Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Whats APP !!! Help it's back!


  • Please log in to reply
10 replies to this topic

#1 kneonakis

kneonakis

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 29 May 2015 - 09:24 AM

Hi All...I run a travel biz from my laptop so I'm a bit frantic at the moment as I apparently SPAMED over 1000 of my clients last evening with this blody WhatsAPP thing!

 

I have run both Avast and Malwarebytes...but what can I do to make sure that this thing is gone!!!  I had it not even a month ago and thought I had solved it...  I am on a Toshiba laptop and my email is Gmail....

 

What can I do to make sure that thing is gone for good???  Thanks for your help!

 

Hopeless in Halifax



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 29 May 2015 - 11:28 AM

Welcome, ley's also run these.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kneonakis

kneonakis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 29 May 2015 - 03:59 PM

Hello Global Moderator,

 

When I try to download the minitoolbox, it gets blocked by my existing AVAST protection...says that it detects a threat... any suggestions?



#4 NEMS

NEMS

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 29 May 2015 - 05:29 PM

Hello Global Moderator,

 

When I try to download the minitoolbox, it gets blocked by my existing AVAST protection...says that it detects a threat... any suggestions?

 

Turn off avast



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:00 AM

Posted 29 May 2015 - 06:34 PM

Hello Global Moderator,
 
When I try to download the minitoolbox, it gets blocked by my existing AVAST protection...says that it detects a threat... any suggestions?

Certain embedded files that are part of legitimate programs and specialized fix tools (like MiniToolBox), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use as malware fighters are written by known experts at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 kneonakis

kneonakis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 30 May 2015 - 03:05 PM

Hi Global Moderator,

 

Ok...here is what I received from your suggested scans:

 

This is from AdwCleaner:

 

# AdwCleaner v4.205 - Logfile created 30/05/2015 at 16:58:18
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Travelonly - TRAVELONLY-PC
# Running from : C:\Users\Travelonly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DOFQP4H\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Mozilla Firefox v

-\\ Google Chrome v

[C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=19&gct=sb&qsrc=2869
[C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=9B07CDA0-5FBF-4B2C-BC2B-6199A50C4F62&apn_ptnrs=U3&apn_sauid=9A4B7A02-5242-4CAA-8EE7-8162AB09AE2B&apn_dtid=OSJ000YYCA&q={searchTerms}

*************************

AdwCleaner[R0].txt - [5570 bytes] - [25/08/2014 10:22:37]
AdwCleaner[R1].txt - [1358 bytes] - [05/11/2014 19:35:41]
AdwCleaner[R2].txt - [1174 bytes] - [05/11/2014 19:47:09]
AdwCleaner[R3].txt - [14730 bytes] - [13/05/2015 09:39:19]
AdwCleaner[R4].txt - [1255 bytes] - [29/05/2015 11:46:53]
AdwCleaner[R5].txt - [2068 bytes] - [30/05/2015 16:54:42]
AdwCleaner[R6].txt - [1758 bytes] - [30/05/2015 16:58:18]
AdwCleaner[S0].txt - [7642 bytes] - [25/08/2014 10:32:23]
AdwCleaner[S1].txt - [1423 bytes] - [05/11/2014 19:37:48]
AdwCleaner[S2].txt - [1236 bytes] - [05/11/2014 19:48:17]
AdwCleaner[S3].txt - [1549 bytes] - [13/05/2015 09:44:24]
AdwCleaner[S4].txt - [1320 bytes] - [29/05/2015 11:48:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [2112 bytes] ##########

 

Here is what was received from the MiniToolBox scan:

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Travelonly (administrator) on 30-05-2015 at 14:23:36
Running from "C:\Users\Travelonly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U60ZZ57D"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite C650 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Travelonly-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 82-CA-94-62-26-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-DE-26-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : E0-CA-94-62-26-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c12c:2627:b9e7:ba0b%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.17(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : May-29-15 11:51:32 AM
   Lease Expires . . . . . . . . . . : May-31-15 1:19:45 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 249612948
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-AC-A5-01-E0-CA-94-62-26-A7
   DNS Servers . . . . . . . . . . . : 192.168.2.1
                                       142.166.166.166
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Reusable ISATAP Interface {B319AB3A-043F-4460-96B7-F9859B2E5981}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6E80A62C-757A-41D9-9214-B24E5A1CAF46}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F9BE4F7C-3E1D-4229-A127-1F3A86538CA8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{95AA9FD5-DB84-4BB8-8125-E35DEA96B761}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4006:80c::1008
   216.58.217.142

Pinging google.com [216.58.217.142] with 32 bytes of data:
Reply from 216.58.217.142: bytes=32 time=24ms TTL=55
Reply from 216.58.217.142: bytes=32 time=25ms TTL=55

Ping statistics for 216.58.217.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=101ms TTL=50
Reply from 206.190.36.45: bytes=32 time=96ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 96ms, Maximum = 101ms, Average = 98ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms
===========================================================================
Interface List
 12...82 ca 94 62 26 a7 ......Microsoft Virtual WiFi Miniport Adapter
 11...00 26 6c de 26 62 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 10...e0 ca 94 62 26 a7 ......Atheros AR9285 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.17     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link      192.168.2.17    281
     192.168.2.17  255.255.255.255         On-link      192.168.2.17    281
    192.168.2.255  255.255.255.255         On-link      192.168.2.17    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.2.17    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.2.17    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    281 fe80::/64                On-link
 10    281 fe80::c12c:2627:b9e7:ba0b/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/29/2015 09:20:21 AM) (Source: Application Hang) (User: )
Description: The program Creative Cloud.exe version 2.9.1.474 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2048

Start Time: 01d099b065f3ae22

Termination Time: 124

Application Path: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

Report Id: fdb3105e-05fc-11e5-b140-00266cde2662

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 06:11:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029

Error: (05/28/2015 06:11:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029

Error: (05/28/2015 06:11:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/30/2015 01:19:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/30/2015 00:18:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/30/2015 10:50:15 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (05/30/2015 10:49:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/29/2015 08:57:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/29/2015 08:37:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/29/2015 06:45:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/29/2015 05:40:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/29/2015 05:37:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (05/29/2015 00:08:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (05/29/2015 09:20:21 AM) (Source: Application Hang)(User: )
Description: Creative Cloud.exe2.9.1.474204801d099b065f3ae22124C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exefdb3105e-05fc-11e5-b140-00266cde2662

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 06:11:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029

Error: (05/28/2015 06:11:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029

Error: (05/28/2015 06:11:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2014-11-05 20:08:41.909
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-05 20:08:41.831
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{CC7132C7-8532-4EA7-8E3F-53260C0BE168}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
CompanionLink (HKLM-x32\...\{CD8B8A40-DC1E-48FB-9510-3829614C96D7}) (Version: 5.00.5000 - CompanionLink Software, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.128.0.66 - Conexant)
CrazyTalk Animator PRO Trial (HKLM-x32\...\{789567FD-CAA2-4E1C-B38E-9072B3015FFD}) (Version: 1.2.2816.1 - Reallusion Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Elevated Installer (HKLM-x32\...\{4694981D-8031-4526-90BE-E5F7FB80CBB8}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F# Tools for Visual Studio Express 2012 for Web (HKLM-x32\...\{84d6fbf4-5721-416c-a91e-4024b4d6d26d}) (Version: 11.0.50727.1 - Microsoft Corporation)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{A92D383B-FD85-4B9C-A5D9-3647C71E48A1}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{D52EDFA2-13A7-4765-8650-4AB30E6DB77F}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKCU\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
GroupsApp (HKCU\...\d8b259fcb79f1677) (Version: 1.1.0.2 - TTC)
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP ePrint Mobile (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version:  - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Web - ENU (HKLM-x32\...\{4bd1cdab-bf82-42c1-af37-e4918141913f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft WebMatrix 2 (HKLM-x32\...\{67DDFF12-91F7-472D-AAB8-1B248A306779}) (Version: 2.0.1674 - Microsoft Corporation)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
MySQL Server 5.1 (HKLM\...\{2AA0764A-4EA1-4C63-8E42-173A015030B3}) (Version: 5.1.63 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sandals News Network (HKLM-x32\...\Sandals News Network 1.0) (Version: 1.0 - Direct Message Lab)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smilebox (HKCU\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SureThing Ticket Maker (HKLM-x32\...\{9EBB4D8D-337F-4A7B-91FD-9183FB371C56}_is1) (Version: 5.2.705.1 - MicroVision Development, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{A536367E-C40C-4483-8F9B-19DEB881B205}) (Version: 2.00.13 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.12 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.20.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VWD F# Installer (HKLM-x32\...\{4D539EE6-75FA-3E34-9FD6-3C74D2293C35}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Azure Authoring Tools - June 2012 Release (HKLM\...\{646A1C52-6194-4992-8D21-8D9E42AE820A}) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Emulator - June 2012 Release (HKLM\...\Windows Azure Emulator - June 2012 Release) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Libraries for .NET 1.7 – June 2012 (HKLM\...\{AED07B87-975F-4F60-B7C9-38B8596C6531}) (Version: 1.7 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2012 - June 2012 SP1 (HKLM-x32\...\{540cc2f4-4f11-47be-8ebb-e665ed4e9d01}) (Version: 1.7.50716.1601 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 3893.86 MB
Available physical RAM: 1764.74 MB
Total Pagefile: 7785.93 MB
Available Pagefile: 5039.33 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.05 MB

========================= Partitions: =====================================

1 Drive c: (S3A8925D007) (Fixed) (Total:436.04 GB) (Free:202.32 GB) NTFS

========================= Users: ========================================

User accounts for \\TRAVELONLY-PC

Administrator            Guest                    Travelonly              

**** End of log ****

 

Here is the Junkware Removal Tool message: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by Travelonly on 29/05/2015 at 12:07:19.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CC69AD320A71E99B3BA172BDE48ED66F
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{04D7607F-1E91-4C21-BB88-13333F4831EF}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{1956D856-3C18-4AA4-9223-571AFEA65E1D}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{2C72F39B-6725-4504-8B4F-59B1705FB718}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{2C8713AA-6E01-441F-8042-FDC752A2DC8A}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{6B640E9E-C197-4620-849F-62E938676A12}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{6CCBBB79-E6AC-466C-8E73-DB1701D56C4F}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{932AAD60-0C38-459C-9639-67177E37AA99}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{98556200-4239-4AF9-81D8-746E73068F84}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{A5894F3E-32AF-4C34-94B1-3BA69E4EC3D6}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{C1A76C6E-22A7-4AA0-900F-1A35EF17B136}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{E194346E-311B-42E3-BDDC-08A6C4605C28}
Successfully deleted: [Empty Folder] C:\Users\Travelonly\appdata\local\{E39AD363-378E-4870-BD94-D1B9859E2F47}

 

~~~ Chrome

[C:\Users\Travelonly\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Travelonly\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Travelonly\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Travelonly\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/05/2015 at 12:13:17.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And finally, here are the results from the ESET Online Scanner:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir multiple threats deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Users\Travelonly\Downloads\ccsetup417pro (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Travelonly\Downloads\ccsetup417pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Travelonly\Downloads\winzip19-wz.exe a variant of Win32/InstallCore.ZH potentially unwanted application deleted - quarantined
C:\Users\Travelonly\Downloads\WiseConvert.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Windows\Installer\1763eba4.msi a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Windows\temp\avast_ash\WinZip (64 Bit)\winzip195-64.msi a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined

 

So what do I do next?   Thanks for your help by the way :)

 

Feeling a bit more hopeful in Halifax

 



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:00 AM

Posted 30 May 2015 - 04:40 PM

boopme will review your logs as soon as he can and provide further instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 01 June 2015 - 01:03 PM

Thanks Q7

Lets remove what ADW found.

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • How is it now?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 kneonakis

kneonakis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 01 June 2015 - 01:59 PM

Hi boopme

 

I ran the AdwCleaner again and here is the logfile:

 

# AdwCleaner v4.206 - Logfile created 01/06/2015 at 15:44:11
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Travelonly - TRAVELONLY-PC
# Running from : C:\Users\Travelonly\Downloads\AdwCleaner (3).exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5570 bytes] - [25/08/2014 10:22:37]
AdwCleaner[R1].txt - [1358 bytes] - [05/11/2014 19:35:41]
AdwCleaner[R2].txt - [1174 bytes] - [05/11/2014 19:47:09]
AdwCleaner[R3].txt - [14730 bytes] - [13/05/2015 09:39:19]
AdwCleaner[R4].txt - [1255 bytes] - [29/05/2015 11:46:53]
AdwCleaner[R5].txt - [2068 bytes] - [30/05/2015 16:54:42]
AdwCleaner[R6].txt - [2191 bytes] - [30/05/2015 16:58:18]
AdwCleaner[R7].txt - [1686 bytes] - [01/06/2015 15:42:23]
AdwCleaner[S0].txt - [7642 bytes] - [25/08/2014 10:32:23]
AdwCleaner[S1].txt - [1423 bytes] - [05/11/2014 19:37:48]
AdwCleaner[S2].txt - [1236 bytes] - [05/11/2014 19:48:17]
AdwCleaner[S3].txt - [1549 bytes] - [13/05/2015 09:44:24]
AdwCleaner[S4].txt - [1320 bytes] - [29/05/2015 11:48:38]
AdwCleaner[S5].txt - [1566 bytes] - [01/06/2015 15:44:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1625  bytes] ##########

 

 

There is a list of over 70 emails that were not successful that keep trying to send out the spam virus.  I just keep deleting them :(    How will I know when it is completely gone?

 

 

 

 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 AM

Posted 01 June 2015 - 02:06 PM

Ok we need a deeper look to find what is protecting this.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 kneonakis

kneonakis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 01 June 2015 - 02:36 PM

Hello again boopme,

 

Here are the results from the Preparation Guide scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Travelonly (administrator) on TRAVELONLY-PC on 01-06-2015 16:24:46
Running from C:\Users\Travelonly\Downloads
Loaded Profiles: Travelonly (Available Profiles: Travelonly)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Dropbox, Inc.) C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Run: [Google Update] => C:\Users\Travelonly\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\Travelonly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-12] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_10&param1=1&param2=f%253D4%26b%3DIE%26cc%3Dca%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyCtBtByC0AyByDyEyDyEtN0D0Tzu0StCtCyCtBtN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzzyCtA0C0B0CzytGtC0A0A0EtG0BzzzyzztGtCyDyDtBtGyC0A0FtD0DyEyByByDtDtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0E0EyEtAyCyCtGzytB0BtBtGyE0DtB0EtG0AtC0DyDtGzz0FyD0DzztC0Czy0B0A0FyC2Q%26cr%3D672925836%26a%3Dwny_wnzp_15_10%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_enCA467CA467
SearchScopes: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_10&param1=1&param2=f%253D4%26b%3DIE%26cc%3Dca%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyCtBtByC0AyByDyEyDyEtN0D0Tzu0StCtCyCtBtN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzzyCtA0C0B0CzytGtC0A0A0EtG0BzzzyzztGtCyDyDtBtGyC0A0FtD0DyEyByByDtDtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0E0EyEtAyCyCtGzytB0BtBtGyE0DtB0EtG0AtC0DyDtGzz0FyD0DzztC0Czy0B0A0FyC2Q%26cr%3D672925836%26a%3Dwny_wnzp_15_10%26os%3DWindows 7 Home Premium&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-26] (Avast Software s.r.o.)
BHO: BookingBuilder Browser Control -> {B2C9A858-A8BE-426C-B1C7-7FD258B28CAA} -> C:\Program Files (x86)\BookingBuilder\LMIECT64.dll [2011-02-01] (BookingBuilder)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-26] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-12] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://trams.webex.com/client/WBXclient-T27L10NSP32EP12-14923/event/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166

FireFox:
========
FF ProfilePath: C:\Users\Travelonly\AppData\Roaming\Mozilla\Firefox\Profiles\e12ji7yc.default
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF Keyword.URL: https://www.google.com/search
FF Homepage: about:home
FF NewTab: about:newtab
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2144600876-2497738383-3473781756-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Travelonly\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-2144600876-2497738383-3473781756-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2144600876-2497738383-3473781756-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
CHR Extension: (Avast Online Security) - C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Travelonly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
StartMenuInternet: Google Chrome - C:\Users\Travelonly\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-12] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-12] (Avast Software s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80448 2012-07-18] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2012-09-19] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-12] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-12] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-12] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-12] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-12] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-12] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-12] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-12] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-12] ()
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2011-04-15] () [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 16:24 - 2015-06-01 16:25 - 00023334 _____ () C:\Users\Travelonly\Downloads\FRST.txt
2015-06-01 16:23 - 2015-06-01 16:24 - 00000000 ____D () C:\FRST
2015-06-01 16:22 - 2015-06-01 16:23 - 02108928 _____ (Farbar) C:\Users\Travelonly\Downloads\FRST64.exe
2015-06-01 15:40 - 2015-06-01 15:41 - 02231296 _____ () C:\Users\Travelonly\Downloads\AdwCleaner (3).exe
2015-05-31 16:23 - 2015-05-31 19:59 - 01206238 _____ () C:\Users\Travelonly\Desktop\SUNSHINE VOWS DESTINATION WEDDING SHOW 2016.pptx
2015-05-31 15:15 - 2015-05-31 15:15 - 00037459 _____ () C:\Users\Travelonly\Downloads\contacts (13).csv
2015-05-31 15:12 - 2015-05-31 15:12 - 00064058 _____ () C:\Users\Travelonly\Downloads\google (4).csv
2015-05-30 16:54 - 2015-05-30 16:54 - 02223104 _____ () C:\Users\Travelonly\Downloads\AdwCleaner (2).exe
2015-05-30 14:24 - 2015-05-30 14:24 - 00040178 _____ () C:\Users\Travelonly\Desktop\Mini toolbox result.txt
2015-05-30 14:23 - 2015-05-30 14:23 - 00040178 _____ () C:\Users\Travelonly\Desktop\Result.txt
2015-05-30 14:17 - 2015-05-30 14:17 - 00002135 _____ () C:\Users\Travelonly\Desktop\ESETScan.txt
2015-05-30 13:20 - 2015-06-01 15:54 - 00000688 _____ () C:\windows\Tasks\G2MUploadTask-S-1-5-21-2144600876-2497738383-3473781756-1000.job
2015-05-30 13:20 - 2015-05-30 13:20 - 00003734 _____ () C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-2144600876-2497738383-3473781756-1000
2015-05-29 18:01 - 2015-05-29 18:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-29 16:20 - 2015-05-29 16:25 - 24037170 _____ () C:\Users\Travelonly\Documents\Sunshine Vows Destination Wedding Show - 2015.pptx
2015-05-29 12:13 - 2015-05-29 12:13 - 00002700 _____ () C:\Users\Travelonly\Desktop\JRT.txt
2015-05-29 12:05 - 2015-05-29 12:05 - 02948651 _____ (Thisisu) C:\Users\Travelonly\Downloads\JRT (2).exe
2015-05-29 12:03 - 2015-05-29 12:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Travelonly\Downloads\tdsskiller (5).exe
2015-05-29 12:02 - 2015-05-29 12:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Travelonly\Downloads\tdsskiller (4).exe
2015-05-29 11:50 - 2015-06-01 15:46 - 00001600 _____ () C:\windows\PFRO.log
2015-05-29 11:46 - 2015-05-29 11:46 - 02223104 _____ () C:\Users\Travelonly\Downloads\AdwCleaner (1).exe
2015-05-29 11:40 - 2015-05-29 11:40 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Travelonly\Downloads\rkill (3).exe
2015-05-29 11:39 - 2015-05-29 11:39 - 02223104 _____ () C:\Users\Travelonly\Downloads\AdwCleaner.exe
2015-05-26 14:15 - 2015-05-26 14:15 - 00009082 _____ () C:\Users\Travelonly\Documents\DANCEZONE INVOICE RK MORASH.odt
2015-05-25 22:35 - 2015-05-25 22:35 - 00209408 _____ () C:\Users\Travelonly\Documents\TravelOnly Business Development Maritimes.ppt
2015-05-25 09:05 - 2015-06-01 15:46 - 00000314 _____ () C:\windows\setupact.log
2015-05-25 09:05 - 2015-05-25 09:05 - 00000000 _____ () C:\windows\setuperr.log
2015-05-20 09:15 - 2015-05-20 09:16 - 00004124 _____ () C:\Users\Travelonly\Downloads\DWHSA's Basic Certification Program.ics
2015-05-15 11:54 - 2015-05-15 11:54 - 00001620 _____ () C:\Users\Travelonly\Downloads\calendar (1).ics
2015-05-14 13:40 - 2015-05-14 13:40 - 01140670 _____ () C:\Users\Travelonly\Downloads\DESTINATION-WEDDINGS-POWERPOINT.pptx
2015-05-14 12:27 - 2015-05-14 12:27 - 00004781 _____ () C:\Users\Travelonly\Downloads\Intrepid Travel with Shayna Zand.ics
2015-05-13 12:14 - 2015-05-13 12:14 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TRAVELONLY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-13 12:14 - 2015-05-13 12:14 - 00000000 ____D () C:\RegBackup
2015-05-13 10:28 - 2015-05-01 10:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:28 - 2015-05-01 10:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:54 - 2015-05-13 09:54 - 00003026 _____ () C:\windows\System32\Tasks\{1F19FAC4-9D2A-44D7-9B76-1A1D5B21FDE7}
2015-05-13 09:31 - 2015-05-29 11:46 - 00002236 _____ () C:\Users\Travelonly\Desktop\Rkill.txt
2015-05-13 08:44 - 2015-05-13 08:44 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Travelonly\Downloads\mbam-setup-2.1.6.1022 (3).exe
2015-05-13 08:41 - 2015-05-13 08:41 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Travelonly\Downloads\mbam-setup-2.1.6.1022 (2).exe
2015-05-13 08:37 - 2015-05-13 08:38 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Travelonly\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-13 07:15 - 2015-04-27 16:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 07:15 - 2015-04-27 16:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 07:15 - 2015-04-27 16:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 07:15 - 2015-04-27 16:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-13 07:15 - 2015-04-27 16:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 07:15 - 2015-04-27 16:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 07:15 - 2015-04-27 16:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 07:15 - 2015-04-27 16:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-13 07:15 - 2015-04-27 16:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-13 07:15 - 2015-04-27 16:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-13 07:15 - 2015-04-27 16:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-13 07:15 - 2015-04-27 16:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-13 07:15 - 2015-04-27 16:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-13 07:15 - 2015-04-27 16:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-13 07:15 - 2015-04-27 16:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-13 07:15 - 2015-04-27 15:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 07:15 - 2015-04-20 00:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 07:15 - 2015-04-20 00:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 07:15 - 2015-04-19 23:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 07:15 - 2015-04-19 23:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 07:14 - 2015-05-04 22:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 07:14 - 2015-05-04 22:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-13 07:14 - 2015-04-27 16:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-13 07:14 - 2015-04-27 16:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-13 07:14 - 2015-04-27 16:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 07:14 - 2015-04-27 16:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 07:14 - 2015-04-27 16:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 07:14 - 2015-04-27 16:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 07:14 - 2015-04-27 16:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 07:14 - 2015-04-27 16:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 07:14 - 2015-04-27 16:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 07:14 - 2015-04-27 16:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 07:14 - 2015-04-27 16:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-13 07:14 - 2015-04-27 16:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-13 07:14 - 2015-04-27 16:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-13 07:14 - 2015-04-27 16:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-13 07:14 - 2015-04-27 16:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-13 07:14 - 2015-04-27 16:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-13 07:14 - 2015-04-27 16:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-13 07:14 - 2015-04-27 16:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-13 07:14 - 2015-04-27 16:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-13 07:14 - 2015-04-27 16:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-13 07:14 - 2015-04-27 16:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-13 07:14 - 2015-04-27 16:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-13 07:14 - 2015-04-27 16:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-13 07:14 - 2015-04-27 16:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 14:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-13 07:14 - 2015-04-27 14:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-13 07:14 - 2015-04-27 14:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 14:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 14:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 07:14 - 2015-04-27 14:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 07:14 - 2015-04-18 00:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 07:14 - 2015-04-17 23:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-13 07:14 - 2015-04-13 00:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 07:14 - 2015-04-08 00:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 07:14 - 2015-04-08 00:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 07:14 - 2015-04-08 00:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-13 07:09 - 2015-03-04 01:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 07:09 - 2015-03-04 01:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 07:09 - 2015-03-04 01:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 07:09 - 2015-03-04 01:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-13 07:09 - 2015-03-04 01:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-13 07:09 - 2015-03-04 01:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-13 07:09 - 2015-03-04 01:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-13 07:09 - 2015-02-18 04:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-13 07:09 - 2015-02-18 04:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-13 07:08 - 2015-04-21 23:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 07:08 - 2015-04-21 22:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 07:08 - 2015-04-21 14:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 07:08 - 2015-04-21 14:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-13 07:08 - 2015-04-21 14:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-13 07:08 - 2015-04-21 13:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-13 07:08 - 2015-04-21 13:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 07:08 - 2015-04-21 13:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 07:08 - 2015-04-21 13:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-13 07:08 - 2015-04-21 13:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 07:08 - 2015-04-21 13:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-13 07:08 - 2015-04-21 13:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-13 07:08 - 2015-04-21 13:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-13 07:08 - 2015-04-21 13:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 07:08 - 2015-04-21 13:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 07:08 - 2015-04-21 13:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-13 07:08 - 2015-04-21 13:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-13 07:08 - 2015-04-21 13:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-13 07:08 - 2015-04-21 13:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 07:08 - 2015-04-21 13:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-13 07:08 - 2015-04-21 13:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-13 07:08 - 2015-04-21 13:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 07:08 - 2015-04-21 13:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-13 07:08 - 2015-04-21 13:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 07:08 - 2015-04-21 13:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 07:08 - 2015-04-21 13:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-13 07:08 - 2015-04-21 13:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-13 07:08 - 2015-04-21 13:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 07:08 - 2015-04-21 13:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-13 07:08 - 2015-04-21 13:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 07:08 - 2015-04-21 13:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-13 07:08 - 2015-04-21 13:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 07:08 - 2015-04-21 13:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 07:08 - 2015-04-21 13:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-13 07:08 - 2015-04-21 13:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-13 07:08 - 2015-04-21 13:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-13 07:08 - 2015-04-21 12:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 07:08 - 2015-04-21 12:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-13 07:08 - 2015-04-21 12:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-13 07:08 - 2015-04-21 12:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 07:08 - 2015-04-21 12:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 07:08 - 2015-04-21 12:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-13 07:08 - 2015-04-21 12:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-13 07:08 - 2015-04-21 12:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 07:08 - 2015-04-21 12:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 07:08 - 2015-04-21 12:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 07:08 - 2015-04-21 12:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-13 07:08 - 2015-04-21 12:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 07:08 - 2015-04-21 12:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 07:08 - 2015-04-21 12:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 07:08 - 2015-04-21 12:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 07:08 - 2015-04-21 12:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 07:08 - 2015-04-21 12:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 07:08 - 2015-04-21 12:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-13 07:08 - 2015-04-21 12:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 07:08 - 2015-04-21 12:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 07:08 - 2015-04-21 12:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 07:08 - 2015-04-21 12:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 07:08 - 2015-04-21 11:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 07:08 - 2015-04-21 11:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-13 06:18 - 2015-01-29 00:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 06:18 - 2015-01-29 00:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-12 21:13 - 2015-05-12 21:59 - 470367879 _____ () C:\Users\Travelonly\Downloads\McAfee-MEG-7.6-3044.102.VMtrial.zip
2015-05-12 18:10 - 2015-06-01 15:49 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-12 18:10 - 2015-05-13 08:45 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-12 18:10 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-12 18:10 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-12 18:10 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-12 18:09 - 2015-05-12 18:09 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Travelonly\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-12 12:39 - 2015-05-12 12:39 - 00449896 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-05-12 12:39 - 2015-05-12 12:39 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-05-12 12:39 - 2015-05-12 12:39 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-05-12 09:07 - 2015-05-22 21:45 - 00000000 ____D () C:\Users\Travelonly\Downloads\2015-05-11 Cuba 2015

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 16:25 - 2012-01-22 12:34 - 00000000 ____D () C:\Users\Travelonly\Documents\Outlook Files
2015-06-01 16:11 - 2014-02-04 15:09 - 00000592 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2144600876-2497738383-3473781756-1000.job
2015-06-01 16:01 - 2012-04-12 08:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 15:58 - 2009-07-14 01:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 15:58 - 2009-07-14 01:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 15:56 - 2012-01-21 13:53 - 01239142 _____ () C:\windows\WindowsUpdate.log
2015-06-01 15:51 - 2014-08-25 20:57 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-06-01 15:49 - 2013-01-23 20:49 - 00000000 ___RD () C:\Users\Travelonly\Dropbox
2015-06-01 15:49 - 2013-01-23 20:46 - 00000000 ____D () C:\Users\Travelonly\AppData\Roaming\Dropbox
2015-06-01 15:47 - 2014-01-01 21:57 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 15:46 - 2009-07-14 02:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-06-01 15:44 - 2014-08-25 10:21 - 00000000 ____D () C:\AdwCleaner
2015-06-01 15:42 - 2012-01-22 13:35 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000UA.job
2015-06-01 15:36 - 2014-01-01 21:57 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 15:15 - 2012-05-25 14:36 - 32540672 ___SH () C:\Users\Travelonly\Downloads\Thumbs.db
2015-06-01 15:15 - 2012-02-23 17:32 - 31050240 ___SH () C:\Users\Travelonly\Documents\Thumbs.db
2015-06-01 15:06 - 2015-02-03 16:07 - 03200000 ___SH () C:\Users\Travelonly\Desktop\Thumbs.db
2015-06-01 13:06 - 2009-07-14 00:20 - 00000000 ____D () C:\windows\system32\NDF
2015-06-01 09:42 - 2012-01-22 13:35 - 00000876 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000Core.job
2015-05-31 20:17 - 2014-11-26 17:57 - 00000000 ____D () C:\Users\Travelonly\Desktop\SVDWS
2015-05-31 18:58 - 2013-06-05 19:22 - 00000000 ____D () C:\Users\Travelonly\Documents\Promotions
2015-05-31 15:39 - 2012-03-01 12:32 - 00000000 ____D () C:\Users\Travelonly\AppData\Local\WMTools Downloaded Files
2015-05-31 02:00 - 2012-01-22 15:36 - 00000000 ____D () C:\Users\Travelonly\AppData\Local\Adobe
2015-05-30 13:20 - 2014-02-04 15:09 - 00003638 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2144600876-2497738383-3473781756-1000
2015-05-29 14:55 - 2012-01-27 13:34 - 00228744 _____ () C:\Users\Travelonly\Desktop\Group Spreadsheet.xlsx
2015-05-25 21:53 - 2014-11-27 21:54 - 00000000 ____D () C:\Users\Travelonly\Desktop\TravelOnly_Icons_JPEG
2015-05-21 07:57 - 2015-04-04 20:14 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-05-21 07:57 - 2015-04-04 20:14 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-16 22:31 - 2014-01-01 21:57 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 22:31 - 2014-01-01 21:57 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 18:11 - 2009-07-14 00:20 - 00000000 ____D () C:\windows\rescache
2015-05-16 16:43 - 2013-04-15 16:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 16:24 - 2014-10-27 15:10 - 00000000 ____D () C:\windows\jumpshot.com
2015-05-16 16:24 - 2012-01-22 11:07 - 00000000 ____D () C:\Users\Travelonly
2015-05-16 08:42 - 2014-10-27 15:11 - 00000000 __SHD () C:\Jumpshot
2015-05-15 21:06 - 2014-11-04 16:28 - 25690112 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2015-05-15 21:06 - 2014-11-04 16:28 - 116129792 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2015-05-15 21:06 - 2014-11-04 16:28 - 11534336 _____ () C:\Users\Travelonly\.ghost-ntfs-3g-00000000000000000009
2015-05-15 09:37 - 2012-01-22 13:35 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000UA
2015-05-15 09:37 - 2012-01-22 13:35 - 00003512 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000Core
2015-05-13 11:17 - 2009-07-14 02:13 - 00787510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-13 11:12 - 2012-05-15 12:34 - 00000000 ____D () C:\Users\Travelonly\AppData\Local\Deployment
2015-05-13 11:09 - 2009-07-14 01:45 - 05054896 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-13 11:04 - 2009-07-14 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 11:04 - 2009-07-14 00:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-13 11:01 - 2012-10-04 18:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 10:58 - 2012-01-22 11:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 10:53 - 2013-08-15 10:10 - 00000000 ____D () C:\windows\system32\MRT
2015-05-13 10:44 - 2012-04-29 22:14 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 10:27 - 2012-10-04 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 10:25 - 2012-10-04 18:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 08:45 - 2014-11-04 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 08:45 - 2014-11-04 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-12 17:26 - 2014-10-29 13:45 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-12 17:26 - 2012-07-11 13:46 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-12 17:14 - 2009-07-14 02:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-05-12 12:39 - 2014-09-24 16:09 - 00028144 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswKbd.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 00272248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 00065736 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-05-12 12:39 - 2014-08-25 20:56 - 00029168 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-05-12 09:14 - 2013-01-23 20:47 - 00000000 ____D () C:\Users\Travelonly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2013-10-17 13:48 - 2013-10-17 13:48 - 0004096 ____H () C:\Users\Travelonly\AppData\Local\keyfile3.drm
2014-10-24 09:49 - 2014-10-24 09:49 - 0000000 _____ () C:\Users\Travelonly\AppData\Local\{17D8E480-3BD5-47CC-8DFF-F5B4689BE5E9}
2014-09-08 16:40 - 2014-09-08 16:40 - 0000000 _____ () C:\Users\Travelonly\AppData\Local\{2DF81DA8-9B61-4718-BBDE-4C648F0591D6}
2012-01-22 16:45 - 2012-01-22 16:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-14 17:23 - 2012-03-14 17:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-12-14 15:34 - 2010-03-30 11:12 - 0024772 _____ () C:\ProgramData\P1210DEF.css
2012-12-14 15:34 - 2012-12-14 15:34 - 0014666 _____ () C:\ProgramData\P1210OS.HTM
2012-12-14 15:34 - 2010-03-30 11:12 - 0002944 _____ () C:\ProgramData\P1210SIG.GIF

Some files in TEMP:
====================
C:\Users\Travelonly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxomtca.dll
C:\Users\Travelonly\AppData\Local\Temp\Quarantine.exe
C:\Users\Travelonly\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-30 15:42

==================== End of log ============================

 

and the second one:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Travelonly at 2015-06-01 16:27:21
Running from C:\Users\Travelonly\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2144600876-2497738383-3473781756-500 - Administrator - Disabled)
Guest (S-1-5-21-2144600876-2497738383-3473781756-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2144600876-2497738383-3473781756-1002 - Limited - Enabled)
Travelonly (S-1-5-21-2144600876-2497738383-3473781756-1000 - Administrator - Enabled) => C:\Users\Travelonly

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
CompanionLink (HKLM-x32\...\{CD8B8A40-DC1E-48FB-9510-3829614C96D7}) (Version: 5.00.5000 - CompanionLink Software, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.128.0.66 - Conexant)
CrazyTalk Animator PRO Trial (HKLM-x32\...\{789567FD-CAA2-4E1C-B38E-9072B3015FFD}) (Version: 1.2.2816.1 - Reallusion Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F# Tools for Visual Studio Express 2012 for Web (HKLM-x32\...\{84d6fbf4-5721-416c-a91e-4024b4d6d26d}) (Version: 11.0.50727.1 - Microsoft Corporation)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
GroupsApp (HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\d8b259fcb79f1677) (Version: 1.1.0.2 - TTC)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP ePrint Mobile (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version:  - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Web - ENU (HKLM-x32\...\{4bd1cdab-bf82-42c1-af37-e4918141913f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft WebMatrix 2 (HKLM-x32\...\{67DDFF12-91F7-472D-AAB8-1B248A306779}) (Version: 2.0.1674 - Microsoft Corporation)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
MySQL Server 5.1 (HKLM\...\{2AA0764A-4EA1-4C63-8E42-173A015030B3}) (Version: 5.1.63 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sandals News Network (HKLM-x32\...\Sandals News Network 1.0) (Version: 1.0 - Direct Message Lab)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SureThing Ticket Maker (HKLM-x32\...\{9EBB4D8D-337F-4A7B-91FD-9183FB371C56}_is1) (Version: 5.2.705.1 - MicroVision Development, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{80F696E0-AB85-433E-99E3-8CC6D98CF167}) (Version: 8.0.35 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{A536367E-C40C-4483-8F9B-19DEB881B205}) (Version: 2.00.13 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.12 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.20.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VWD F# Installer (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Azure Authoring Tools - June 2012 Release (HKLM\...\{646A1C52-6194-4992-8D21-8D9E42AE820A}) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Emulator - June 2012 Release (HKLM\...\Windows Azure Emulator - June 2012 Release) (Version: 1.7.30602.1703 - Microsoft Corporation)
Windows Azure Libraries for .NET 1.7 – June 2012 (HKLM\...\{AED07B87-975F-4F60-B7C9-38B8596C6531}) (Version: 1.7 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2012 - June 2012 SP1 (HKLM-x32\...\{540cc2f4-4f11-47be-8ebb-e665ed4e9d01}) (Version: 1.7.50716.1601 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Travelonly\AppData\Local\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Travelonly\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2144600876-2497738383-3473781756-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

04-03-2015 09:35:12 Windows Update
10-03-2015 02:56:59 Windows Update
11-03-2015 20:27:18 Windows Update
17-03-2015 08:12:18 avast! antivirus system restore point
17-03-2015 08:17:09 Device Driver Package Install: Avast Network Service
17-03-2015 11:39:41 Windows Update
21-03-2015 09:46:43 Garmin Express
24-03-2015 09:28:04 Windows Update
26-03-2015 09:09:49 Windows Update
26-03-2015 09:40:02 avast! antivirus system restore point
26-03-2015 09:44:28 Device Driver Package Install: Avast Network Service
31-03-2015 07:56:56 Windows Update
03-04-2015 12:20:49 Windows Update
04-04-2015 20:14:20 Windows Update
06-04-2015 14:27:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
06-04-2015 14:28:45 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
06-04-2015 14:29:55 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
06-04-2015 14:31:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
06-04-2015 14:49:46 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
06-04-2015 14:50:43 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
07-04-2015 08:25:41 Windows Update
10-04-2015 09:30:50 Windows Update
14-04-2015 08:34:32 Windows Update
16-04-2015 09:14:03 Windows Update
16-04-2015 20:26:58 Windows Update
21-04-2015 08:44:17 Windows Update
28-04-2015 10:00:19 Windows Update
05-05-2015 18:15:30 Windows Update
11-05-2015 09:45:19 Windows Update
12-05-2015 12:37:28 avast! antivirus system restore point
12-05-2015 12:41:16 Device Driver Package Install: Avast Network Service
13-05-2015 10:15:41 Windows Update
19-05-2015 02:47:46 Windows Update
21-05-2015 07:55:05 Windows Update
26-05-2015 09:04:33 Windows Update
29-05-2015 09:36:36 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2014-11-05 21:09 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08BCA17D-24AE-4E9B-8F60-D5DC75C1E8DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0EE37D05-22A2-4A99-BB6B-7F58EF59DD59} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {11D03523-60C3-4F84-99CC-013EEBC3AB5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000UA => C:\Users\Travelonly\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {173CFDAE-3BAB-4674-A48A-B5799529DC30} - System32\Tasks\hpUrlLauncher.exe => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\utils\hpUrlLauncher.exe
Task: {20CF68D2-61BF-462F-84EA-24F0E9390F9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {2FE97CF2-1F84-4BBF-A07F-C6CEDFFA6139} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000Core => C:\Users\Travelonly\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {31288117-C98E-4068-A97A-A1BD5570EBE1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-12] (Avast Software s.r.o.)
Task: {37C06C07-A97C-453A-875B-1CB02BA6FCA4} - System32\Tasks\G2MUpdateTask-S-1-5-21-2144600876-2497738383-3473781756-1000 => C:\Users\Travelonly\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3D300BDA-EBE3-4DB4-AE2E-87FD11D7CB9D} - System32\Tasks\G2MUploadTask-S-1-5-21-2144600876-2497738383-3473781756-1000 => C:\Users\Travelonly\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3E1DF6AC-EF9E-4EAD-9F30-BB7EC79260AB} - System32\Tasks\Google Updater and Installer => C:\Users\Travelonly\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {482B2D1F-585C-4C69-88E7-71E58BF9E09F} - System32\Tasks\AdobeAAMUpdater-1.0-Travelonly-PC-Travelonly => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {4A80877B-C203-495B-B4E3-3EEF69A7FBD0} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {54650500-F445-48F9-AAF3-435FC6BA789A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {58AB758C-8ED5-49B0-A0D7-4FB0B1EB482E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5AF11059-AA78-4070-A12D-B04C27A1E2BC} - System32\Tasks\HP AR Program Upload - 87a5b49991ee474196150a276c1397aa896e08f6f7aa48d6be275b1e41529937 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {5BE01F89-765C-492F-862D-DF94F44533A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {609E81C2-F6A6-4C61-9EB9-EEB285F07B7C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {68BD9A22-1499-45AD-987F-9D673FEF8B07} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {6FA67835-CDF8-4C3B-90E8-4680A1C46ACB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {789D62E4-E055-450E-92F2-A3125D1C65A3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {8421F079-FF6E-403B-A380-796300FE068E} - System32\Tasks\HP AR Program Upload - 28656179a9ad4e8bb3ef3f6151f9090eb14836909a764d1bac6ad929998845f7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {84F3E926-0864-4D02-B8D9-2AB367B05F31} - System32\Tasks\HP AR Program Upload - 2bb2245865824d399f9a31d21447901fa344b55d87914d239cb346e423581b5c => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {851A6E3C-5901-4489-B57A-B8BFF84739D7} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {93000264-D176-4A53-9B04-86DF598F85C4} - System32\Tasks\{1F19FAC4-9D2A-44D7-9B76-1A1D5B21FDE7} => Chrome.exe
Task: {97EC06E6-AB72-459F-BA96-B7EC6C3EB1E7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {9D5682D7-D0A3-458C-BB27-B5F75DB0B756} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {AB0D5E99-FF9F-41B2-9B80-86E844288151} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AE40A064-C7D9-4B31-968A-C1D3ACF61BF2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {BCB6501A-A156-47B8-AF34-6F6CB3F20457} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {C04ED2F6-C82A-46A3-BEC7-635CA0AF2068} - System32\Tasks\HP AR Program Upload - 7bbe2aefffb04bacbe1f3f8f16c23546353dc92c912d4197a3f7b7a33ae8cea9 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {C1DB1BFA-4DE3-44BA-B755-80764939BB75} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {D8B20843-DF9C-497C-8A6F-AC1437082E66} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMNJJMOMKMJJLMNJJMCNPMJJOMJJCNLMPMHMOMCNGMNJMMIMCNMJMJHMGMKMNMNJOJOJIMJMGMJNJICMIMCNGMCNMMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMJMIMJNHICMEKMICNJJCKJNBJCMLKNIOJJIKJDJAJBJDJGIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFMPMJNFICMNIJJIIGJPIKJAJKILIBNKJHIKJ"
Task: {DE01E93B-1479-449E-A170-D367EBFFEE2F} - System32\Tasks\HP AR Program Upload - b6852e118c574b8b8a1677ac93033d36c88acff030734aee84ac3439d0f72a96 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DE27DB31-2071-464F-9BD6-37B549BC2498} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-23] (Microsoft Corporation)
Task: {E4154F4C-09D2-4413-B464-9F09FCD450AF} - System32\Tasks\HP AR Program Upload - a18771bd775d41349f713e0eec1ddd06d96ca578a9cf4d0781c111e12192b54e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {E8121B2F-56BB-40D1-901C-DF68913F1DC4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F0691994-9BE5-436D-8162-782260E31725} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2144600876-2497738383-3473781756-1000.job => C:\Users\Travelonly\AppData\Local\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2144600876-2497738383-3473781756-1000.job => C:\Users\Travelonly\AppData\Local\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000Core.job => C:\Users\Travelonly\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2144600876-2497738383-3473781756-1000UA.job => C:\Users\Travelonly\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-04-25 13:34 - 2010-03-31 11:51 - 00074240 ____N () C:\windows\system32\spool\PRTPROCS\x64\HPM1210PP.DLL
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-11 15:13 - 2015-02-11 15:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-04-07 21:07 - 2010-04-07 21:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 18:26 - 2009-11-03 18:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 19:15 - 2010-03-03 19:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 19:15 - 2010-03-03 19:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-11-01 22:13 - 2009-06-22 19:40 - 00022328 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-13 00:08 - 2009-03-13 00:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 22:38 - 2009-07-25 22:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2012-04-16 16:11 - 2012-04-16 16:11 - 07663616 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2015-01-06 10:18 - 2015-01-06 10:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2010-02-05 22:44 - 2010-02-05 22:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-05-12 12:39 - 2015-05-12 12:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-12 12:39 - 2015-05-12 12:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-01 08:25 - 2015-06-01 08:25 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060100\algo.dll
2015-06-01 15:52 - 2015-06-01 15:52 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060101\algo.dll
2015-06-01 15:48 - 2015-06-01 15:48 - 00043008 _____ () c:\Users\Travelonly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxomtca.dll
2015-03-04 18:45 - 2015-03-04 18:45 - 00750080 _____ () C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 18:45 - 2015-03-04 18:45 - 00047616 _____ () C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 18:45 - 2015-03-04 18:45 - 00865280 _____ () C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 18:45 - 2015-03-04 18:45 - 00200704 _____ () C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-17 08:15 - 2015-03-17 08:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2144600876-2497738383-3473781756-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Travelonly\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CompanionLink => "c:\program files (x86)\companionlink\companionlink.exe" -Icon
MSCONFIG\startupreg: GoogleChromeAutoLaunch_CC69AD320A71E99B3BA172BDE48ED66F => "C:\Users\Travelonly\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{904167D9-267B-46E9-81C6-81E1C75586F8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C89DEA53-35F5-4BDC-B407-A774CFA90007}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{603B0B1B-900B-48B6-B436-0C5B0D8FD1C0}] => (Allow) LPort=2869
FirewallRules: [{68BCCE9A-4DD2-4974-9915-2AE9470C693B}] => (Allow) LPort=1900
FirewallRules: [{CC25A1F9-E184-4CA7-B3BE-68CA1B1F71EC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EEC82168-EA1E-4D1B-83F3-7B13F1BB4341}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{9EEF3D3D-ADF5-4B21-AF83-CE6443BC5407}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{DF6C0C3F-D7F4-477A-A1D8-4F9D1CDB0682}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{54ACDFB6-9E8C-4D5A-A990-F3110B3AAF7A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{C139360F-BC4C-464E-A742-530771E4FA1C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{066657BC-2BD9-4A90-8A7B-6AC8E9B3CB99}] => (Allow) C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A2BE33ED-1FE3-48C2-BFC4-240E39A2624C}] => (Allow) C:\Users\Travelonly\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4F674B58-027D-4BD7-8B3D-E269550C3D38}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{CD65D731-BB19-40FD-958F-CEFCABCBAA39}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{02192367-ED3B-4EF1-B6EE-08C027662171}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{CDE72930-17FC-4480-9305-EC1B32C537F9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{7C0B02B5-4FFF-4FB6-815F-AA1C6737E70C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4A11B7EB-5E20-4A5A-8607-A30D90C90542}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{72E30D98-0080-4856-81BA-D17F9FFCDA85}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{AF458CEA-2BB1-48A2-B3A3-921C0E463483}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{14437371-7205-450E-91AE-653CE2D7494D}C:\users\travelonly\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\travelonly\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9A92BC7D-CCA4-4651-BBC6-9B7805BC68FE}C:\users\travelonly\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\travelonly\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A9B8BA5C-2C5A-4C2E-8DF0-B1D444D6AC5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27F71E73-9631-4F78-A223-96E24BEEFFD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{604B90D3-8700-4308-A151-753FE03FAF0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57BB8581-3FB2-4C6A-B2CD-6C1E017FB47F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BE7F494-70FB-47F9-89A3-842145AF5F56}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{255424C9-2B67-4ABF-A8D8-BA78D29A0A54}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2168539B-4E6D-4BD0-8075-83CF4D5F52CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{54B8576D-8180-4522-AD1C-89764B2DB509}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{257C4C3D-741E-4B94-B232-A778EEF5F1BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{139B7CF4-7EE0-4DF3-9C2C-DC73C4E19E73}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D8EFDE82-0EBA-4983-8487-E4835698B171}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2015 03:36:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17801 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e8

Start Time: 01d09c99839528a1

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/31/2015 00:59:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/30/2015 03:47:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/29/2015 09:20:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Creative Cloud.exe version 2.9.1.474 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2048

Start Time: 01d099b065f3ae22

Termination Time: 124

Application Path: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

Report Id: fdb3105e-05fc-11e5-b140-00266cde2662

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (06/01/2015 03:48:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (06/01/2015 03:47:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (06/01/2015 03:47:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (06/01/2015 03:45:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (06/01/2015 03:45:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/01/2015 03:45:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
%%109

Error: (06/01/2015 03:45:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (06/01/2015 03:45:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (06/01/2015 03:44:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\system32\athihvs.dll

Error: (06/01/2015 03:44:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (06/01/2015 03:36:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1780114e801d09c99839528a10C:\Program Files\Internet Explorer\iexplore.exe

Error: (05/31/2015 00:59:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/30/2015 03:47:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/29/2015 09:20:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Creative Cloud.exe2.9.1.474204801d099b065f3ae22124C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exefdb3105e-05fc-11e5-b140-00266cde2662

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10339153

Error: (05/28/2015 09:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090

Error: (05/28/2015 06:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2014-11-05 20:08:41.909
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-05 20:08:41.831
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 3893.86 MB
Available physical RAM: 1553.56 MB
Total Pagefile: 7785.93 MB
Available Pagefile: 4682.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (S3A8925D007) (Fixed) (Total:436.04 GB) (Free:199.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1FA8B9CF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=436 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.1 GB) - (Type=17)
Partition 4: (Not Active) - (Size=10.1 GB) - (Type=17)

==================== End of log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users