-C88D5408387E}-DropboxClient_4.4.29.exe
    C:\Users\Celia\AppData\Local\Temp\{D2F6BECA-06FA-4208-A116-780B12790D65}-DropboxClient_6.4.14.exe

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-08-08 23:33

    ==================== End of FRST.txt ============================

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2016 01
    Ran by Celia (administrator) on CELIA-PC (10-08-2016 17:03:29)
    Running from C:\Users\Celia\Desktop
    Loaded Profiles: Celia (Available Profiles: Celia)
    Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    (Dropbox, Inc.) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Fuji Xerox Co., Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Fuji Xerox\BrStMonW.exe [4513280 2014-06-17] (Fuji Xerox Co., Ltd.)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Run: [Dropbox Update] => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-24] (AVAST Software)
    Startup: C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-08]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{73FE20E9-1391-44F4-9EB4-2B112372BCE1}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [NameServer] 208.67.222.222,4.2.2.1
    Tcpip\..\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: [DhcpNameServer] 10.5.133.45 10.5.136.242

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
    SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU
    SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
    SearchScopes: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enAU380
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-24] (AVAST Software)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    Toolbar: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    IE Session Restore: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005 -> is enabled.
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118
    FF Session Restore: -> is enabled.
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-26] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-31] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-31] (Apple Inc.)
    FF Extension: LavaFox V2-Blue - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-12]
    FF Extension: NoSquint Plus - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\t3ku6f2c.default-1459825182118\Extensions\[email protected] [2016-06-02]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-24]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-24]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
    CHR Extension: (Google Drive) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
    CHR Extension: (Google Search) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
    CHR Extension: (Google Docs Offline) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
    CHR Extension: (Avast Online Security) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
    CHR Extension: (Gmail) - C:\Users\Celia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-24]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-24] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-05-24] (Avast Software)
    R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2014-05-26] (Fuji Xerox Co., Ltd.) [File not signed]
    S4 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)
    S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
    S4 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
    S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    S4 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
    S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-29] (TOSHIBA Corporation)
    S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-06] (TOSHIBA Corporation)
    S4 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [677232 2009-10-31] (TOSHIBA Corporation)
    S4 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [32792 2016-05-24] (AVAST Software)
    R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [35096 2016-05-24] (AVAST Software)
    R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [91168 2016-05-24] (AVAST Software)
    R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [91232 2016-05-24] (AVAST Software)
    R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [58776 2016-05-24] (AVAST Software)
    R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [815792 2016-05-24] (AVAST Software)
    R1 aswSP; C:\windows\system32\drivers\aswSP.sys [449640 2016-05-24] (AVAST Software)
    R2 aswStm; C:\windows\system32\drivers\aswStm.sys [124808 2016-05-24] (AVAST Software)
    R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [224616 2016-08-08] (AVAST Software)
    R3 enecirhid; C:\windows\System32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
    R3 enecirhidma; C:\windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
    R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
    S3 mod7700; C:\windows\System32\Drivers\dvb7700all.sys [603648 2013-07-31] (DiBcom)
    R0 ngvss; C:\windows\system32\Drivers\ngvss.sys [136432 2016-05-24] (AVAST Software)
    R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
    R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-05-24] (Avast Software)
    R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [44776 2016-07-22] (Microsoft Corporation)
    S3 ZTEusbnet; C:\windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-12-28] (ZTE Corporation)
    U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-10 17:03 - 2016-08-10 17:05 - 00018544 _____ C:\Users\Celia\Desktop\FRST.txt
    2016-08-10 16:58 - 2016-08-10 16:58 - 00006596 _____ C:\Users\Celia\Desktop\Fixlog.txt
    2016-08-10 16:58 - 2016-08-10 16:58 - 00000000 ____D C:\Users\Celia\Desktop\FRST-OlderVersion
    2016-08-10 16:57 - 2016-08-10 16:57 - 00004220 _____ C:\Users\Celia\Downloads\fixlist.txt
    2016-08-10 16:32 - 2016-08-10 16:32 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WirelessDevice_01_09_00.Wdf
    2016-08-08 22:24 - 2016-08-08 22:24 - 00000000 ____D C:\Users\Celia\AppData\Local\ElevatedDiagnostics
    2016-08-08 21:18 - 2016-08-08 21:18 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
    2016-08-08 21:02 - 2013-09-05 02:39 - 00053024 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
    2016-08-08 21:01 - 2016-08-08 21:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-08-08 20:51 - 2015-12-17 04:47 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
    2016-08-08 20:51 - 2015-12-17 04:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
    2016-08-08 20:51 - 2015-12-17 04:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
    2016-08-08 20:51 - 2015-12-17 04:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
    2016-08-08 20:50 - 2016-06-11 01:24 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2016-08-08 20:50 - 2016-06-11 01:24 - 00067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2016-08-08 20:50 - 2016-06-11 01:20 - 01062400 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00260608 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2016-08-08 20:50 - 2016-06-11 01:20 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2016-08-08 20:50 - 2016-06-11 00:57 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2016-08-08 20:50 - 2016-06-11 00:53 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2016-08-08 20:50 - 2016-06-11 00:53 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2016-08-08 20:50 - 2016-06-11 00:53 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2016-08-08 20:50 - 2016-06-11 00:52 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2016-08-08 20:50 - 2016-06-11 00:52 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2016-08-08 20:50 - 2016-06-11 00:52 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 01176064 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2016-08-08 20:50 - 2016-06-07 01:23 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
    2016-08-08 20:50 - 2016-05-17 09:18 - 03998952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
    2016-08-08 20:50 - 2016-05-17 09:18 - 03943144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2016-08-08 20:50 - 2016-05-17 09:16 - 01311064 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2016-08-08 20:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2016-08-08 20:50 - 2016-05-17 07:15 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2016-08-08 20:50 - 2016-05-17 07:14 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2016-08-08 20:50 - 2016-05-17 07:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2016-08-08 20:50 - 2016-05-17 07:14 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2016-08-08 20:50 - 2016-05-17 07:12 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2016-08-08 20:50 - 2016-05-17 07:09 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2016-08-08 20:50 - 2016-05-14 07:50 - 02945536 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2016-08-08 20:50 - 2016-05-14 07:50 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2016-08-08 20:50 - 2016-05-14 07:47 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2016-08-08 20:50 - 2016-05-14 07:39 - 02060288 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00573440 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2016-08-08 20:50 - 2016-05-14 07:38 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2016-08-08 20:50 - 2016-05-14 07:38 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2016-08-08 20:50 - 2016-05-14 07:38 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
    2016-08-08 20:50 - 2016-05-13 01:18 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2016-08-08 20:50 - 2016-05-13 01:18 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\olepro32.dll
    2016-08-08 20:50 - 2016-05-13 01:18 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
    2016-08-08 20:50 - 2016-05-05 03:21 - 00105192 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2016-08-08 20:50 - 2016-05-05 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 01806848 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2016-08-08 20:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
    2016-08-08 20:50 - 2016-05-05 00:55 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
    2016-08-08 09:44 - 2016-08-08 09:44 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-07-26 11:13 - 2016-07-26 11:13 - 01610560 _____ (Malwarebytes) C:\Users\Celia\Desktop\JRT.exe
    2016-07-26 10:49 - 2016-07-26 10:49 - 03712064 _____ C:\Users\Celia\Desktop\AdwCleaner.exe
    2016-07-22 07:20 - 2016-07-22 07:20 - 01846032 _____ (Microsoft Corporation) C:\windows\system32\WudfUpdate_01009.dll
    2016-07-22 07:19 - 2016-07-22 07:19 - 00044776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WirelessKeyboardFilter.sys
    2016-07-21 19:30 - 2016-07-21 19:30 - 00000000 ____D C:\windows\EOONotify
    2016-07-20 09:47 - 2016-08-10 16:58 - 01743872 _____ (Farbar) C:\Users\Celia\Desktop\FRST.exe
    2016-07-13 10:10 - 2016-06-26 06:01 - 00037096 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2016-07-13 10:10 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 01004544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 00779776 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
    2016-07-13 10:10 - 2016-06-26 05:53 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
    2016-07-13 10:10 - 2016-06-26 05:42 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
    2016-07-13 10:10 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
    2016-07-13 10:10 - 2016-06-26 05:41 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
    2016-07-13 10:10 - 2016-06-22 23:06 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 01288192 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2016-07-13 10:10 - 2016-06-18 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2016-07-13 10:10 - 2016-06-15 00:57 - 02398208 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2016-07-13 10:10 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2016-07-13 10:10 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2016-07-13 10:10 - 2016-06-11 05:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2016-07-13 10:10 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2016-07-13 10:10 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2016-07-13 10:10 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2016-07-13 10:10 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2016-07-13 10:10 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2016-07-13 10:10 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2016-07-13 10:10 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2016-07-13 10:10 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2016-07-13 10:10 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2016-07-13 10:10 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2016-07-13 10:10 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2016-07-13 10:10 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2016-07-13 10:10 - 2016-06-11 04:41 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2016-07-13 10:10 - 2016-06-11 04:35 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2016-07-13 10:10 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2016-07-13 10:10 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2016-07-13 10:10 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2016-07-13 10:10 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2016-07-13 10:10 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2016-07-13 10:10 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2016-07-13 10:10 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2016-07-13 10:10 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2016-07-13 10:10 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2016-07-13 10:10 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2016-07-13 10:10 - 2016-06-11 04:10 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2016-07-13 10:10 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2016-07-13 10:10 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2016-07-13 10:10 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2016-07-13 10:10 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2016-07-13 10:10 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2016-07-13 10:10 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2016-07-13 10:09 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-10 17:03 - 2016-05-19 18:19 - 00000000 ____D C:\FRST
    2016-08-10 16:39 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-10 16:39 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-10 16:32 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
    2016-08-10 16:30 - 2011-02-10 22:36 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Apple Computer
    2016-08-10 16:27 - 2015-04-01 11:21 - 00000000 ___RD C:\Users\Celia\Dropbox
    2016-08-10 16:23 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-08-09 21:06 - 2009-07-14 14:33 - 00455728 _____ C:\windows\system32\FNTCACHE.DAT
    2016-08-08 23:41 - 2009-07-14 12:37 - 00000000 ____D C:\windows\rescache
    2016-08-08 21:37 - 2010-04-30 08:20 - 00916538 _____ C:\windows\system32\PerfStringBackup.INI
    2016-08-08 21:30 - 2010-04-30 08:18 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-08-08 21:03 - 2010-08-08 15:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-08-08 17:59 - 2016-04-05 15:06 - 00000000 ____D C:\AdwCleaner
    2016-08-08 17:46 - 2014-03-29 18:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-08-08 17:46 - 2012-05-17 13:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-08-08 17:46 - 2012-03-05 19:41 - 00000000 ____D C:\Users\Celia\AppData\Local\Thunderbird
    2016-08-08 17:46 - 2012-03-05 19:41 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
    2016-08-08 09:44 - 2015-04-01 11:16 - 00000000 ____D C:\Users\Celia\AppData\Roaming\Dropbox
    2016-08-08 09:33 - 2014-05-03 18:53 - 00224616 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
    2016-08-03 22:20 - 2016-02-14 09:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-08-03 22:18 - 2010-05-23 14:14 - 00000000 ____D C:\Users\Celia\AppData\Local\Google
    2016-08-02 21:01 - 2013-10-01 23:36 - 00000000 ____D C:\Users\Celia\Downloads\My WAC
    2016-07-26 14:24 - 2010-05-23 14:57 - 00406184 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2016-07-26 09:12 - 2014-06-15 22:34 - 00000000 ____D C:\Users\Celia\AppData\Local\Adobe
    2016-07-26 09:12 - 2013-10-01 23:54 - 00000000 ____D C:\Users\Celia\Downloads\Programs Etc
    2016-07-26 09:07 - 2012-05-21 13:54 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2016-07-26 09:07 - 2011-07-21 10:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2016-07-26 09:07 - 2010-04-30 08:45 - 00000000 ____D C:\windows\system32\Macromed
    2016-07-21 19:32 - 2015-04-15 01:27 - 00000000 ___SD C:\windows\system32\GWX
    2016-07-14 21:42 - 2014-12-12 08:59 - 00000000 ____D C:\windows\system32\appraiser
    2016-07-14 21:36 - 2013-07-16 18:14 - 00000000 ____D C:\windows\system32\MRT
    2016-07-14 21:30 - 2010-05-26 22:14 - 141983760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2010-05-22 11:01 - 2010-05-22 11:01 - 127951849 _____ () C:\Program Files\openofficeorg1.cab
    2010-05-22 11:05 - 2010-05-22 11:05 - 3093504 _____ () C:\Program Files\openofficeorg32.msi
    2010-05-22 10:13 - 2010-05-22 10:13 - 0000290 _____ () C:\Program Files\setup.ini
    2011-01-17 12:33 - 2014-04-16 20:55 - 0006144 _____ () C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-12-14 20:29 - 2010-12-14 20:29 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

    Some files in TEMP:
    ====================
    C:\Users\Celia\AppData\Local\Temp\GUR8AA2.exe
    C:\Users\Celia\AppData\Local\Temp\{0DCD7807-9F20-4D8F-8E26-C88D5408387E}-DropboxClient_4.4.29.exe
    C:\Users\Celia\AppData\Local\Temp\{D2F6BECA-06FA-4208-A116-780B12790D65}-DropboxClient_6.4.14.exe

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\explorer.exe => File is digitally signed
    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-08-08 23:33

    ==================== End of FRST.txt ============================


    • 0

    #10
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2016 01
    Ran by Celia (2016-08-10 17:06:36)
    Running from C:\Users\Celia\Desktop
    Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2010-05-23 04:09:33)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3979224096-2494383751-3139044533-500 - Administrator - Disabled)
    Celia (S-1-5-21-3979224096-2494383751-3139044533-1005 - Administrator - Enabled) => C:\Users\Celia
    Guest (S-1-5-21-3979224096-2494383751-3139044533-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3979224096-2494383751-3139044533-1006 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Autodesk Pixlr (HKLM\...\Autodesk Pixlr) (Version: 1.0.3.0 - Autodesk)
    Autodesk Pixlr (Version: 1.0.3.0 - Autodesk) Hidden
    Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
    Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01(T) - TOSHIBA CORPORATION)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
    Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
    Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
    DocuPrint P115 w (HKLM\...\{92EA7FDC-323F-406F-BEE9-601B8EB1E209}) (Version: 1.0.0.0 - Fuji Xerox)
    Dolby Control Center (HKLM\...\{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}) (Version: 2.2.1 - Dolby)
    Dropbox (HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
    DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
    ENE CIR Receiver Driver (HKLM\...\D751CB2FD39EE07639D08542EEF9BF77AD1D9696) (Version: 2.7.4.1 - ENE)
    GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
    iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
    Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
    Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
    Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
    InterVideo WinDVD BD for TOSHIBA (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.153 - InterVideo Inc.)
    InterVideo WinDVD BD for TOSHIBA (Version: 8.0.20.153 - InterVideo Inc.) Hidden
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
    JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
    Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
    Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
    OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
    PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
    Telstra Mobile Broadband Manager (HKLM\...\Telstra Mobile Broadband Manager) (Version: 3.0.514 - Telstra)
    Telstra Mobile Broadband Manager (Version: 3.0.514 - Telstra) Hidden
    TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.12 - TOSHIBA)
    TOSHIBA Bulletin Board (HKLM\...\InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}) (Version: 1.5.05.32 - TOSHIBA Corporation)
    TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.12.0 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.4 - TOSHIBA Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.0.0 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM\...\InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}) (Version: 1.5.07.32 - TOSHIBA Corporation)
    TOSHIBA Remote Control Manager (HKLM\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1.0 - TOSHIBA CORPORATION)
    TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
    TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
    TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.32 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
    Utility Common Driver (Version: 1.0.50.27C - TOSHIBA) Hidden
    Windows Driver Package - Cmotech (cmusbnet) Net  (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)
    Windows Driver Package - Cmotech Modem  (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)
    Windows Driver Package - Cmotech Ports  (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Celia\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3979224096-2494383751-3139044533-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Celia\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {100C92C3-AE05-4B8A-A7D6-B268F8483060} - System32\Tasks\{FB271578-E767-4C96-91CE-B4C000C33CAE} => pcalua.exe -a C:\Users\Celia\Documents\erunt\ERUNT.EXE -d C:\Users\Celia\Documents\erunt
    Task: {3E6077ED-2FD0-403F-80C9-D0C3BAEA5A7B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-24] (AVAST Software)
    Task: {439B1BB6-027E-4252-A0D4-20F91E4231FF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-26] (Adobe Systems Incorporated)
    Task: {478E14C3-B8CC-4F1A-9EAD-48BC6ED82405} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
    Task: {49CE06DF-0448-492D-BBBB-C2116204AD78} - System32\Tasks\SafeZone scheduled Autoupdate 1464012472 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
    Task: {49E12645-39F8-47B5-A988-DC9DCCB4C5FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005UA => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
    Task: {50EA36FF-C896-4BA6-9921-0C2B86B61EEF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
    Task: {678AF2BF-115A-4B36-8764-F808D8F8CC3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3979224096-2494383751-3139044533-1005Core => C:\Users\Celia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
    Task: {78206B44-8E2D-49BA-85F4-1BEA4E218FA8} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-29] (TOSHIBA CORPORATION)
    Task: {7E6B6E1A-4C4A-49FE-A76E-CCB4CF2AE46D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {9DA78D71-DE3A-467D-B672-DF2012DAB5CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {B4C43DAF-26A8-4683-9F55-1A045F849315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {B89A471C-D09F-4722-87A4-7DCFC991D7CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {CB8D353A-D93A-496F-8E45-57851864164D} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-05-24 00:02 - 2016-05-24 00:02 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-05-24 00:02 - 2016-05-24 00:02 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-08-09 21:12 - 2016-08-09 21:12 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16080906\algo.dll
    2016-05-24 00:02 - 2016-05-24 00:02 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-05-24 00:02 - 2016-05-24 00:02 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-08-08 21:03 - 2013-08-30 09:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2016-05-24 00:03 - 2016-05-24 00:03 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-08-08 09:43 - 2016-06-30 12:25 - 00035792 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2016-08-08 09:43 - 2016-06-30 12:25 - 00145864 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2016-08-08 09:43 - 2016-06-30 12:26 - 00019408 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2016-08-08 09:43 - 2016-06-30 12:25 - 00116688 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2016-08-08 09:43 - 2016-06-30 12:25 - 00100296 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2016-08-08 09:43 - 2016-06-30 12:25 - 00018888 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\select.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00019760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2016-08-08 09:43 - 2016-06-30 12:25 - 00694224 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2016-08-08 09:43 - 2016-08-02 07:26 - 00020816 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2016-08-08 09:43 - 2016-06-30 12:26 - 00123856 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2016-08-08 09:43 - 2016-08-02 07:26 - 01682760 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2016-08-08 09:43 - 2016-08-02 07:26 - 00020808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00021312 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00052024 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00038696 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00105928 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-08-08 09:43 - 2016-06-30 12:25 - 00392144 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2016-08-08 09:43 - 2016-06-30 12:27 - 00020936 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00024528 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32event.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00114640 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00381752 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00124880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00025424 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00175560 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00030160 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00043472 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32process.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00048592 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32service.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00026456 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00057808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00024016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2016-08-08 09:43 - 2016-08-02 07:26 - 00246592 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00028616 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00019776 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00020800 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
    2016-08-08 09:43 - 2016-06-30 12:25 - 00144848 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_elementtree.pyd
    2016-08-08 09:43 - 2016-06-30 12:26 - 00241104 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
    2016-08-08 09:43 - 2016-08-02 07:26 - 00020280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00023376 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00350152 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00022352 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00024392 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2016-08-08 09:43 - 2016-06-30 12:28 - 00036296 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\librsync.dll
    2016-08-08 09:43 - 2016-08-02 07:27 - 00084280 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-08-08 09:43 - 2016-08-02 07:27 - 01826096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2016-08-08 09:43 - 2016-06-30 12:26 - 00083912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\sip.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 03929392 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 01972016 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00531248 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00132912 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00224056 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00207672 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00020288 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
    2016-08-08 09:43 - 2016-06-30 12:27 - 00060880 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\win32print.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00024904 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00546096 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00357680 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00168248 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2016-08-08 09:43 - 2016-08-02 07:27 - 00042808 _____ () C:\Users\Celia\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:04 - 2010-11-07 22:47 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3979224096-2494383751-3139044533-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 208.67.222.222 - 4.2.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cfWiMAXService => 2
    MSCONFIG\Services: ConfigFree Service => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: IviRegMgr => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: Thpsrv => 2
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TODDSrv => 2
    MSCONFIG\Services: TosCoSrv => 2
    MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
    MSCONFIG\Services: TPCHSrv => 3
    MSCONFIG\Services: UNS => 2
    MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BigPondWirelessBroadbandCM => "C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
    MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
    MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KeNotify => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    MSCONFIG\startupreg: TRCMan => C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
    MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    MSCONFIG\startupreg: TWebCamera => "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{43EE8DAD-6C08-4D4E-A02E-83E87E210F76}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{48E9EF0B-D6A0-4B37-8A77-A0D5E559C069}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{5BC84C22-28FA-49B0-B0C2-5618EEF78011}] => (Allow) svchost.exe
    FirewallRules: [{0776B301-7894-4F75-AD67-39CE0AA9578E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{35994984-9113-43EC-B221-897E9FF8093A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{398A4635-3BF2-4AE7-8CE4-E0E6D8CB8A08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{ABAC755B-E812-4608-AB1E-D5F1A55B3B6F}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{1A79D5E8-BF8A-4693-B8B7-6BB0D92AB15F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{6CF2275A-E7C7-4E74-8ECD-2160CB7C80B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{C64A311B-BDEC-4252-8F2E-ED7DE77D3B9E}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{0595BB65-7C9F-44CC-B383-973AFB9BCD62}] => (Allow) C:\Users\Celia\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{7487962A-F6D1-49AB-8E5F-069E7A3D5CE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{AA577E95-76B6-4AF3-89F7-D83164940089}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{DA21657D-E80C-4432-AE13-C1D88FAACA9D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{51686515-2772-438C-AB34-A3C6FC52DDC2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    ==================== Restore Points =========================

    09-06-2016 09:32:34 Windows Update
    12-06-2016 09:27:26 Windows Update
    12-06-2016 21:20:36 Windows Update
    14-06-2016 09:12:43 Windows Update
    17-06-2016 11:20:24 Windows Update
    17-06-2016 13:49:15 Windows Update
    20-06-2016 00:59:37 Windows Update
    20-06-2016 08:53:16 Windows Update
    20-06-2016 11:29:10 Windows Update
    20-06-2016 23:03:17 Windows Update
    21-06-2016 10:54:53 Windows Update
    21-06-2016 22:50:58 Windows Update
    22-06-2016 15:59:52 Windows Update
    22-06-2016 22:18:39 Windows Update
    24-06-2016 00:00:46 Windows Update
    24-06-2016 23:37:50 Windows Update
    25-06-2016 22:05:35 Windows Update
    27-06-2016 00:20:26 Windows Update
    29-06-2016 15:49:46 Windows Update
    04-07-2016 22:02:15 Windows Update
    05-07-2016 23:19:21 Windows Update
    08-07-2016 18:08:59 Windows Update
    11-07-2016 14:24:13 Windows Update
    14-07-2016 21:27:01 Windows Update
    15-07-2016 13:32:04 Windows Update
    15-07-2016 22:38:34 Windows Update
    18-07-2016 10:34:21 Windows Update
    18-07-2016 15:52:33 Windows Update
    21-07-2016 19:30:22 Windows Update
    22-07-2016 00:53:22 Windows Update
    23-07-2016 22:23:33 Windows Update
    26-07-2016 09:08:58 Windows Update
    26-07-2016 11:14:24 JRT Pre-Junkware Removal
    26-07-2016 12:25:18 Windows Update
    26-07-2016 16:04:04 Windows Update
    27-07-2016 12:19:46 Windows Update
    27-07-2016 17:06:55 Windows Update
    28-07-2016 10:33:32 Windows Update
    29-07-2016 12:01:11 Windows Update
    30-07-2016 20:11:56 Windows Update
    31-07-2016 20:50:28 Windows Update
    01-08-2016 09:13:21 Windows Update
    01-08-2016 12:34:15 Windows Update
    02-08-2016 09:01:00 Windows Update
    03-08-2016 08:11:25 Windows Update
    03-08-2016 21:50:19 Windows Update
    03-08-2016 22:35:44 Windows Update
    04-08-2016 09:00:19 Windows Update
    08-08-2016 09:54:59 Windows Update
    08-08-2016 11:48:35 Windows Update
    08-08-2016 12:28:17 Windows Update
    08-08-2016 17:49:01 Windows Update
    08-08-2016 18:33:14 Windows Update
    08-08-2016 20:15:28 Windows Update
    08-08-2016 20:21:53 Windows Update
    08-08-2016 20:28:55 Windows Update
    08-08-2016 20:35:05 Windows Update
    08-08-2016 20:58:09 Windows Update
    08-08-2016 22:09:37 Windows Update
    08-08-2016 22:24:40 Windows Update
    09-08-2016 08:46:02 Windows Update
    09-08-2016 11:03:13 Windows Update
    10-08-2016 09:28:10 Windows Update
    10-08-2016 16:31:15 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: TOSHIBA USB DVB-T/Analog Hybrid Tuner
    Description: TOSHIBA USB DVB-T/Analog Hybrid Tuner
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: TOSHIBA
    Service:
    Problem: : Reinstall the drivers for this device. (Code 18)
    Resolution: The drivers for this device must be reinstalled.
     Click "Update Driver", which starts the Hardware Update wizard.
    Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/10/2016 01:25:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.18377 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 480

    Start Time: 01d1f23a920523cb

    Termination Time: 1340

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (08/10/2016 12:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.18377, time stamp: 0x575afa93
    Faulting module name: ntdll.dll, version: 6.1.7601.23455, time stamp: 0x573a54ca
    Exception code: 0xc0000017
    Fault offset: 0x0006e6a9
    Faulting process id: 0x1530
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (08/10/2016 10:41:26 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.18377, time stamp: 0x575afa93
    Faulting module name: MSHTML.dll, version: 11.0.9600.18377, time stamp: 0x575b099f
    Exception code: 0xc0000005
    Fault offset: 0x00137313
    Faulting process id: 0x17cc
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (08/09/2016 10:28:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.18377 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1308

    Start Time: 01d1f182bfc22521

    Termination Time: 1137

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (08/08/2016 08:00:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.7, time stamp: 0x4fc6d83b
    Faulting module name: WebKit.dll, version: 7534.57.2.7, time stamp: 0x4fc6d825
    Exception code: 0xc0000005
    Fault offset: 0x0042f708
    Faulting process id: 0x1430
    Faulting application start time: 0xWebKit2WebProcess.exe0
    Faulting application path: WebKit2WebProcess.exe1
    Faulting module path: WebKit2WebProcess.exe2
    Report Id: WebKit2WebProcess.exe3

    Error: (08/08/2016 07:56:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.7, time stamp: 0x4fc6d83b
    Faulting module name: JavaScriptCore.dll, version: 7534.57.3.6, time stamp: 0x4fb5b42b
    Exception code: 0xc0000005
    Fault offset: 0x000893b7
    Faulting process id: 0x1530
    Faulting application start time: 0xWebKit2WebProcess.exe0
    Faulting application path: WebKit2WebProcess.exe1
    Faulting module path: WebKit2WebProcess.exe2
    Report Id: WebKit2WebProcess.exe3

    Error: (08/08/2016 07:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.7, time stamp: 0x4fc6d83b
    Faulting module name: JavaScriptCore.dll, version: 7534.57.3.6, time stamp: 0x4fb5b42b
    Exception code: 0xc0000005
    Fault offset: 0x000893b7
    Faulting process id: 0x93c
    Faulting application start time: 0xWebKit2WebProcess.exe0
    Faulting application path: WebKit2WebProcess.exe1
    Faulting module path: WebKit2WebProcess.exe2
    Report Id: WebKit2WebProcess.exe3

    Error: (08/04/2016 12:17:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9375

    Error: (08/04/2016 12:17:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9375

    Error: (08/04/2016 12:17:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    System errors:
    =============
    Error: (08/10/2016 04:38:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070103: TOSHIBA - Other hardware - TOSHIBA USB DVB-T/Analog Hybrid Tuner.

    Error: (08/10/2016 04:38:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3042058).

    Error: (08/10/2016 04:34:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3071756).

    Error: (08/10/2016 04:34:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3080149).

    Error: (08/10/2016 04:33:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3068708).

    Error: (08/10/2016 04:33:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3126587).

    Error: (08/10/2016 04:33:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3061518).

    Error: (08/10/2016 04:32:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3060716).

    Error: (08/10/2016 09:40:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3042058).

    Error: (08/10/2016 09:34:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3071756).

    ==================== Memory info ===========================

    Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
    Percentage of memory in use: 57%
    Total physical RAM: 3061.59 MB
    Available physical RAM: 1307.69 MB
    Total Virtual: 6121.51 MB
    Available Virtual: 4063.28 MB

    ==================== Drives ================================

    Drive c: (S3A8113D003) (Fixed) (Total:583.45 GB) (Free:333.5 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 230D9B41)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=583.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)

    ==================== End of Addition.txt ============================


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    I'm wondering why this line shows up in your FRST log:

    U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

    Normally FRST will white list Microsoft stuff.  Let's make sure it's OK.

     

     

    Copy then next two lines;

    reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppMgmt" /s > \junk.txt
    notepad \junk.txt
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
     
     

    Please download MiniToolBox, save it to your desktop and run it.
     
    Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
     
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    • 0

    #12
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 11/08/2016 7:48:28 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:16 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The SQL Server (SQLEXPRESS) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 10/08/2016 5:28:15 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

    Log: 'System' Date/Time: 10/08/2016 5:03:33 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3042058).

    Log: 'System' Date/Time: 10/08/2016 5:03:20 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3071756).

    Log: 'System' Date/Time: 10/08/2016 5:02:47 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3080149).

    Log: 'System' Date/Time: 10/08/2016 5:02:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3068708).

    Log: 'System' Date/Time: 10/08/2016 5:02:07 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3126587).

    Log: 'System' Date/Time: 10/08/2016 5:01:48 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3061518).

    Log: 'System' Date/Time: 10/08/2016 5:01:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3060716).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:29 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:25:18 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 5:24:19 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:24:14 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 10/08/2016 11:44:24 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 11:43:45 AM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 7:56:39 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 7:56:35 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.


    • 0

    #13
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 11/08/2016 7:48:28 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:16 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The SQL Server (SQLEXPRESS) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 10/08/2016 5:28:15 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

    Log: 'System' Date/Time: 10/08/2016 5:03:33 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3042058).

    Log: 'System' Date/Time: 10/08/2016 5:03:20 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3071756).

    Log: 'System' Date/Time: 10/08/2016 5:02:47 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3080149).

    Log: 'System' Date/Time: 10/08/2016 5:02:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3068708).

    Log: 'System' Date/Time: 10/08/2016 5:02:07 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3126587).

    Log: 'System' Date/Time: 10/08/2016 5:01:48 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3061518).

    Log: 'System' Date/Time: 10/08/2016 5:01:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3060716).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:29 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:25:18 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 5:24:19 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:24:14 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 10/08/2016 11:44:24 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 11:43:45 AM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 7:56:39 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 7:56:35 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.


    • 0

    #14
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 11/08/2016 7:48:28 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:16 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The SQL Server (SQLEXPRESS) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 10/08/2016 5:28:15 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

    Log: 'System' Date/Time: 10/08/2016 5:03:33 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3042058).

    Log: 'System' Date/Time: 10/08/2016 5:03:20 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3071756).

    Log: 'System' Date/Time: 10/08/2016 5:02:47 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3080149).

    Log: 'System' Date/Time: 10/08/2016 5:02:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3068708).

    Log: 'System' Date/Time: 10/08/2016 5:02:07 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3126587).

    Log: 'System' Date/Time: 10/08/2016 5:01:48 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3061518).

    Log: 'System' Date/Time: 10/08/2016 5:01:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3060716).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:29 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:25:18 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 5:24:19 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:24:14 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 10/08/2016 11:44:24 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 11:43:45 AM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 7:56:39 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 7:56:35 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.


    • 0

    #15
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 11/08/2016 7:48:28 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:16 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The SQL Server (SQLEXPRESS) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 10/08/2016 5:28:15 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

    Log: 'System' Date/Time: 10/08/2016 5:03:33 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3042058).

    Log: 'System' Date/Time: 10/08/2016 5:03:20 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3071756).

    Log: 'System' Date/Time: 10/08/2016 5:02:47 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3080149).

    Log: 'System' Date/Time: 10/08/2016 5:02:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 (KB3068708).

    Log: 'System' Date/Time: 10/08/2016 5:02:07 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3126587).

    Log: 'System' Date/Time: 10/08/2016 5:01:48 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3061518).

    Log: 'System' Date/Time: 10/08/2016 5:01:35 PM
    Type: Error Category: 1
    Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
    Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 7 (KB3060716).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/08/2016 5:28:29 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:25:18 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 5:24:19 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 5:24:14 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 10/08/2016 11:44:24 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 11:43:45 AM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\9&10047a3b&0&01.

    Log: 'System' Date/Time: 10/08/2016 7:56:39 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name isatap.homerouter.cpe timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 10/08/2016 7:56:35 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP