Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked? Not sure where to start


  • This topic is locked This topic is locked
18 replies to this topic

#1 cathyb9

cathyb9

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 13 July 2015 - 08:53 AM

Toshiba All-In-One running Windows 7 Home Premium with Service Pack 1

Intel i7-2630QM CPU @ 2.00 GHz 

8.00 GB RAM

64-bit

Windows firewall

Avast internet security

 

Have been wondering whether the system has been hijacked as the remote camera keeps appearing on my last used programs list, in spite of my never having used it. 

 

Following the advice elsewhere on this site I ran MalwareBytes and it found Rogue.Multiple. Now is running clean, apparently.

 

So where do I start and what do I do?

 

Thanks!



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 AM

Posted 13 July 2015 - 03:25 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 cathyb9

cathyb9
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 13 July 2015 - 05:13 PM

Hello Jürgen and thank you for your help.

 

Here are the two logs you have requested: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by cathy (administrator) on CATHY-PC on 14-07-2015 07:58:10
Running from C:\Users\cathy\Desktop
Loaded Profiles: cathy (Available Profiles: cathy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TBS\HSON.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TosTogKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Darfon Electronics Corp.) C:\Windows\TiltMouseAPP.exe
(Darfon Electronics Corp.) C:\Windows\AIOKBApp.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Igor Pavlov) C:\Program Files\7-Zip\7zFM.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
(Flickr) C:\Users\cathy\AppData\Local\FlickrUploadrWindows\app-0.9.90.246\Flickr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosTogKeyMon] => C:\Program Files\TOSHIBA\FlashCards\TosTogKeyMon.exe [2409336 2010-06-12] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544104 2011-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [TiltMouse] => C:\windows\TiltMouseAPP.exe [118272 2011-02-19] (Darfon Electronics Corp.)
HKLM-x32\...\Run: [AIOKBApp] => C:\windows\AIOKBApp.exe [114176 2010-06-29] (Darfon Electronics Corp.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] => C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2011-03-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-11] (Glarysoft Ltd)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-24] (Piriform Ltd)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [867488 2015-03-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [FlickrUploadr] => "C:\Users\cathy\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-07-02]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jungle Disk Desktop.lnk [2015-07-04]
ShortcutTarget: Jungle Disk Desktop.lnk -> C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe (Jungle Disk, Inc.)
Startup: C:\Users\cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2014-04-29]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
ShellIconOverlayIdentifiers: [JungleDisk1_Complete] -> {78061A12-1E91-4446-8B65-8ED2FF328D4A} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2011-03-04] (.)
ShellIconOverlayIdentifiers: [JungleDisk2_InProgress] -> {700AD13D-E86F-41C9-9A8F-39B4C438806F} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2011-03-04] (.)
ShellIconOverlayIdentifiers: [JungleDisk3_Conflicted] -> {48C7A606-0F84-4DC8-8AFD-A157BDF18A08} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2011-03-04] (.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-2179533540-259808961-616636266-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-2179533540-259808961-616636266-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com/
SearchScopes: HKLM -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2179533540-259808961-616636266-1000 -> DefaultScope {AA8311AF-C14D-44A2-91B6-6729292A3F67} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2179533540-259808961-616636266-1000 -> {AA8311AF-C14D-44A2-91B6-6729292A3F67} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2179533540-259808961-616636266-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-03-31] (<TOSHIBA>)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-03-31] (<TOSHIBA>)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{176601B3-85C8-422C-9C39-A43F750429D7}: [NameServer] 54.252.183.4,54.252.183.5
Tcpip\..\Interfaces\{176601B3-85C8-422C-9C39-A43F750429D7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83450532-37F7-4835-B16C-3423AE7B1C36}: [NameServer] 103.250.185.113,106.186.22.8
Tcpip\..\Interfaces\{83450532-37F7-4835-B16C-3423AE7B1C36}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\cathy\AppData\Roaming\Mozilla\Firefox\Profiles\oo00a00y.default-1404706481116
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-04-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2014-11-04] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-05-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-05-04] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-04-11]
 
Chrome: 
=======
CHR Profile: C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-14]
CHR Extension: (Google Drive) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (Flash render quality) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbkhhhlbomjpenealmjakmfmlgnbimep [2014-11-29]
CHR Extension: (YouTube) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (Google Search) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-22]
CHR Extension: (Dyslexie) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm [2015-06-25]
CHR Extension: (Avast Online Security) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-22]
CHR Extension: (Vine for Chrome) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfkidejapghjmjphojdbnchkdphccno [2015-03-25]
CHR Extension: (RealDownloader) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Instagram for Chrome) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-06-13]
CHR Extension: (Gmail) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-18] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-18] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-18] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [662592 2014-07-23] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-18] (SurfRight B.V.)
R2 JungleDiskService; C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [9761096 2011-05-17] (Jungle Disk, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-05-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-18] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-18] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-18] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-18] ()
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)
R3 CXPOLARIS; C:\Windows\System32\drivers\cxRDU253S.sys [449792 2011-02-22] (Conexant Systems, Inc.)
R3 DFKBfilter; C:\Windows\System32\drivers\DFKBfilter.sys [24712 2010-06-25] (Darfon Electronics Corp.)
R3 DFMousefilter; C:\Windows\System32\drivers\DFMousefilter.sys [24200 2010-06-25] (Darfon Electronics Corp.)
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-19] (Glarysoft Ltd)
R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-09-01] (Nuvoton Technology Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-18] (Avast Software)
S3 RSPCIESTOR; system32\DRIVERS\RtsPStor.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-14 07:58 - 2015-07-14 07:58 - 00034760 _____ C:\Users\cathy\Desktop\FRST.txt
2015-07-14 07:57 - 2015-07-14 07:58 - 00000000 ____D C:\FRST
2015-07-14 07:53 - 2015-07-14 07:54 - 02133504 _____ (Farbar) C:\Users\cathy\Desktop\FRST64.exe
2015-07-13 23:21 - 2015-07-14 07:53 - 00000024 ____H C:\Users\cathy\Documents\Database.kdb.lock
2015-07-13 21:00 - 2015-07-13 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 20:59 - 2015-07-13 23:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-13 20:59 - 2015-07-13 22:38 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 20:09 - 2015-07-13 21:48 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-13 20:05 - 2015-07-13 23:18 - 00000000 ____D C:\Users\cathy\Desktop\mbar
2015-07-13 19:57 - 2015-07-13 20:02 - 16502728 _____ (Malwarebytes Corp.) C:\Users\cathy\Desktop\mbar-1.09.1.1004.exe
2015-07-13 19:36 - 2015-07-13 19:36 - 00291606 _____ C:\Users\cathy\Desktop\TCPView.zip
2015-07-13 19:04 - 2015-07-13 19:04 - 00000000 _____ C:\windows\SysWOW64\shoA7DC.tmp
2015-07-13 01:00 - 2015-07-13 19:05 - 00000056 _____ C:\windows\setupact.log
2015-07-13 01:00 - 2015-07-13 01:00 - 00000000 _____ C:\windows\setuperr.log
2015-07-11 22:17 - 2015-07-11 22:17 - 186835060 _____ C:\Users\cathy\Downloads\abbottetc.psd
2015-07-11 21:37 - 2015-07-11 21:37 - 08127566 _____ C:\Users\cathy\Downloads\Untitled-1.psd
2015-07-11 21:36 - 2015-07-11 21:37 - 472132604 _____ C:\Users\cathy\Downloads\brandescher.psd
2015-07-11 00:23 - 2015-07-11 00:25 - 324365488 _____ C:\Users\cathy\Downloads\Untitled_Panorama2.psd
2015-07-06 18:37 - 2015-07-06 18:37 - 00001724 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-06 18:37 - 2015-07-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-06 18:35 - 2015-07-06 18:36 - 00000000 ____D C:\Program Files\iTunes
2015-07-06 18:35 - 2015-07-06 18:35 - 00000000 ____D C:\Program Files\iPod
2015-07-06 18:35 - 2015-07-06 18:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-05 21:32 - 2015-07-05 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-05 21:32 - 2015-07-05 21:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-03 11:15 - 2010-11-30 11:03 - 00188696 _____ (EldoS Corporation) C:\windows\system32\CbFsMntNtf3.dll
2015-07-03 11:11 - 2015-07-03 11:13 - 08092672 _____ C:\Users\cathy\Downloads\JungleDiskDesktop64-3160.msi
2015-07-03 10:19 - 2015-07-03 10:19 - 00000000 _____ C:\windows\SysWOW64\sho9E2F.tmp
2015-07-03 09:18 - 2015-07-03 09:18 - 00000000 ____D C:\Users\cathy\AppData\Local\Foxit Reader
2015-07-02 21:48 - 2015-07-02 21:48 - 24184897 _____ C:\Users\cathy\Downloads\AS07518.psd
2015-07-02 16:43 - 2015-07-03 10:24 - 00000000 ____D C:\Users\cathy\AppData\Local\FlickrUploadrWindows
2015-07-02 16:43 - 2015-07-02 16:43 - 00002302 _____ C:\Users\cathy\Desktop\Flickr Uploadr.lnk
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Local\SquirrelTemp
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Local\IsolatedStorage
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Local\Flickr
2015-07-02 16:35 - 2015-07-02 16:38 - 21879792 _____ (Flickr) C:\Users\cathy\Downloads\FlickrUploadrInstallr.exe
2015-07-02 12:36 - 2015-07-02 12:37 - 08071168 _____ C:\Users\cathy\Downloads\JungleDiskWorkgroup64-3160.msi
2015-07-02 11:17 - 2015-07-02 11:17 - 00055422 _____ C:\Users\cathy\Downloads\skynews.img.1200.745.jpeg
2015-07-02 10:49 - 2015-07-02 10:49 - 00055422 _____ C:\Users\cathy\Downloads\brandi9.jpeg
2015-07-02 09:38 - 2015-07-02 10:59 - 00000000 ____D C:\Users\cathy\AppData\Roaming\JungleDisk
2015-07-02 07:50 - 2015-07-02 07:50 - 00000000 _____ C:\windows\SysWOW64\shoC2E7.tmp
2015-07-02 07:44 - 2015-07-04 12:57 - 00000000 ____D C:\ProgramData\JungleDisk
2015-07-02 07:44 - 2010-11-30 11:03 - 00321424 _____ (EldoS Corporation) C:\windows\system32\Drivers\cbfs3.sys
2015-07-02 07:44 - 2010-11-30 11:03 - 00216856 _____ (EldoS Corporation) C:\windows\SysWOW64\CbFsNetRdr3.dll
2015-07-02 07:44 - 2010-11-30 11:03 - 00155416 _____ (EldoS Corporation) C:\windows\SysWOW64\CbFsMntNtf3.dll
2015-07-02 07:44 - 2010-11-30 11:03 - 00139032 _____ (EldoS Corporation) C:\windows\system32\CbFsNetRdr3.dll
2015-07-02 00:46 - 2015-07-02 07:45 - 66318791 _____ C:\Users\cathy\Downloads\manray.psd
2015-07-01 23:35 - 2015-07-02 00:11 - 101362885 _____ C:\Users\cathy\Downloads\recliningnude.psd
2015-06-30 19:58 - 2015-06-30 19:58 - 03486714 _____ C:\Users\cathy\Downloads\brandis1.psd
2015-06-30 17:23 - 2015-06-30 17:23 - 34324423 _____ C:\Users\cathy\Downloads\a02-freu-nude-480.psd
2015-06-29 17:46 - 2015-06-29 17:48 - 66835960 _____ C:\Users\cathy\Downloads\bishopbrandis.psd
2015-06-29 10:14 - 2015-06-29 10:14 - 00000000 ____D C:\Users\cathy\Tracing
2015-06-29 09:10 - 2015-06-29 09:10 - 00001208 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-28 16:27 - 2015-06-28 16:27 - 24265898 _____ C:\Users\cathy\Downloads\CHivrYjUwAEMxO8-Recovered.psd
2015-06-28 16:27 - 2015-06-28 16:27 - 03589434 _____ C:\Users\cathy\Downloads\brandi8-Recovered.psd
2015-06-28 16:26 - 2015-06-28 16:27 - 33013966 _____ C:\Users\cathy\Downloads\rainbowdreams (1 of 1)-2-Recovered.psd
2015-06-28 16:26 - 2015-06-28 16:26 - 91236436 _____ C:\Users\cathy\Downloads\lucien.psd
2015-06-27 11:52 - 2015-06-27 11:52 - 00005127 _____ C:\Users\cathy\Downloads\bigger-rainbow.svg
2015-06-26 20:42 - 2015-06-26 20:43 - 181782766 _____ C:\Users\cathy\Downloads\4318005995_de94c07b93_o.psd
2015-06-25 21:57 - 2015-06-25 21:57 - 00000000 ____D C:\Users\Public\Foxit Software
2015-06-25 19:29 - 2015-06-26 20:42 - 368443812 _____ C:\Users\cathy\Downloads\incredible_tretchikoff_p149.psd
2015-06-25 19:29 - 2015-06-25 19:29 - 29822243 _____ C:\Users\cathy\Downloads\whatnottodo.psd
2015-06-25 19:25 - 2015-06-25 19:25 - 00087324 _____ C:\Users\cathy\Downloads\Dyslexie Regular LP120372.ttf
2015-06-25 12:14 - 2015-06-25 19:29 - 04877404 _____ C:\Users\cathy\Downloads\georgiepoohs.psd
2015-06-25 12:12 - 2015-06-25 12:13 - 03069891 _____ C:\Users\cathy\Downloads\glassesneb.psd
2015-06-24 22:21 - 2015-06-25 09:16 - 22514982 _____ C:\Users\cathy\Downloads\tinder.psd
2015-06-23 19:02 - 2015-06-23 19:02 - 00000000 ____D C:\Users\cathy\AppData\Roaming\TeamViewer
2015-06-23 18:55 - 2015-06-23 18:57 - 00000000 ____D C:\Users\cathy\Documents\soyla
2015-06-23 18:41 - 2015-06-23 18:47 - 06583840 _____ (TeamViewer) C:\Users\cathy\Downloads\TeamViewerQS.exe
2015-06-23 18:24 - 2015-06-23 18:24 - 00027101 _____ C:\Users\cathy\Downloads\brandhead.psd
2015-06-23 18:23 - 2015-06-23 18:23 - 85995522 _____ C:\Users\cathy\Downloads\Calliphora_vomitoria_Portrait (1).psd
2015-06-23 13:00 - 2015-06-23 18:24 - 05012000 _____ C:\Users\cathy\Downloads\brandisharveyoliver.psd
2015-06-21 21:35 - 2015-07-13 19:23 - 00003340 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2179533540-259808961-616636266-1000
2015-06-21 21:26 - 2015-07-13 19:23 - 00000358 _____ C:\windows\Tasks\DriverToolkit Autorun.job
2015-06-21 21:26 - 2015-06-21 21:26 - 00002714 _____ C:\windows\System32\Tasks\DriverToolkit Autorun
2015-06-21 21:12 - 2015-06-21 21:21 - 00000000 ____D C:\477cab60897483a4db4e82265c857904
2015-06-21 21:01 - 2015-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2015-06-21 21:01 - 2015-06-21 21:01 - 00000000 ____D C:\Users\cathy\AppData\Local\DriverToolkit
2015-06-21 21:00 - 2011-10-27 10:27 - 00259688 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsP2Stor.sys
2015-06-21 20:55 - 2015-06-21 20:59 - 02448688 _____ (Megaify Software ) C:\Users\cathy\Downloads\DriverToolkitInstaller.exe
2015-06-21 20:54 - 2015-06-21 20:59 - 07312448 _____ (Lenovo Group Limited ) C:\Users\cathy\Downloads\h0ss02ww.exe
2015-06-21 20:44 - 2015-05-10 04:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 03147776 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 02589184 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-06-21 20:44 - 2015-05-09 13:26 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-06-21 20:44 - 2015-05-09 13:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-06-21 20:44 - 2015-05-09 13:26 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-06-21 20:44 - 2015-05-09 13:26 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-06-21 20:44 - 2015-05-09 13:13 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-06-21 20:44 - 2015-04-28 05:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-06-21 20:44 - 2015-04-28 05:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-06-21 20:44 - 2015-04-28 05:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-06-21 20:44 - 2015-04-28 05:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-06-21 20:44 - 2015-04-28 05:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-06-21 20:44 - 2015-04-28 05:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-06-21 20:44 - 2015-04-28 05:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-06-21 20:44 - 2015-04-28 05:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-06-21 20:44 - 2015-03-14 13:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-06-21 20:44 - 2015-03-14 13:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-06-21 20:44 - 2015-03-14 13:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-06-21 20:44 - 2015-03-14 13:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-06-21 18:52 - 2015-06-21 18:52 - 21589042 _____ C:\Users\cathy\Downloads\zq1bry9.psd
2015-06-21 18:31 - 2015-06-22 00:11 - 00000000 ____D C:\Users\cathy\AppData\Roaming\DriverTurbo
2015-06-21 18:31 - 2015-06-21 18:31 - 00231952 _____ C:\Users\cathy\Downloads\DriverTurboSetup.exe
2015-06-21 18:28 - 2015-06-21 18:28 - 00008615 _____ C:\windows\Scan.ini
2015-06-21 18:23 - 2015-06-21 18:23 - 03341952 _____ (Fix-It Driver Repair ) C:\Users\cathy\Downloads\DriverRepair_signed.exe
2015-06-21 18:06 - 2015-06-21 18:07 - 10319986 _____ C:\Users\cathy\Downloads\0002-RtsXStor_6.3.370.71.zip
2015-06-21 17:24 - 2015-06-21 17:24 - 00347816 _____ (Microsoft Corporation) C:\Users\cathy\Downloads\MicrosoftFixit.Devices.Run.exe
2015-06-21 13:51 - 2015-06-21 13:51 - 00039093 _____ C:\Users\cathy\Downloads\kevinandrews.jpg-large
2015-06-21 11:33 - 2015-06-21 18:52 - 20893032 _____ C:\Users\cathy\Downloads\zardozbrandi1.psd
2015-06-21 02:09 - 2015-06-21 02:09 - 04311759 _____ C:\Users\cathy\Downloads\trogdor_the_burninator_by_blitzgraphics.psd
2015-06-21 02:09 - 2015-06-21 02:09 - 04311238 _____ C:\Users\cathy\Downloads\pythoncat.psd
2015-06-21 02:09 - 2015-06-21 02:09 - 03363124 _____ C:\Users\cathy\Downloads\70s-men-fashion-162.psd
2015-06-19 15:05 - 2015-06-19 15:05 - 32904766 _____ C:\Users\cathy\Downloads\dancer.psd
2015-06-19 01:46 - 2015-06-19 03:58 - 14273085 _____ C:\Users\cathy\Downloads\70s-men-fashion-71__700.psd
2015-06-18 23:41 - 2015-06-18 23:41 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-06-18 19:58 - 2015-06-18 19:58 - 00000000 ____D C:\Program Files\Intel
2015-06-18 19:55 - 2015-06-18 19:55 - 00000000 ____D C:\ProgramData\IntelDLM
2015-06-18 18:45 - 2015-06-18 18:45 - 00001181 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-06-18 18:45 - 2015-06-18 18:45 - 00000000 ____D C:\Users\cathy\AppData\Local\Intel
2015-06-18 18:44 - 2015-06-18 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-06-18 18:44 - 2015-06-18 18:44 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-06-18 18:42 - 2015-06-18 18:42 - 02333416 _____ (Intel) C:\Users\cathy\Downloads\Intel Driver Update Utility Installer.exe
2015-06-17 15:52 - 2015-06-17 15:52 - 368720446 _____ C:\Users\cathy\Downloads\Untitled_Panorama1-Recovered-Recovered-Recovered.psd
2015-06-17 15:51 - 2015-06-17 15:51 - 57619014 _____ C:\Users\cathy\Downloads\3646924852_98e3344898_o.psd
2015-06-17 00:26 - 2015-06-17 00:26 - 11019669 _____ C:\Users\cathy\Downloads\1988evil-Recovered.psd
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTime.qts
2015-06-16 17:22 - 2015-06-16 17:22 - 00037623 _____ C:\Users\cathy\Downloads\nakedmolerat.jpg-large
2015-06-15 01:31 - 2015-06-15 01:31 - 00000000 ____D C:\Program Files (x86)\GUME059.tmp
2015-06-15 01:06 - 2015-06-15 01:06 - 04426372 _____ C:\Users\cathy\Downloads\vallotton.psd
2015-06-14 22:52 - 2015-06-14 22:52 - 11988725 _____ C:\Users\cathy\Downloads\brandisdeer.psd
2015-06-14 12:02 - 2015-06-14 12:02 - 00025930 _____ C:\Users\cathy\Downloads\glasses.psd
2015-06-14 12:00 - 2015-06-14 12:00 - 09695428 _____ C:\Users\cathy\Downloads\ifireout.psd
2015-06-14 02:30 - 2015-06-14 02:30 - 03111220 _____ C:\Users\cathy\Downloads\puppetry.psd
2015-06-14 02:09 - 2015-06-14 02:09 - 00041382 _____ C:\Users\cathy\Downloads\puppetry.jpeg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-14 07:56 - 2014-03-14 14:46 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 07:37 - 2014-03-31 00:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 07:12 - 2012-12-08 01:07 - 01832809 _____ C:\windows\WindowsUpdate.log
2015-07-14 02:00 - 2014-03-14 19:33 - 00000000 ____D C:\Users\cathy\AppData\Local\Adobe
2015-07-14 00:42 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 00:42 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 23:57 - 2009-07-14 15:13 - 00782228 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-13 19:33 - 2014-03-14 12:43 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Toshiba
2015-07-13 19:33 - 2013-04-26 12:24 - 00000000 ____D C:\Users\cathy\Documents\Bluetooth
2015-07-13 19:30 - 2015-04-11 21:51 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-07-13 19:30 - 2015-04-11 21:51 - 00001148 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-07-13 19:29 - 2011-04-07 23:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-13 19:25 - 2015-02-24 18:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-13 19:25 - 2014-05-20 12:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-13 19:23 - 2015-03-12 07:23 - 00003206 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2179533540-259808961-616636266-1000
2015-07-13 19:23 - 2014-03-14 14:46 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 19:05 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-12 22:07 - 2015-06-09 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 02:44 - 2014-05-15 21:44 - 00015068 _____ C:\Users\cathy\Documents\Database.kdb
2015-07-12 00:22 - 2014-03-24 07:53 - 00000000 ____D C:\Users\cathy\AppData\Local\CrashDumps
2015-07-10 00:44 - 2014-03-31 00:43 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-10 00:44 - 2014-03-31 00:43 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 00:44 - 2014-03-31 00:43 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 00:43 - 2015-02-06 04:37 - 18510000 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-08 00:31 - 2009-07-14 13:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-06 18:35 - 2015-04-12 17:37 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-06 18:35 - 2014-03-14 21:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-04 14:54 - 2011-04-07 23:06 - 00000000 ____D C:\ProgramData\Adobe
2015-07-03 07:37 - 2014-03-17 13:03 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-02 14:00 - 2014-03-14 12:41 - 00000000 ____D C:\Users\cathy\AppData\Local\TOSHIBA
2015-07-02 14:00 - 2012-12-08 01:24 - 00000000 ____D C:\ProgramData\TOSHIBA
2015-07-02 07:52 - 2009-07-14 14:45 - 05145744 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-02 07:51 - 2014-03-14 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 07:47 - 2014-03-31 22:26 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Skype
2015-06-29 10:14 - 2014-03-14 12:41 - 00000000 ____D C:\Users\cathy
2015-06-29 09:13 - 2012-12-08 01:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-29 09:13 - 2012-12-08 01:44 - 00000000 ____D C:\ProgramData\Skype
2015-06-29 09:10 - 2015-05-20 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-29 09:10 - 2014-03-21 23:33 - 00000000 ____D C:\Users\cathy\AppData\Local\Thunderbird
2015-06-29 09:10 - 2014-03-14 19:39 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-27 01:23 - 2014-03-17 13:03 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-06-26 10:01 - 2014-06-04 11:46 - 00003830 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1394789486
2015-06-26 10:01 - 2014-03-14 19:31 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-26 09:40 - 2014-11-04 11:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 19:43 - 2014-03-14 12:42 - 00135400 _____ C:\Users\cathy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-24 07:57 - 2014-12-27 15:55 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 18:59 - 2014-03-05 12:34 - 00000000 ____D C:\Users\cathy\Documents\Exergy
2015-06-23 18:58 - 2013-10-08 22:06 - 00000000 ____D C:\Users\cathy\Documents\Serial Numbers
2015-06-23 18:46 - 2015-04-11 18:11 - 00001205 _____ C:\Users\cathy\Desktop\Exposure 5.lnk
2015-06-23 13:30 - 2010-11-21 13:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-06-22 15:39 - 2009-07-14 13:20 - 00000000 ____D C:\windows\rescache
2015-06-22 00:39 - 2014-03-22 17:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-22 00:39 - 2014-03-14 19:42 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2015-06-21 21:30 - 2009-07-14 13:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-21 21:00 - 2012-12-08 01:23 - 00000000 ____D C:\windows\SysWOW64\sda
2015-06-21 21:00 - 2012-12-08 01:15 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-15 01:22 - 2014-03-14 12:45 - 00000000 ____D C:\Users\cathy\AppData\Local\Google
2015-06-14 12:00 - 2015-06-13 20:28 - 27572262 _____ C:\Users\cathy\Downloads\brandisarama.psd
 
==================== Files in the root of some directories =======
 
2014-04-27 18:30 - 2014-06-06 16:07 - 0000132 _____ () C:\Users\cathy\AppData\Roaming\Adobe PNG Format CC Prefs
2014-04-19 00:06 - 2014-04-19 00:06 - 0000132 _____ () C:\Users\cathy\AppData\Roaming\Adobe Targa Format CC Prefs
2014-09-19 22:03 - 2015-03-30 13:59 - 0001456 _____ () C:\Users\cathy\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-11-22 18:17 - 2014-11-22 18:17 - 0008571 _____ () C:\Users\cathy\AppData\Local\recently-used.xbel
2014-04-29 04:37 - 2014-04-29 04:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-08 01:30 - 2012-12-08 01:30 - 0000108 _____ () C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-22 15:29
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by cathy at 2015-07-14 07:59:12
Running from C:\Users\cathy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2179533540-259808961-616636266-500 - Administrator - Disabled)
cathy (S-1-5-21-2179533540-259808961-616636266-1000 - Administrator - Enabled) => C:\Users\cathy
Guest (S-1-5-21-2179533540-259808961-616636266-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.1.0 - Adobe Systems Incorporated)
Adobe Edge Animate CC (HKLM-x32\...\{1C5E96F4-6F15-4A96-BF62-9D1F60B44FF1}) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{641F742F-1497-51B4-F481-1037096A90A0}) (Version: 0.97 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM\...\{4CBD2327-FA4C-4D42-8903-CE1E96FE0FBF}) (Version: 0.37.15833 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.2 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Alien Skin Blow Up 3 (HKLM\...\Alien Skin Blow Up 3) (Version:  - Alien Skin)
Alien Skin Bokeh 2 (HKLM\...\Alien Skin Bokeh 2) (Version:  - Alien Skin)
Alien Skin Exposure 5 (HKLM\...\Alien Skin Exposure 5) (Version:  - Alien Skin)
Alien Skin Snap Art 4 (HKLM\...\Alien Skin Snap Art 4) (Version:  - Alien Skin)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Corel Digital Studio SE (HKLM-x32\...\_{E185BD5C-0E10-479F-AF44-63D3A068446A}) (Version: 1.5.10.355 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.855 - Corel Inc.)
CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 7.1.5131 - CyberLink Corp.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2718 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceIO (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
DFPro (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version:  - SEIKO EPSON Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.70.0000 - EPSON)
Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version:  - GTgroup) <==== ATTENTION
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flickr Uploadr for Windows (HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\FlickrUploadrWindows) (Version: 0.9.90.246 - Flickr)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 5.25 (HKLM-x32\...\Glary Utilities 5) (Version: 5.25.0.44 - Glarysoft Ltd)
Gmail Backup (HKLM-x32\...\gmailbackup) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ICA (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2274 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPM_OEM (x32 Version: 1.53 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
ISCOM (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle Disk Desktop (HKLM\...\{4837C529-3700-5555-95FC-80C653003160}) (Version: 3.16 - Jungle Disk)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
Label@Once 1.0 (x32 Version: 1.0 - Corel) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7277 - Paramount Software (UK) Ltd.) Hidden
MC782ML_MC582ML (HKLM\...\{CEA241FD-11FF-442B-BDCA-DAB9E7AE2109}) (Version: 6.111.16 - YUAN)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.69 - Corel Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Thunderbird 34.0 (x86 en-US) (HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Mozilla Thunderbird 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NextWindow DesktopTouch Driver Package (HKLM\...\{4ED0CEF7-8AD7-45E3-B200-02BD6523ACAB}) (Version: 1.1.004 - NextWindow)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.9 - Google)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.1 - Notepad++ Team)
Nuvoton CIR Device Drivers (HKLM-x32\...\{46851691-3C64-4C14-ABD8-179AE8801F55}) (Version: 8.60.2004 - Nuvoton Technology Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PureHD (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Setup (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share64 (Version: 1.5.10.355 - Corel Corporation) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.0.20.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9.TA for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{DCB09C9D-2250-42E0-AE55-83A505467941}) (Version: 1.3.0.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{16D3A547-A165-4878-9A04-492BB7F56BAC}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8.TA - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.1 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.2 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.6.64.TA - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.20.64 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM-x32\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{8C876A25-6842-4569-9900-E5D696135E30}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64WW - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.4.59-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.2 - TOSHIBA Corporation)
Toshiba Wireless HID driver (HKLM-x32\...\{A190562C-BD9C-49CD-8C52-944A5256062E}) (Version: 1.00.003 - TOSHIBA Corporation)
VIO (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cathy\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
19-05-2015 20:15:08 Installed Foxit PhantomPDF Standard
20-05-2015 08:31:31 Windows Update
23-05-2015 09:43:06 Windows Update
27-05-2015 08:19:03 Windows Update
30-05-2015 09:17:09 Windows Update
03-06-2015 20:42:47 Windows Update
06-06-2015 03:00:28 Windows Update
09-06-2015 19:04:37 Windows Update
11-06-2015 03:00:27 Windows Update
15-06-2015 01:27:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
15-06-2015 01:29:39 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-06-2015 05:34:11 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
15-06-2015 05:34:37 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-06-2015 05:35:19 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
15-06-2015 05:36:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
17-06-2015 08:49:47 Windows Update
18-06-2015 18:43:46 Intel® Driver Update Utility
18-06-2015 23:41:03 Checkpoint by HitmanPro
22-06-2015 00:24:06 Removed Foxit PhantomPDF Standard
24-06-2015 08:07:47 Windows Update
01-07-2015 10:18:58 Windows Update
02-07-2015 07:42:29 Installed Jungle Disk Workgroup
03-07-2015 11:10:20 Removed Jungle Disk Workgroup
03-07-2015 11:14:42 Installed Jungle Disk Desktop
04-07-2015 12:12:31 Removed Jungle Disk Desktop
04-07-2015 12:56:53 Installed Jungle Disk Desktop
07-07-2015 17:07:04 Windows Update
11-07-2015 12:22:38 Windows Update
13-07-2015 21:40:49 Malwarebytes Anti-Rootkit Restore Point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0417C7B4-F623-4EE5-8A1B-F65F8D726305} - System32\Tasks\AdobeAAMUpdater-1.0-cathy-PC-cathy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {0BB64CA8-6A04-42BB-BBCD-D6DBA9B6A681} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {117C28A4-2293-4F93-9082-34AFCE850209} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {171CBF55-21FB-4710-AC0D-1BC4FCA74F27} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {2AAC455F-947D-4989-870E-A5BCBA3BC2AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-24] (Piriform Ltd)
Task: {2B83173A-DDB4-44B0-8B49-AC95718B8899} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {354E83D8-8D26-4D6F-8697-D59F6C689CBF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2179533540-259808961-616636266-1000
Task: {410AA705-84DA-43E3-BC2D-2AD18DB8429A} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-11] (Glarysoft Ltd)
Task: {52490383-0F9B-46E4-8E4C-BBD145FC6DC5} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {83AD2D06-29B0-4D54-85C8-FBE1A820A340} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {87ACB28C-6F7C-4D97-92B4-D62337C70222} - System32\Tasks\Opera scheduled Autoupdate 1394789486 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {8986469F-BD9D-4565-B9FF-D835F8FF26F2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2179533540-259808961-616636266-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AAFB1BE8-9213-40B2-98B6-E07A871EC36B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2179533540-259808961-616636266-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B8626403-EFFB-4FBF-8DD9-8461A12D2843} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {B98026DC-3185-4B31-9744-57A98151403D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {B9F7CFDE-398E-41E6-AE9C-627D8A16A6E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {CE1D0A00-2DC0-46DE-8BBC-245324E030D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {CF55D1A9-28CD-470C-A0BE-3678F16A4980} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-11] (Glarysoft Ltd)
Task: {E2E9951D-A8F8-4727-9C49-B284A0F988CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {F11425C7-A5C8-4CD0-BD3F-34B83C8038E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {F94AFBA5-F5E4-4AE3-840D-E907FC5152D6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-04 11:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-03-04 11:25 - 2011-03-04 11:25 - 00260096 _____ () C:\Program Files\Jungle Disk Desktop\monitor_images.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-05-16 14:25 - 2011-05-16 14:25 - 00030064 _____ () c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
2015-07-13 19:28 - 2015-06-13 14:17 - 00803488 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-17 06:02 - 2015-01-28 01:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-14 19:34 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-04-16 06:13 - 2015-04-16 06:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-12-30 05:32 - 2010-12-30 05:32 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-19 11:18 - 2010-11-19 11:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-16 09:19 - 2010-12-16 09:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-03-30 17:18 - 2011-03-30 17:18 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-07-13 19:28 - 2015-06-13 14:16 - 31404192 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-06-19 04:09 - 2015-06-19 04:09 - 00155824 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
2015-07-08 05:07 - 2015-07-07 14:12 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 05:07 - 2015-07-07 14:12 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-08 05:07 - 2015-07-07 14:12 - 28520264 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
2015-05-18 01:22 - 2015-05-18 01:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-18 01:22 - 2015-05-18 01:22 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-13 18:30 - 2015-07-13 18:30 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071300\algo.dll
2015-07-14 03:34 - 2015-07-14 03:34 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071301\algo.dll
2015-04-10 00:37 - 2015-04-10 00:37 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-18 18:53 - 2015-06-18 18:53 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00121856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00122880 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-07-13 19:29 - 2015-06-09 22:36 - 36732592 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-05-20 10:47 - 2015-06-09 05:23 - 00153712 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-20 10:47 - 2015-06-09 05:23 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\cathy\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2179533540-259808961-616636266-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\cathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 103.250.185.113 - 106.186.22.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{177B3DE6-535D-4B96-84EB-BE9C96BDD428}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe
FirewallRules: [{E694F583-5C86-4EAE-AFE0-DDD8CB0BDEE0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\PCMService.exe
FirewallRules: [{C01C0272-0870-400D-94CB-F11B4392DCA8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{27BD3F2C-ABF5-414B-98EE-F1F1071A59A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe
FirewallRules: [{A35095AC-F8EE-4390-9562-6A5A655B93DD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7510B41F-5C71-4055-B1F0-99334FAD0F5A}] => (Allow) LPort=2869
FirewallRules: [{8C8A0F0D-1617-4252-80CC-E49902EF95E8}] => (Allow) LPort=1900
FirewallRules: [{38D91123-AB6D-47F4-BA36-82EDB54A44A6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2A73F262-6EE3-494F-AF78-CEE188103B38}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{50D9C5F0-13B7-417D-BBB7-8588C4904396}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C2E1B8A-BC3C-422A-AD4C-F5F8E67C1865}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AD580D4-62D2-4BEF-AAB3-59D3D970CF1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CB84FAF-572C-4E78-9200-B4125E451F20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B664897-CD3A-4F1F-B32C-A135C6864731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B1EBCCFA-C9F6-4024-B666-FCF684BA8731}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Edge Inspect CC\EdgeInspect.exe
FirewallRules: [{03C52D80-5450-45D4-81A9-35C30378F6B3}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{8C17C081-CCC9-43E8-A6B9-30275F981701}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{EC974789-0E4D-4859-968F-82C9A8B6437C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{3E171214-BD51-40E9-B21A-A03BCE72B0E1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{08D765E6-7DFC-4B9A-A168-6B7901A57656}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{FD56BDEB-9055-4B2E-BFA2-B5F62CA178A1}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0E30\HPDiagnosticCoreUI.exe
FirewallRules: [{3E2AAD1A-646D-4BAF-82DF-203E4579714D}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0E30\HPDiagnosticCoreUI.exe
FirewallRules: [{DD3871F9-AE77-4876-9513-6D397316EFA8}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0FB1\HPDiagnosticCoreUI.exe
FirewallRules: [{22BF19A7-0DF3-4672-AD58-290DBFA89655}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0FB1\HPDiagnosticCoreUI.exe
FirewallRules: [{14CDA79F-D180-4996-89D0-E4DA9BC0B37E}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS150D\HPDiagnosticCoreUI.exe
FirewallRules: [{1E8D9282-ACE4-4D6E-BBF9-A54F3A923F08}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS150D\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{C6DCA3C2-C081-405B-B073-490F6E2D6C96}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{93146D0F-F83E-4D92-A9A4-FFE2A09F5AE4}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{3C5CE552-A9DA-4D73-B4B4-A44166EAF364}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2E589634-DE1B-4087-ABE8-A946D73D0A65}] => (Allow) C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F7886C6C-6512-452F-9E86-9A12A5E990AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD65BCFF-9AD5-4A8B-9BA6-FBB5B04ECAED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{724E3B4F-4CE1-4CF8-A201-47C3D59B4376}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6B79BB4A-1540-4E19-921D-994CF0C14EED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E4FCD116-49AB-4E23-8166-EF47F818ACBA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1CEE49B2-DB1D-49E9-9F86-BE2C73193F7F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{29032129-F760-4ACC-BF66-94638F1C4E75}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5A5C1644-4A73-484F-B76E-8CD638B978F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2015 07:05:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 09:26:26 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:26 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:11 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:272 S3Request::WriteFile
   via LockingStorageRequest.h:54 LockingStorageRequest<class S3Request>::WriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:26:18 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:18 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:03 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:591 S3Request::DeleteFileW
   via LockingStorageRequest.h:67 LockingStorageRequest<class S3Request>::DeleteFileW
   via JungleDiskAdv.cpp:786 JungleDiskAdv::NetworkWriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:59 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:59 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:44 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:54 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:54 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:39 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:07 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:07 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:52 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BC02019E9863E565A01359491BE54DB468FF63A4ED602D8F036870739EAEEE0714F8CCA88000D38F3803E1E5D4C5493B;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:00 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:00 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:45 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6D436AC61B2EE8DB543592EC54D3E943A9BE90749A1E52587AC2ED2DFDE1CB4D35C1B58DB5089A3F2D835AA76800514BE;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:57 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:57 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:42 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6ADDADD27BC7FFBC92CB8BBE48D14D2703BA2FE3D4A5BC62F081C89AE67B685DEF5B4AC73B6E174C9E892EB52B339E3EA;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:44 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tracey.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:44 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:30 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BC02019E9863E565A01359491BE54DB468FF63A4ED602D8F036870739EAEEE0714F8CCA88000D38F3803E1E5D4C5493B;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:37 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tracey.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:37 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:22 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6D436AC61B2EE8DB543592EC54D3E943A9BE90749A1E52587AC2ED2DFDE1CB4D35C1B58DB5089A3F2D835AA76800514BE;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
 
System errors:
=============
Error: (07/13/2015 07:24:16 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/13/2015 07:24:15 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/03/2015 04:30:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (07/03/2015 10:27:43 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (07/02/2015 07:57:57 AM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (07/02/2015 07:57:57 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
 
Error: (07/02/2015 07:38:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.
 
Error: (07/01/2015 04:56:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (06/30/2015 04:40:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (06/29/2015 03:32:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.
 
 
Microsoft Office:
=========================
Error: (07/13/2015 07:05:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 09:26:26 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:26 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:11 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:272 S3Request::WriteFile
   via LockingStorageRequest.h:54 LockingStorageRequest<class S3Request>::WriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:26:18 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:18 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:03 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:591 S3Request::DeleteFileW
   via LockingStorageRequest.h:67 LockingStorageRequest<class S3Request>::DeleteFileW
   via JungleDiskAdv.cpp:786 JungleDiskAdv::NetworkWriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:59 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:59 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:44 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:54 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:54 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:39 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:07 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:07 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:52 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BC02019E9863E565A01359491BE54DB468FF63A4ED602D8F036870739EAEEE0714F8CCA88000D38F3803E1E5D4C5493B;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:00 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:00 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:45 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6D436AC61B2EE8DB543592EC54D3E943A9BE90749A1E52587AC2ED2DFDE1CB4D35C1B58DB5089A3F2D835AA76800514BE;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:57 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:57 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:42 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6ADDADD27BC7FFBC92CB8BBE48D14D2703BA2FE3D4A5BC62F081C89AE67B685DEF5B4AC73B6E174C9E892EB52B339E3EA;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:44 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tracey.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:44 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:30 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BC02019E9863E565A01359491BE54DB468FF63A4ED602D8F036870739EAEEE0714F8CCA88000D38F3803E1E5D4C5493B;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:37 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tracey.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:37 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:22 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6D436AC61B2EE8DB543592EC54D3E943A9BE90749A1E52587AC2ED2DFDE1CB4D35C1B58DB5089A3F2D835AA76800514BE;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 8139.86 MB
Available physical RAM: 5081.21 MB
Total Virtual: 16277.93 MB
Available Virtual: 13008.02 MB
 
==================== Drives ================================
 
Drive c: (S3A5216D002) (Fixed) (Total:917.96 GB) (Free:303.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HD-E1) (Fixed) (Total:931.51 GB) (Free:838.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 642E09BB)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=17)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 49F4E1E1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 AM

Posted 14 July 2015 - 02:15 AM

Hi there,

Step 1

Please open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 cathyb9

cathyb9
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 14 July 2015 - 02:33 AM

Here's the first

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.07.13.01
  rootkit: v2015.07.10.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
cathy :: CATHY-PC [administrator]
 
13/07/2015 9:00:09 PM
mbar-log-2015-07-13 (21-00-09).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 389376
Time elapsed: 26 minute(s), 8 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot. [cb7abe23ddad221419a77946d52d3ec2]
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
and the second
 
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.07.13.02
  rootkit: v2015.07.10.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
cathy :: CATHY-PC [administrator]
 
13/07/2015 10:39:10 PM
mbar-log-2015-07-13 (22-39-10).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 389304
Time elapsed: 25 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
and system-log.txt
 
alwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17843
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8535261184, free: 3796537344
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17843
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8535261184, free: 3881684992
 
Downloaded database version: v2015.07.13.01
Downloaded database version: v2015.07.10.01
Downloaded database version: v2015.07.01.02
=======================================
Initializing...
------------ Kernel report ------------
     07/13/2015 20:59:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdisFlt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\windows\System32\drivers\GUBootStartup.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\windows\system32\drivers\cbfs3.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\nuvotonir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\NWVoltron.sys
\SystemRoot\system32\DRIVERS\NWTransLibV.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\system32\DRIVERS\MTConfig.sys
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\system32\drivers\DFKBfilter.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\drivers\DFMousefilter.sys
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\system32\drivers\cxRDU253S.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.07.13.01
  rootkit: v2015.07.10.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008186790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80081862c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008186790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f70050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 642E09BB
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 1925111808
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1928185856  Numsec = 25337856
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b1cc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1ccb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1cc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b181670, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3864D939
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 8192  Numsec = 7800832
    Partition file system is FAT32
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 3998220288 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b1cd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1cdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1cd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1ca1a0, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b1ce060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1ceb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1ce060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1c6060, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b1cf060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1cfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1cf060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1c6b60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AE3818A03441B775E71C456F7A98959204A791BE.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AE3818A03441B775E71C456F7A98959204A791BE.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\Grimefighter.log" is compressed (flags = 1)
Infected: C:\ProgramData\374311380 --> [Rogue.Multiple]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1928185856-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-8192-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17843
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8535261184, free: 3851841536
 
Downloaded database version: v2015.07.13.02
Host not found
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17843
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8535261184, free: 3867533312
 
Downloaded database version: v2015.07.13.02
Downloaded database version: v2015.07.10.01
Downloaded database version: v2015.07.01.02
=======================================
Initializing...
------------ Kernel report ------------
     07/13/2015 22:38:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdisFlt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\windows\System32\drivers\GUBootStartup.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\windows\system32\drivers\cbfs3.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\nuvotonir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\NWVoltron.sys
\SystemRoot\system32\DRIVERS\NWTransLibV.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\system32\DRIVERS\MTConfig.sys
\SystemRoot\system32\DRIVERS\tosrfusb.sys
\SystemRoot\system32\drivers\DFKBfilter.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\drivers\DFMousefilter.sys
\SystemRoot\system32\DRIVERS\tosrfbd.sys
\SystemRoot\system32\drivers\cxRDU253S.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\Tosrfhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.07.13.02
  rootkit: v2015.07.10.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008186790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80081862c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008186790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007f70050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 642E09BB
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 1925111808
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1928185856  Numsec = 25337856
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b1cc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1ccb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1cc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b181670, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3864D939
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 8192  Numsec = 7800832
    Partition file system is FAT32
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 3998220288 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b1cd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1cdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1cd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1ca1a0, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b1ce060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1ceb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1ce060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1c6060, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b1cf060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b1cfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b1cf060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1c6b60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AE3818A03441B775E71C456F7A98959204A791BE.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-AE3818A03441B775E71C456F7A98959204A791BE.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\Grimefighter.log" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1928185856-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-8192-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 AM

Posted 14 July 2015 - 02:41 AM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 cathyb9

cathyb9
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 14 July 2015 - 04:39 AM

Thanks - I ran Combofix successfully, with some problems.

 

Firstly, there was an error:

 

     Unable to create a backup of the current registry file

     C:\Windows\System32\config\SYSTEM !

 

     Continue restoration of this file?

 

It would not accept Yes, so I ended up saying "No". 

 

Secondly, after it ran the scans, it restarted (as normal) but then as it was creating the log, Hitman Pro started (I had forgotten I'd set it to run on each restart). I'm not sure whether that effected anything.

 

Anyway, here is the log: 

 

ComboFix 15-07-12.01 - cathy 14/07/2015  17:56:11.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8140.5160 [GMT 10:00]
Running from: c:\users\cathy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Fast And Safe
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0\27
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0\28
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\_metadata\computed_hashes.json
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\_metadata\verified_contents.json
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\background.html
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\crossriderManifest.json
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\icons\actions\1.png
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\icons\icon128.png
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\icons\icon16.png
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\icons\icon48.png
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\chrome.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\cookie.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\message.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\background.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\extension.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\background.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\app_api.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\async_api.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\bg_app_api.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\cookie_store.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\crossriderAPI.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\data_store.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\delegate.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\events.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\installer.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\logging.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\onBGDocumentLoad.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\popupResource\newPopup.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\popupResource\popup.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\reports.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\util.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\xhr.js
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\manifest.json
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\popup.html
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0.localstorage-journal
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0.localstorage
c:\users\cathy\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\cathy\Documents\~WRL2697.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-14 to 2015-07-14  )))))))))))))))))))))))))))))))
.
.
2015-07-14 08:05 . 2015-07-14 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-13 21:57 . 2015-07-13 22:00 -------- d-----w- C:\FRST
2015-07-13 11:00 . 2015-07-13 11:00 -------- d-----w- c:\programdata\Malwarebytes
2015-07-13 10:59 . 2015-07-13 13:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-13 10:59 . 2015-07-13 12:38 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-13 10:09 . 2015-07-13 11:48 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-13 09:04 . 2015-07-13 09:04 0 ----a-w- c:\windows\SysWow64\shoA7DC.tmp
2015-07-11 14:32 . 2015-07-11 14:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{373FF5DC-5CAA-4D52-8F2B-4EBFFDA39E68}\offreg.3264.dll
2015-07-11 02:23 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{373FF5DC-5CAA-4D52-8F2B-4EBFFDA39E68}\mpengine.dll
2015-07-06 08:35 . 2015-07-06 08:35 -------- d-----w- c:\program files (x86)\iTunes
2015-07-06 08:35 . 2015-07-06 08:35 -------- d-----w- c:\program files\iPod
2015-07-06 08:35 . 2015-07-06 08:36 -------- d-----w- c:\program files\iTunes
2015-07-05 11:32 . 2015-07-05 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-05 11:32 . 2015-07-05 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-05 11:32 . 2015-07-05 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-05 11:32 . 2015-07-05 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-05 11:32 . 2015-07-05 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-05 11:32 . 2015-07-05 11:32 -------- d-----w- c:\program files (x86)\QuickTime
2015-07-04 02:57 . 2015-07-04 02:57 -------- d-----w- c:\program files\Jungle Disk Desktop
2015-07-03 01:15 . 2010-11-30 01:03 188696 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
2015-07-03 00:19 . 2015-07-03 00:19 0 ----a-w- c:\windows\SysWow64\sho9E2F.tmp
2015-07-02 23:18 . 2015-07-02 23:18 -------- d-----w- c:\users\cathy\AppData\Local\Foxit Reader
2015-07-02 08:40 . 2015-07-02 12:19 -------- d-----w- C:\2015-06-28 Rosie pre-France etc
2015-07-02 06:43 . 2015-07-02 06:43 -------- d-----w- c:\users\cathy\AppData\Local\IsolatedStorage
2015-07-02 06:43 . 2015-07-02 06:43 -------- d-----w- c:\users\cathy\AppData\Local\Flickr
2015-07-02 06:43 . 2015-07-02 06:43 -------- d-----w- c:\users\cathy\AppData\Local\SquirrelTemp
2015-07-01 23:38 . 2015-07-02 00:59 -------- d-----w- c:\users\cathy\AppData\Roaming\JungleDisk
2015-07-01 21:50 . 2015-07-01 21:50 0 ----a-w- c:\windows\SysWow64\shoC2E7.tmp
2015-07-01 21:44 . 2015-07-04 02:57 -------- d-----w- c:\programdata\JungleDisk
2015-07-01 21:44 . 2010-11-30 01:03 155416 ----a-w- c:\windows\SysWow64\CbFsMntNtf3.dll
2015-07-01 21:44 . 2010-11-30 01:03 321424 ----a-w- c:\windows\system32\drivers\cbfs3.sys
2015-07-01 21:44 . 2010-11-30 01:03 216856 ----a-w- c:\windows\SysWow64\CbFsNetRdr3.dll
2015-07-01 21:44 . 2010-11-30 01:03 139032 ----a-w- c:\windows\system32\CbFsNetRdr3.dll
2015-06-29 00:14 . 2015-06-29 00:14 -------- d-----w- c:\users\cathy\Tracing
2015-06-25 11:57 . 2015-06-25 11:57 -------- d-----w- c:\users\Public\Foxit Software
2015-06-23 09:02 . 2015-06-23 09:02 -------- d-----w- c:\users\cathy\AppData\Roaming\TeamViewer
2015-06-21 11:12 . 2015-06-21 11:21 -------- d-----w- C:\477cab60897483a4db4e82265c857904
2015-06-21 11:01 . 2015-06-21 11:01 -------- d-----w- c:\users\cathy\AppData\Local\DriverToolkit
2015-06-21 11:01 . 2015-06-21 12:51 -------- d-----w- c:\program files (x86)\DriverToolkit
2015-06-21 11:00 . 2011-10-27 00:27 259688 ----a-w- c:\windows\system32\drivers\RtsP2Stor.sys
2015-06-21 11:00 . 2015-06-21 11:00 -------- d-----w- C:\DRIVERS
2015-06-21 08:31 . 2015-06-21 14:11 -------- d-----w- c:\users\cathy\AppData\Roaming\DriverTurbo
2015-06-18 13:41 . 2015-06-18 13:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-06-18 09:58 . 2015-06-18 09:58 -------- d-----w- c:\program files\Intel
2015-06-18 09:55 . 2015-06-18 09:55 -------- d-----w- c:\programdata\IntelDLM
2015-06-18 08:45 . 2015-06-18 08:45 -------- d-----w- c:\users\cathy\AppData\Local\Intel
2015-06-18 08:44 . 2015-06-18 08:44 -------- d-----w- c:\program files (x86)\Intel Driver Update Utility
2015-06-16 14:23 . 2015-06-16 14:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-06-16 14:23 . 2015-06-16 14:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-06-14 15:31 . 2015-06-14 15:31 -------- d-----w- c:\program files (x86)\GUME059.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-09 14:44 . 2014-03-30 14:43 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-09 14:44 . 2014-03-30 14:43 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 14:43 . 2015-02-05 18:37 18510000 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-06-26 15:23 . 2014-03-17 03:03 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-23 03:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-10 17:02 . 2014-03-19 12:54 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-10 13:08 . 2015-06-10 13:08 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2015-06-10 13:08 . 2015-06-10 13:08 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2015-06-01 19:16 . 2015-06-10 08:32 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-05-27 14:35 . 2015-06-10 08:32 24917504 ----a-w- c:\windows\system32\mshtml.dll
2015-05-25 18:24 . 2015-06-10 08:29 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-10 08:29 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-10 08:29 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-10 08:29 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 08:29 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 08:29 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 08:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 08:29 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 08:29 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 08:29 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-10 08:29 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 08:29 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-10 08:29 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-10 08:29 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-10 08:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 08:29 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 08:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 08:29 28160 ----a-w- c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-10 08:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-10 08:29 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-10 08:29 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-10 08:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 08:29 728576 ----a-w- c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-10 08:29 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 08:29 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:19 . 2015-06-10 08:29 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-25 18:18 . 2015-06-10 08:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 08:29 22016 ----a-w- c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-10 08:29 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 08:29 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 08:29 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 08:29 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 08:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 08:29 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 08:29 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 08:29 31232 ----a-w- c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-10 08:29 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 08:29 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-10 08:29 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-10 08:29 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-10 08:29 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-10 08:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 08:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:29 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-10 08:29 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 08:29 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 08:29 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 08:29 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-10 08:29 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-10 08:29 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 08:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 08:29 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 08:29 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 08:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-10 08:29 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-10 08:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 08:29 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-10 08:29 551424 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-10 08:29 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-10 08:29 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 08:29 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 08:29 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-04 02:28 233128 ----a-w- c:\users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-04 02:28 233128 ----a-w- c:\users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-04 02:28 233128 ----a-w- c:\users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 01:03 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-05-11 37152]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" [2015-03-16 867488]
"FlickrUploadr"="c:\users\cathy\AppData\Local\FlickrUploadrWindows\Update.exe" [2015-06-30 1498608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TiltMouse"="c:\windows\TiltMouseAPP.exe" [2011-02-18 118272]
"AIOKBApp"="c:\windows\AIOKBApp.exe" [2010-06-28 114176]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-11 1298816]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2011-03-11 714104]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-17 5515496]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-07-02 2303152]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2015-03-16 1851040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 271744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-06-16 421888]
.
c:\users\cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN21V33HK605HW;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-3-3 2745760]
Jungle Disk Desktop.lnk - c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [2011-5-17 9761096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * 
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 JungleDiskService;JungleDiskService;c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe;c:\program files\Jungle Disk Desktop\JungleDiskMonitor.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CXPOLARIS;YUAN Polaris Hybrid TV AVS Video Capture;c:\windows\system32\drivers\cxRDU253S.sys;c:\windows\SYSNATIVE\drivers\cxRDU253S.sys [x]
S3 DFKBfilter;Darfon KB Filter Driver;c:\windows\system32\drivers\DFKBfilter.sys;c:\windows\SYSNATIVE\drivers\DFKBfilter.sys [x]
S3 DFMousefilter;Darfon Mouse Filter Driver;c:\windows\system32\drivers\DFMousefilter.sys;c:\windows\SYSNATIVE\drivers\DFMousefilter.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotonir.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 14:44]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14 04:46]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14 04:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-04 02:28 260776 ----a-w- c:\users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-04 02:28 260776 ----a-w- c:\users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-04 02:28 260776 ----a-w- c:\users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-05-28 10:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-05-28 10:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-05-28 10:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-17 15:22 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 01:03 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDisk1_Complete]
@="{78061A12-1E91-4446-8B65-8ED2FF328D4A}"
[HKEY_CLASSES_ROOT\CLSID\{78061A12-1E91-4446-8B65-8ED2FF328D4A}]
2011-03-04 01:26 1072640 ----a-w- c:\program files\Jungle Disk Desktop\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDisk2_InProgress]
@="{700AD13D-E86F-41C9-9A8F-39B4C438806F}"
[HKEY_CLASSES_ROOT\CLSID\{700AD13D-E86F-41C9-9A8F-39B4C438806F}]
2011-03-04 01:26 1072640 ----a-w- c:\program files\Jungle Disk Desktop\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDisk3_Conflicted]
@="{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}"
[HKEY_CLASSES_ROOT\CLSID\{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}]
2011-03-04 01:26 1072640 ----a-w- c:\program files\Jungle Disk Desktop\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-28 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-28 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-28 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11663464]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-14 2186856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-03-30 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-05-25 500936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-06-29 170280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{176601B3-85C8-422C-9C39-A43F750429D7}: NameServer = 54.252.183.4,54.252.183.5
TCP: Interfaces\{176601B3-85C8-422C-9C39-A43F750429D7}\4505054374F5038373241424: NameServer = 54.252.183.4,54.252.183.5
TCP: Interfaces\{83450532-37F7-4835-B16C-3423AE7B1C36}: NameServer = 103.250.185.113,106.186.22.8
FF - ProfilePath - c:\users\cathy\AppData\Roaming\Mozilla\Firefox\Profiles\oo00a00y.default-1404706481116\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TosTogKeyMon - c:\program files (x86)\TOSHIBA\FlashCards\TosTogKeyMon.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} - c:\progra~3\FASTAN~1\FASTAN~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-D858-CRH9-CE1E-KCB4-FKYQ-M5SJ4PD"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Glary Utilities 5\Initialize.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2015-07-14  18:21:42 - machine was rebooted
ComboFix-quarantined-files.txt  2015-07-14 08:21
.
Pre-Run: 329,601,806,336 bytes free
Post-Run: 329,167,990,784 bytes free
.
- - End Of File - - 11834F4129DF3626A112B9C58D032CD2


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 AM

Posted 14 July 2015 - 03:09 PM

Next steps are:

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 cathyb9

cathyb9
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 14 July 2015 - 09:40 PM

Step 1 results: 

 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 11:45:33
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : cathy - CATHY-PC
# Running from : C:\Users\cathy\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\APPPtoU
Folder Deleted : C:\ProgramData\b9f26b754e0355fa
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Users\cathy\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\cathy\AppData\Roaming\DriverTurbo
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
Key Deleted : HKCU\Software\DriverToolkit
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://search.gboxapp.com/
 
-\\ Opera v30.0.1835.125
 
 
*************************
 
AdwCleaner[R0].txt - [1526 bytes] - [15/07/2015 11:31:46]
AdwCleaner[S0].txt - [1422 bytes] - [15/07/2015 11:45:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1481  bytes] ##########
 
 
Step 2 results:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15/07/2015
Scan Time: 12:11 PM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.14.07
Rootkit Database: v2015.07.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: cathy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401454
Time Elapsed: 18 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [5659548d1b6f7fb7f6ac8b05de26a759], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [e6c94899d7b3bc7a4161a0f0f41039c7], 
 
Registry Values: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [5659548d1b6f7fb7f6ac8b05de26a759]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [e6c94899d7b3bc7a4161a0f0f41039c7]
 
Registry Data: 0
(No malicious items detected)
 
Step 3 results
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by cathy (administrator) on CATHY-PC on 15-07-2015 12:33:16
Running from C:\Users\cathy\Desktop
Loaded Profiles: cathy (Available Profiles: cathy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TBS\HSON.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TosTogKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Darfon Electronics Corp.) C:\Windows\TiltMouseAPP.exe
(Darfon Electronics Corp.) C:\Windows\AIOKBApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Hearts\Hearts.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosTogKeyMon] => C:\Program Files\TOSHIBA\FlashCards\TosTogKeyMon.exe [2409336 2010-06-12] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544104 2011-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [TiltMouse] => C:\windows\TiltMouseAPP.exe [118272 2011-02-19] (Darfon Electronics Corp.)
HKLM-x32\...\Run: [AIOKBApp] => C:\windows\AIOKBApp.exe [114176 2010-06-29] (Darfon Electronics Corp.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] => C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2011-03-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-11] (Glarysoft Ltd)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-24] (Piriform Ltd)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [867488 2015-03-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Run: [FlickrUploadr] => "C:\Users\cathy\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-07-02]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jungle Disk Desktop.lnk [2015-07-04]
ShortcutTarget: Jungle Disk Desktop.lnk -> C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe (Jungle Disk, Inc.)
Startup: C:\Users\cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2014-04-29]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
ShellIconOverlayIdentifiers: [JungleDisk1_Complete] -> {78061A12-1E91-4446-8B65-8ED2FF328D4A} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2011-03-04] (.)
ShellIconOverlayIdentifiers: [JungleDisk2_InProgress] -> {700AD13D-E86F-41C9-9A8F-39B4C438806F} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2011-03-04] (.)
ShellIconOverlayIdentifiers: [JungleDisk3_Conflicted] -> {48C7A606-0F84-4DC8-8AFD-A157BDF18A08} => C:\Program Files\Jungle Disk Desktop\monitor_shellext.dll [2011-03-04] (.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2179533540-259808961-616636266-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2179533540-259808961-616636266-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2179533540-259808961-616636266-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com/
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2179533540-259808961-616636266-1000 -> {AA8311AF-C14D-44A2-91B6-6729292A3F67} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2179533540-259808961-616636266-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-03-31] (<TOSHIBA>)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-03-31] (<TOSHIBA>)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-09] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{176601B3-85C8-422C-9C39-A43F750429D7}: [NameServer] 54.252.183.4,54.252.183.5
Tcpip\..\Interfaces\{176601B3-85C8-422C-9C39-A43F750429D7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83450532-37F7-4835-B16C-3423AE7B1C36}: [NameServer] 103.250.185.113,106.186.22.8
Tcpip\..\Interfaces\{83450532-37F7-4835-B16C-3423AE7B1C36}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\cathy\AppData\Roaming\Mozilla\Firefox\Profiles\oo00a00y.default-1404706481116
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-04-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2014-11-04] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-05-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-05-04] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-04-11]
 
Chrome: 
=======
CHR Profile: C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-14]
CHR Extension: (Google Docs) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-14]
CHR Extension: (Google Drive) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (Flash render quality) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbkhhhlbomjpenealmjakmfmlgnbimep [2014-11-29]
CHR Extension: (YouTube) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (Google Search) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-22]
CHR Extension: (Google Sheets) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-14]
CHR Extension: (No Name) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm [2015-07-14]
CHR Extension: (Avast Online Security) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-22]
CHR Extension: (Vine for Chrome) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfkidejapghjmjphojdbnchkdphccno [2015-03-25]
CHR Extension: (RealDownloader) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Instagram for Chrome) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-06-13]
CHR Extension: (Gmail) - C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-18] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-18] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-18] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [662592 2014-07-23] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-18] (SurfRight B.V.)
R2 JungleDiskService; C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [9761096 2011-05-17] (Jungle Disk, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-05-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-18] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-18] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-18] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-18] ()
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)
R3 CXPOLARIS; C:\Windows\System32\drivers\cxRDU253S.sys [449792 2011-02-22] (Conexant Systems, Inc.)
R3 DFKBfilter; C:\Windows\System32\drivers\DFKBfilter.sys [24712 2010-06-25] (Darfon Electronics Corp.)
R3 DFMousefilter; C:\Windows\System32\drivers\DFMousefilter.sys [24200 2010-06-25] (Darfon Electronics Corp.)
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-19] (Glarysoft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-09-01] (Nuvoton Technology Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-18] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSPCIESTOR; system32\DRIVERS\RtsPStor.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-15 12:33 - 2015-07-15 12:33 - 00035735 _____ C:\Users\cathy\Desktop\FRST.txt
2015-07-15 12:31 - 2015-07-15 12:31 - 00001623 _____ C:\Users\cathy\Desktop\malwarebytes.txt
2015-07-15 11:56 - 2015-07-15 11:56 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-15 11:56 - 2015-07-15 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-15 11:56 - 2015-07-15 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-15 11:56 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-15 11:56 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-15 11:54 - 2015-07-15 11:54 - 00001561 _____ C:\Users\cathy\Desktop\AdwCleaner[S0].txt
2015-07-15 11:31 - 2015-07-15 11:45 - 00000000 ____D C:\AdwCleaner
2015-07-15 11:29 - 2015-07-15 11:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\cathy\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-15 11:27 - 2015-07-15 11:28 - 02248704 _____ C:\Users\cathy\Downloads\AdwCleaner.exe
2015-07-14 18:21 - 2015-07-14 18:21 - 00043597 _____ C:\ComboFix.txt
2015-07-14 18:08 - 2015-07-14 18:08 - 00000546 _____ C:\windows\PFRO.log
2015-07-14 17:53 - 2015-07-14 18:21 - 00000000 ____D C:\Qoobox
2015-07-14 17:53 - 2015-07-14 18:16 - 00000000 ____D C:\windows\erdnt
2015-07-14 17:53 - 2011-06-26 16:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-14 17:53 - 2010-11-08 03:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-14 17:53 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-14 17:53 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-14 17:53 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-14 17:53 - 2000-08-31 10:00 - 00098816 _____ C:\windows\sed.exe
2015-07-14 17:53 - 2000-08-31 10:00 - 00080412 _____ C:\windows\grep.exe
2015-07-14 17:53 - 2000-08-31 10:00 - 00068096 _____ C:\windows\zip.exe
2015-07-14 17:50 - 2015-07-14 17:51 - 05632449 ____R (Swearware) C:\Users\cathy\Desktop\ComboFix.exe
2015-07-14 07:57 - 2015-07-15 12:33 - 00000000 ____D C:\FRST
2015-07-14 07:53 - 2015-07-14 07:54 - 02133504 _____ (Farbar) C:\Users\cathy\Desktop\FRST64.exe
2015-07-13 21:00 - 2015-07-15 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 20:59 - 2015-07-15 12:11 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 20:59 - 2015-07-13 23:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-13 20:09 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-13 20:05 - 2015-07-14 19:02 - 00000000 ____D C:\Users\cathy\Desktop\mbar
2015-07-13 19:57 - 2015-07-13 20:02 - 16502728 _____ (Malwarebytes Corp.) C:\Users\cathy\Desktop\mbar-1.09.1.1004.exe
2015-07-13 19:36 - 2015-07-13 19:36 - 00291606 _____ C:\Users\cathy\Desktop\TCPView.zip
2015-07-13 19:04 - 2015-07-13 19:04 - 00000000 _____ C:\windows\SysWOW64\shoA7DC.tmp
2015-07-13 01:00 - 2015-07-15 11:47 - 00000168 _____ C:\windows\setupact.log
2015-07-13 01:00 - 2015-07-13 01:00 - 00000000 _____ C:\windows\setuperr.log
2015-07-11 22:17 - 2015-07-11 22:17 - 186835060 _____ C:\Users\cathy\Downloads\abbottetc.psd
2015-07-11 21:37 - 2015-07-11 21:37 - 08127566 _____ C:\Users\cathy\Downloads\Untitled-1.psd
2015-07-11 21:36 - 2015-07-11 21:37 - 472132604 _____ C:\Users\cathy\Downloads\brandescher.psd
2015-07-11 00:23 - 2015-07-11 00:25 - 324365488 _____ C:\Users\cathy\Downloads\Untitled_Panorama2.psd
2015-07-06 18:37 - 2015-07-06 18:37 - 00001724 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-06 18:37 - 2015-07-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-06 18:35 - 2015-07-06 18:36 - 00000000 ____D C:\Program Files\iTunes
2015-07-06 18:35 - 2015-07-06 18:35 - 00000000 ____D C:\Program Files\iPod
2015-07-06 18:35 - 2015-07-06 18:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-05 21:32 - 2015-07-05 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-05 21:32 - 2015-07-05 21:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-03 11:15 - 2010-11-30 11:03 - 00188696 _____ (EldoS Corporation) C:\windows\system32\CbFsMntNtf3.dll
2015-07-03 11:11 - 2015-07-03 11:13 - 08092672 _____ C:\Users\cathy\Downloads\JungleDiskDesktop64-3160.msi
2015-07-03 10:19 - 2015-07-03 10:19 - 00000000 _____ C:\windows\SysWOW64\sho9E2F.tmp
2015-07-03 09:18 - 2015-07-03 09:18 - 00000000 ____D C:\Users\cathy\AppData\Local\Foxit Reader
2015-07-02 21:48 - 2015-07-02 21:48 - 24184897 _____ C:\Users\cathy\Downloads\AS07518.psd
2015-07-02 16:43 - 2015-07-03 10:24 - 00000000 ____D C:\Users\cathy\AppData\Local\FlickrUploadrWindows
2015-07-02 16:43 - 2015-07-02 16:43 - 00002302 _____ C:\Users\cathy\Desktop\Flickr Uploadr.lnk
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Local\SquirrelTemp
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Local\IsolatedStorage
2015-07-02 16:43 - 2015-07-02 16:43 - 00000000 ____D C:\Users\cathy\AppData\Local\Flickr
2015-07-02 16:35 - 2015-07-02 16:38 - 21879792 _____ (Flickr) C:\Users\cathy\Downloads\FlickrUploadrInstallr.exe
2015-07-02 12:36 - 2015-07-02 12:37 - 08071168 _____ C:\Users\cathy\Downloads\JungleDiskWorkgroup64-3160.msi
2015-07-02 11:17 - 2015-07-02 11:17 - 00055422 _____ C:\Users\cathy\Downloads\skynews.img.1200.745.jpeg
2015-07-02 10:49 - 2015-07-02 10:49 - 00055422 _____ C:\Users\cathy\Downloads\brandi9.jpeg
2015-07-02 09:38 - 2015-07-02 10:59 - 00000000 ____D C:\Users\cathy\AppData\Roaming\JungleDisk
2015-07-02 07:50 - 2015-07-02 07:50 - 00000000 _____ C:\windows\SysWOW64\shoC2E7.tmp
2015-07-02 07:44 - 2015-07-04 12:57 - 00000000 ____D C:\ProgramData\JungleDisk
2015-07-02 07:44 - 2010-11-30 11:03 - 00321424 _____ (EldoS Corporation) C:\windows\system32\Drivers\cbfs3.sys
2015-07-02 07:44 - 2010-11-30 11:03 - 00216856 _____ (EldoS Corporation) C:\windows\SysWOW64\CbFsNetRdr3.dll
2015-07-02 07:44 - 2010-11-30 11:03 - 00155416 _____ (EldoS Corporation) C:\windows\SysWOW64\CbFsMntNtf3.dll
2015-07-02 07:44 - 2010-11-30 11:03 - 00139032 _____ (EldoS Corporation) C:\windows\system32\CbFsNetRdr3.dll
2015-07-02 00:46 - 2015-07-02 07:45 - 66318791 _____ C:\Users\cathy\Downloads\manray.psd
2015-07-01 23:35 - 2015-07-02 00:11 - 101362885 _____ C:\Users\cathy\Downloads\recliningnude.psd
2015-06-30 19:58 - 2015-06-30 19:58 - 03486714 _____ C:\Users\cathy\Downloads\brandis1.psd
2015-06-30 17:23 - 2015-06-30 17:23 - 34324423 _____ C:\Users\cathy\Downloads\a02-freu-nude-480.psd
2015-06-29 17:46 - 2015-06-29 17:48 - 66835960 _____ C:\Users\cathy\Downloads\bishopbrandis.psd
2015-06-29 10:14 - 2015-06-29 10:14 - 00000000 ____D C:\Users\cathy\Tracing
2015-06-29 09:10 - 2015-06-29 09:10 - 00001208 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-28 16:27 - 2015-06-28 16:27 - 24265898 _____ C:\Users\cathy\Downloads\CHivrYjUwAEMxO8-Recovered.psd
2015-06-28 16:27 - 2015-06-28 16:27 - 03589434 _____ C:\Users\cathy\Downloads\brandi8-Recovered.psd
2015-06-28 16:26 - 2015-06-28 16:27 - 33013966 _____ C:\Users\cathy\Downloads\rainbowdreams (1 of 1)-2-Recovered.psd
2015-06-28 16:26 - 2015-06-28 16:26 - 91236436 _____ C:\Users\cathy\Downloads\lucien.psd
2015-06-27 11:52 - 2015-06-27 11:52 - 00005127 _____ C:\Users\cathy\Downloads\bigger-rainbow.svg
2015-06-26 20:42 - 2015-06-26 20:43 - 181782766 _____ C:\Users\cathy\Downloads\4318005995_de94c07b93_o.psd
2015-06-25 21:57 - 2015-06-25 21:57 - 00000000 ____D C:\Users\Public\Foxit Software
2015-06-25 19:29 - 2015-06-26 20:42 - 368443812 _____ C:\Users\cathy\Downloads\incredible_tretchikoff_p149.psd
2015-06-25 19:29 - 2015-06-25 19:29 - 29822243 _____ C:\Users\cathy\Downloads\whatnottodo.psd
2015-06-25 19:25 - 2015-06-25 19:25 - 00087324 _____ C:\Users\cathy\Downloads\Dyslexie Regular LP120372.ttf
2015-06-25 12:14 - 2015-06-25 19:29 - 04877404 _____ C:\Users\cathy\Downloads\georgiepoohs.psd
2015-06-25 12:12 - 2015-06-25 12:13 - 03069891 _____ C:\Users\cathy\Downloads\glassesneb.psd
2015-06-24 22:21 - 2015-06-25 09:16 - 22514982 _____ C:\Users\cathy\Downloads\tinder.psd
2015-06-23 19:02 - 2015-06-23 19:02 - 00000000 ____D C:\Users\cathy\AppData\Roaming\TeamViewer
2015-06-23 18:55 - 2015-06-23 18:57 - 00000000 ____D C:\Users\cathy\Documents\soyla
2015-06-23 18:41 - 2015-06-23 18:47 - 06583840 _____ (TeamViewer) C:\Users\cathy\Downloads\TeamViewerQS.exe
2015-06-23 18:24 - 2015-06-23 18:24 - 00027101 _____ C:\Users\cathy\Downloads\brandhead.psd
2015-06-23 18:23 - 2015-06-23 18:23 - 85995522 _____ C:\Users\cathy\Downloads\Calliphora_vomitoria_Portrait (1).psd
2015-06-23 13:00 - 2015-06-23 18:24 - 05012000 _____ C:\Users\cathy\Downloads\brandisharveyoliver.psd
2015-06-21 21:35 - 2015-07-15 11:48 - 00003340 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2179533540-259808961-616636266-1000
2015-06-21 21:12 - 2015-06-21 21:21 - 00000000 ____D C:\477cab60897483a4db4e82265c857904
2015-06-21 21:00 - 2011-10-27 10:27 - 00259688 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsP2Stor.sys
2015-06-21 20:55 - 2015-06-21 20:59 - 02448688 _____ (Megaify Software ) C:\Users\cathy\Downloads\DriverToolkitInstaller.exe
2015-06-21 20:54 - 2015-06-21 20:59 - 07312448 _____ (Lenovo Group Limited ) C:\Users\cathy\Downloads\h0ss02ww.exe
2015-06-21 20:44 - 2015-05-10 04:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 03147776 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 02589184 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-06-21 20:44 - 2015-05-09 13:27 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-06-21 20:44 - 2015-05-09 13:26 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-06-21 20:44 - 2015-05-09 13:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-06-21 20:44 - 2015-05-09 13:26 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-06-21 20:44 - 2015-05-09 13:26 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-06-21 20:44 - 2015-05-09 13:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-06-21 20:44 - 2015-05-09 13:13 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-06-21 20:44 - 2015-04-28 05:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-06-21 20:44 - 2015-04-28 05:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-06-21 20:44 - 2015-04-28 05:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-06-21 20:44 - 2015-04-28 05:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-06-21 20:44 - 2015-04-28 05:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-06-21 20:44 - 2015-04-28 05:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-06-21 20:44 - 2015-04-28 05:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-06-21 20:44 - 2015-04-28 05:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-06-21 20:44 - 2015-03-14 13:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-06-21 20:44 - 2015-03-14 13:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-06-21 20:44 - 2015-03-14 13:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-06-21 20:44 - 2015-03-14 13:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-06-21 18:52 - 2015-06-21 18:52 - 21589042 _____ C:\Users\cathy\Downloads\zq1bry9.psd
2015-06-21 18:31 - 2015-06-21 18:31 - 00231952 _____ C:\Users\cathy\Downloads\DriverTurboSetup.exe
2015-06-21 18:28 - 2015-06-21 18:28 - 00008615 _____ C:\windows\Scan.ini
2015-06-21 18:23 - 2015-06-21 18:23 - 03341952 _____ (Fix-It Driver Repair ) C:\Users\cathy\Downloads\DriverRepair_signed.exe
2015-06-21 18:06 - 2015-06-21 18:07 - 10319986 _____ C:\Users\cathy\Downloads\0002-RtsXStor_6.3.370.71.zip
2015-06-21 17:24 - 2015-06-21 17:24 - 00347816 _____ (Microsoft Corporation) C:\Users\cathy\Downloads\MicrosoftFixit.Devices.Run.exe
2015-06-21 13:51 - 2015-06-21 13:51 - 00039093 _____ C:\Users\cathy\Downloads\kevinandrews.jpg-large
2015-06-21 11:33 - 2015-06-21 18:52 - 20893032 _____ C:\Users\cathy\Downloads\zardozbrandi1.psd
2015-06-21 02:09 - 2015-06-21 02:09 - 04311759 _____ C:\Users\cathy\Downloads\trogdor_the_burninator_by_blitzgraphics.psd
2015-06-21 02:09 - 2015-06-21 02:09 - 04311238 _____ C:\Users\cathy\Downloads\pythoncat.psd
2015-06-21 02:09 - 2015-06-21 02:09 - 03363124 _____ C:\Users\cathy\Downloads\70s-men-fashion-162.psd
2015-06-19 15:05 - 2015-06-19 15:05 - 32904766 _____ C:\Users\cathy\Downloads\dancer.psd
2015-06-19 01:46 - 2015-06-19 03:58 - 14273085 _____ C:\Users\cathy\Downloads\70s-men-fashion-71__700.psd
2015-06-18 23:41 - 2015-06-18 23:41 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-06-18 19:58 - 2015-06-18 19:58 - 00000000 ____D C:\Program Files\Intel
2015-06-18 19:55 - 2015-06-18 19:55 - 00000000 ____D C:\ProgramData\IntelDLM
2015-06-18 18:45 - 2015-06-18 18:45 - 00001181 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-06-18 18:45 - 2015-06-18 18:45 - 00000000 ____D C:\Users\cathy\AppData\Local\Intel
2015-06-18 18:44 - 2015-06-18 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-06-18 18:44 - 2015-06-18 18:44 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-06-18 18:42 - 2015-06-18 18:42 - 02333416 _____ (Intel) C:\Users\cathy\Downloads\Intel Driver Update Utility Installer.exe
2015-06-17 15:52 - 2015-06-17 15:52 - 368720446 _____ C:\Users\cathy\Downloads\Untitled_Panorama1-Recovered-Recovered-Recovered.psd
2015-06-17 15:51 - 2015-06-17 15:51 - 57619014 _____ C:\Users\cathy\Downloads\3646924852_98e3344898_o.psd
2015-06-17 00:26 - 2015-06-17 00:26 - 11019669 _____ C:\Users\cathy\Downloads\1988evil-Recovered.psd
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTime.qts
2015-06-16 17:22 - 2015-06-16 17:22 - 00037623 _____ C:\Users\cathy\Downloads\nakedmolerat.jpg-large
2015-06-15 01:31 - 2015-06-15 01:31 - 00000000 ____D C:\Program Files (x86)\GUME059.tmp
2015-06-15 01:06 - 2015-06-15 01:06 - 04426372 _____ C:\Users\cathy\Downloads\vallotton.psd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-15 11:57 - 2014-03-14 14:46 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 11:57 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 11:57 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 11:56 - 2012-12-08 01:07 - 01997770 _____ C:\windows\WindowsUpdate.log
2015-07-15 11:52 - 2014-05-20 12:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-15 11:50 - 2014-03-14 19:33 - 00000000 ____D C:\Users\cathy\AppData\Local\Adobe
2015-07-15 11:49 - 2015-02-24 18:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-15 11:49 - 2014-03-14 12:41 - 00000000 ____D C:\Users\cathy\AppData\Local\VirtualStore
2015-07-15 11:48 - 2015-03-12 07:23 - 00003206 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2179533540-259808961-616636266-1000
2015-07-15 11:48 - 2014-03-14 14:46 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 11:47 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-15 11:37 - 2014-03-31 00:43 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-15 10:03 - 2014-06-04 11:46 - 00003830 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1394789486
2015-07-15 10:03 - 2014-03-14 19:31 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-15 06:38 - 2014-03-31 00:43 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 06:38 - 2014-03-31 00:43 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 06:38 - 2014-03-31 00:43 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 02:55 - 2014-03-19 22:04 - 00000000 ____D C:\windows\System32\Tasks\Games
2015-07-14 19:03 - 2014-10-31 12:53 - 00001043 _____ C:\Users\Public\Desktop\Avidemux 2.6 - 64bits.lnk
2015-07-14 18:21 - 2009-07-14 13:20 - 00000000 __RHD C:\Users\Default
2015-07-14 18:15 - 2014-03-17 13:03 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-14 18:10 - 2009-07-14 12:34 - 00000215 _____ C:\windows\system.ini
2015-07-14 17:50 - 2014-05-15 21:44 - 00015260 _____ C:\Users\cathy\Documents\Database.kdb
2015-07-13 23:57 - 2009-07-14 15:13 - 00782228 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-13 19:33 - 2014-03-14 12:43 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Toshiba
2015-07-13 19:33 - 2013-04-26 12:24 - 00000000 ____D C:\Users\cathy\Documents\Bluetooth
2015-07-13 19:30 - 2015-04-11 21:51 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-07-13 19:30 - 2015-04-11 21:51 - 00001148 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-07-13 19:29 - 2011-04-07 23:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-12 22:07 - 2015-06-09 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 00:22 - 2014-03-24 07:53 - 00000000 ____D C:\Users\cathy\AppData\Local\CrashDumps
2015-07-08 00:31 - 2009-07-14 13:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-06 18:35 - 2015-04-12 17:37 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-06 18:35 - 2014-03-14 21:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-04 14:54 - 2011-04-07 23:06 - 00000000 ____D C:\ProgramData\Adobe
2015-07-02 14:00 - 2014-03-14 12:41 - 00000000 ____D C:\Users\cathy\AppData\Local\TOSHIBA
2015-07-02 14:00 - 2012-12-08 01:24 - 00000000 ____D C:\ProgramData\TOSHIBA
2015-07-02 07:52 - 2009-07-14 14:45 - 05145744 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-02 07:51 - 2014-03-14 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 07:47 - 2014-03-31 22:26 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Skype
2015-06-29 10:14 - 2014-03-14 12:41 - 00000000 ____D C:\Users\cathy
2015-06-29 09:13 - 2012-12-08 01:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-29 09:13 - 2012-12-08 01:44 - 00000000 ____D C:\ProgramData\Skype
2015-06-29 09:10 - 2015-05-20 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-29 09:10 - 2014-03-21 23:33 - 00000000 ____D C:\Users\cathy\AppData\Local\Thunderbird
2015-06-29 09:10 - 2014-03-14 19:39 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-27 01:23 - 2014-03-17 13:03 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-06-26 09:40 - 2014-11-04 11:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 19:43 - 2014-03-14 12:42 - 00135400 _____ C:\Users\cathy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-24 07:57 - 2014-12-27 15:55 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 18:59 - 2014-03-05 12:34 - 00000000 ____D C:\Users\cathy\Documents\Exergy
2015-06-23 18:58 - 2013-10-08 22:06 - 00000000 ____D C:\Users\cathy\Documents\Serial Numbers
2015-06-23 18:46 - 2015-04-11 18:11 - 00001205 _____ C:\Users\cathy\Desktop\Exposure 5.lnk
2015-06-23 13:30 - 2010-11-21 13:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-06-22 15:39 - 2009-07-14 13:20 - 00000000 ____D C:\windows\rescache
2015-06-22 00:39 - 2014-03-22 17:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-22 00:39 - 2014-03-14 19:42 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2015-06-21 21:30 - 2009-07-14 13:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-21 21:00 - 2012-12-08 01:23 - 00000000 ____D C:\windows\SysWOW64\sda
2015-06-21 21:00 - 2012-12-08 01:15 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-15 01:22 - 2014-03-14 12:45 - 00000000 ____D C:\Users\cathy\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2014-04-27 18:30 - 2014-06-06 16:07 - 0000132 _____ () C:\Users\cathy\AppData\Roaming\Adobe PNG Format CC Prefs
2014-04-19 00:06 - 2014-04-19 00:06 - 0000132 _____ () C:\Users\cathy\AppData\Roaming\Adobe Targa Format CC Prefs
2014-09-19 22:03 - 2015-03-30 13:59 - 0001456 _____ () C:\Users\cathy\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-11-22 18:17 - 2014-11-22 18:17 - 0008571 _____ () C:\Users\cathy\AppData\Local\recently-used.xbel
2014-04-29 04:37 - 2014-04-29 04:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-08 01:30 - 2012-12-08 01:30 - 0000108 _____ () C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
 
Some files in TEMP:
====================
C:\Users\cathy\AppData\Local\Temp\Quarantine.exe
C:\Users\cathy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-14 20:33
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by cathy at 2015-07-15 12:34:06
Running from C:\Users\cathy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2179533540-259808961-616636266-500 - Administrator - Disabled)
cathy (S-1-5-21-2179533540-259808961-616636266-1000 - Administrator - Enabled) => C:\Users\cathy
Guest (S-1-5-21-2179533540-259808961-616636266-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.1.0 - Adobe Systems Incorporated)
Adobe Edge Animate CC (HKLM-x32\...\{1C5E96F4-6F15-4A96-BF62-9D1F60B44FF1}) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{641F742F-1497-51B4-F481-1037096A90A0}) (Version: 0.97 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM\...\{4CBD2327-FA4C-4D42-8903-CE1E96FE0FBF}) (Version: 0.37.15833 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.2 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Alien Skin Blow Up 3 (HKLM\...\Alien Skin Blow Up 3) (Version:  - Alien Skin)
Alien Skin Bokeh 2 (HKLM\...\Alien Skin Bokeh 2) (Version:  - Alien Skin)
Alien Skin Exposure 5 (HKLM\...\Alien Skin Exposure 5) (Version:  - Alien Skin)
Alien Skin Snap Art 4 (HKLM\...\Alien Skin Snap Art 4) (Version:  - Alien Skin)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Corel Digital Studio SE (HKLM-x32\...\_{E185BD5C-0E10-479F-AF44-63D3A068446A}) (Version: 1.5.10.355 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.855 - Corel Inc.)
CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 7.1.5131 - CyberLink Corp.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2718 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceIO (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
DFPro (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version:  - SEIKO EPSON Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.70.0000 - EPSON)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flickr Uploadr for Windows (HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\FlickrUploadrWindows) (Version: 0.9.90.246 - Flickr)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 5.25 (HKLM-x32\...\Glary Utilities 5) (Version: 5.25.0.44 - Glarysoft Ltd)
Gmail Backup (HKLM-x32\...\gmailbackup) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ICA (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2274 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPM_OEM (x32 Version: 1.53 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
ISCOM (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle Disk Desktop (HKLM\...\{4837C529-3700-5555-95FC-80C653003160}) (Version: 3.16 - Jungle Disk)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
Label@Once 1.0 (x32 Version: 1.0 - Corel) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7277 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MC782ML_MC582ML (HKLM\...\{CEA241FD-11FF-442B-BDCA-DAB9E7AE2109}) (Version: 6.111.16 - YUAN)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.69 - Corel Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Thunderbird 34.0 (x86 en-US) (HKU\S-1-5-21-2179533540-259808961-616636266-1000\...\Mozilla Thunderbird 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NextWindow DesktopTouch Driver Package (HKLM\...\{4ED0CEF7-8AD7-45E3-B200-02BD6523ACAB}) (Version: 1.1.004 - NextWindow)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.9 - Google)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.1 - Notepad++ Team)
Nuvoton CIR Device Drivers (HKLM-x32\...\{46851691-3C64-4C14-ABD8-179AE8801F55}) (Version: 8.60.2004 - Nuvoton Technology Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PureHD (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Setup (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share64 (Version: 1.5.10.355 - Corel Corporation) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.0.20.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9.TA for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{DCB09C9D-2250-42E0-AE55-83A505467941}) (Version: 1.3.0.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{16D3A547-A165-4878-9A04-492BB7F56BAC}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8.TA - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.1 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.2 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.6.64.TA - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.20.64 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM-x32\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{8C876A25-6842-4569-9900-E5D696135E30}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64WW - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.4.59-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.2 - TOSHIBA Corporation)
Toshiba Wireless HID driver (HKLM-x32\...\{A190562C-BD9C-49CD-8C52-944A5256062E}) (Version: 1.00.003 - TOSHIBA Corporation)
VIO (x32 Version: 1.5.10.355 - Corel Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cathy\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2179533540-259808961-616636266-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
19-05-2015 20:15:08 Installed Foxit PhantomPDF Standard
20-05-2015 08:31:31 Windows Update
23-05-2015 09:43:06 Windows Update
27-05-2015 08:19:03 Windows Update
30-05-2015 09:17:09 Windows Update
03-06-2015 20:42:47 Windows Update
06-06-2015 03:00:28 Windows Update
09-06-2015 19:04:37 Windows Update
11-06-2015 03:00:27 Windows Update
15-06-2015 01:27:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
15-06-2015 01:29:39 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-06-2015 05:34:11 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
15-06-2015 05:34:37 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-06-2015 05:35:19 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
15-06-2015 05:36:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
17-06-2015 08:49:47 Windows Update
18-06-2015 18:43:46 Intel® Driver Update Utility
18-06-2015 23:41:03 Checkpoint by HitmanPro
22-06-2015 00:24:06 Removed Foxit PhantomPDF Standard
24-06-2015 08:07:47 Windows Update
01-07-2015 10:18:58 Windows Update
02-07-2015 07:42:29 Installed Jungle Disk Workgroup
03-07-2015 11:10:20 Removed Jungle Disk Workgroup
03-07-2015 11:14:42 Installed Jungle Disk Desktop
04-07-2015 12:12:31 Removed Jungle Disk Desktop
04-07-2015 12:56:53 Installed Jungle Disk Desktop
07-07-2015 17:07:04 Windows Update
11-07-2015 12:22:38 Windows Update
13-07-2015 21:40:49 Malwarebytes Anti-Rootkit Restore Point
14-07-2015 18:35:22 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2015-07-14 18:10 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0417C7B4-F623-4EE5-8A1B-F65F8D726305} - System32\Tasks\AdobeAAMUpdater-1.0-cathy-PC-cathy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {0BB64CA8-6A04-42BB-BBCD-D6DBA9B6A681} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {171CBF55-21FB-4710-AC0D-1BC4FCA74F27} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {1E168AE0-51F9-4A75-97AD-0744FA9D5225} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2179533540-259808961-616636266-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2AAC455F-947D-4989-870E-A5BCBA3BC2AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-24] (Piriform Ltd)
Task: {2B83173A-DDB4-44B0-8B49-AC95718B8899} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {410AA705-84DA-43E3-BC2D-2AD18DB8429A} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-11] (Glarysoft Ltd)
Task: {4CFC7041-32C0-4095-9FDB-EC53813FB914} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2179533540-259808961-616636266-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {52490383-0F9B-46E4-8E4C-BBD145FC6DC5} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {83AD2D06-29B0-4D54-85C8-FBE1A820A340} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {B8626403-EFFB-4FBF-8DD9-8461A12D2843} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {B98026DC-3185-4B31-9744-57A98151403D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {B9F7CFDE-398E-41E6-AE9C-627D8A16A6E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {CE1D0A00-2DC0-46DE-8BBC-245324E030D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {CF55D1A9-28CD-470C-A0BE-3678F16A4980} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-11] (Glarysoft Ltd)
Task: {E2E9951D-A8F8-4727-9C49-B284A0F988CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {F11425C7-A5C8-4CD0-BD3F-34B83C8038E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {F94AFBA5-F5E4-4AE3-840D-E907FC5152D6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {FA304BCA-FF8D-45C8-99FE-255E202A11CC} - System32\Tasks\Opera scheduled Autoupdate 1394789486 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-11] (Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-17 06:02 - 2015-01-28 01:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-14 19:34 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-04-16 06:13 - 2015-04-16 06:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-04 11:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-12-30 05:32 - 2010-12-30 05:32 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-19 11:18 - 2010-11-19 11:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-03-04 11:25 - 2011-03-04 11:25 - 00260096 _____ () C:\Program Files\Jungle Disk Desktop\monitor_images.dll
2010-12-16 09:19 - 2010-12-16 09:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-05-16 14:25 - 2011-05-16 14:25 - 00030064 _____ () c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
2015-07-13 19:28 - 2015-06-13 14:16 - 31404192 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-03-30 17:18 - 2011-03-30 17:18 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-06-19 04:09 - 2015-06-19 04:09 - 00155824 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
2015-07-15 02:06 - 2015-07-14 07:33 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-15 02:06 - 2015-07-14 07:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-05-18 01:22 - 2015-05-18 01:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-18 01:22 - 2015-05-18 01:22 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-15 05:36 - 2015-07-15 05:36 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071401\algo.dll
2015-04-10 00:37 - 2015-04-10 00:37 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-13 19:29 - 2015-06-09 22:36 - 36732592 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-05-11 16:33 - 2015-05-11 16:33 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-06-18 18:53 - 2015-06-18 18:53 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00121856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00122880 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-06-18 18:53 - 2015-06-18 18:53 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-05-20 10:47 - 2015-06-09 05:23 - 00153712 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-20 10:47 - 2015-06-09 05:23 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\cathy\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2179533540-259808961-616636266-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\cathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 103.250.185.113 - 106.186.22.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{177B3DE6-535D-4B96-84EB-BE9C96BDD428}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\PowerCinema.exe
FirewallRules: [{E694F583-5C86-4EAE-AFE0-DDD8CB0BDEE0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\PCMService.exe
FirewallRules: [{C01C0272-0870-400D-94CB-F11B4392DCA8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{27BD3F2C-ABF5-414B-98EE-F1F1071A59A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe
FirewallRules: [{A35095AC-F8EE-4390-9562-6A5A655B93DD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7510B41F-5C71-4055-B1F0-99334FAD0F5A}] => (Allow) LPort=2869
FirewallRules: [{8C8A0F0D-1617-4252-80CC-E49902EF95E8}] => (Allow) LPort=1900
FirewallRules: [{38D91123-AB6D-47F4-BA36-82EDB54A44A6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2A73F262-6EE3-494F-AF78-CEE188103B38}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{50D9C5F0-13B7-417D-BBB7-8588C4904396}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C2E1B8A-BC3C-422A-AD4C-F5F8E67C1865}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AD580D4-62D2-4BEF-AAB3-59D3D970CF1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CB84FAF-572C-4E78-9200-B4125E451F20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B664897-CD3A-4F1F-B32C-A135C6864731}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B1EBCCFA-C9F6-4024-B666-FCF684BA8731}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Edge Inspect CC\EdgeInspect.exe
FirewallRules: [{03C52D80-5450-45D4-81A9-35C30378F6B3}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{8C17C081-CCC9-43E8-A6B9-30275F981701}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{EC974789-0E4D-4859-968F-82C9A8B6437C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{3E171214-BD51-40E9-B21A-A03BCE72B0E1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{08D765E6-7DFC-4B9A-A168-6B7901A57656}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{FD56BDEB-9055-4B2E-BFA2-B5F62CA178A1}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0E30\HPDiagnosticCoreUI.exe
FirewallRules: [{3E2AAD1A-646D-4BAF-82DF-203E4579714D}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0E30\HPDiagnosticCoreUI.exe
FirewallRules: [{DD3871F9-AE77-4876-9513-6D397316EFA8}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0FB1\HPDiagnosticCoreUI.exe
FirewallRules: [{22BF19A7-0DF3-4672-AD58-290DBFA89655}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS0FB1\HPDiagnosticCoreUI.exe
FirewallRules: [{14CDA79F-D180-4996-89D0-E4DA9BC0B37E}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS150D\HPDiagnosticCoreUI.exe
FirewallRules: [{1E8D9282-ACE4-4D6E-BBF9-A54F3A923F08}] => (Allow) C:\Users\cathy\AppData\Local\Temp\7zS150D\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{C6DCA3C2-C081-405B-B073-490F6E2D6C96}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{93146D0F-F83E-4D92-A9A4-FFE2A09F5AE4}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{3C5CE552-A9DA-4D73-B4B4-A44166EAF364}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2E589634-DE1B-4087-ABE8-A946D73D0A65}] => (Allow) C:\Users\cathy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F7886C6C-6512-452F-9E86-9A12A5E990AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD65BCFF-9AD5-4A8B-9BA6-FBB5B04ECAED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{724E3B4F-4CE1-4CF8-A201-47C3D59B4376}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6B79BB4A-1540-4E19-921D-994CF0C14EED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E4FCD116-49AB-4E23-8166-EF47F818ACBA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1CEE49B2-DB1D-49E9-9F86-BE2C73193F7F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{29032129-F760-4ACC-BF66-94638F1C4E75}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{498A45EE-B2F4-441E-A6F8-A29CC374A72F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2015 11:48:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/14/2015 06:09:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 07:05:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 09:26:26 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:26 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:11 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:272 S3Request::WriteFile
   via LockingStorageRequest.h:54 LockingStorageRequest<class S3Request>::WriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:26:18 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:18 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:03 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:591 S3Request::DeleteFileW
   via LockingStorageRequest.h:67 LockingStorageRequest<class S3Request>::DeleteFileW
   via JungleDiskAdv.cpp:786 JungleDiskAdv::NetworkWriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:59 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:59 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:44 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:54 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:54 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:39 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:07 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular Bells for Two Hands.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:07 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:52 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BC02019E9863E565A01359491BE54DB468FF63A4ED602D8F036870739EAEEE0714F8CCA88000D38F3803E1E5D4C5493B;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:00 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular Bells for Two Hands.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:00 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:45 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6D436AC61B2EE8DB543592EC54D3E943A9BE90749A1E52587AC2ED2DFDE1CB4D35C1B58DB5089A3F2D835AA76800514BE;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:57 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular Bells for Two Hands.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:57 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:42 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6ADDADD27BC7FFBC92CB8BBE48D14D2703BA2FE3D4A5BC62F081C89AE67B685DEF5B4AC73B6E174C9E892EB52B339E3EA;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
 
System errors:
=============
Error: (07/15/2015 11:46:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\athihvs.dll
 
Error: (07/15/2015 11:46:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\athihvs.dll
 
Error: (07/15/2015 11:46:04 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (07/15/2015 11:46:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\athihvs.dll
 
Error: (07/15/2015 11:45:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/15/2015 11:45:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/15/2015 11:45:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/15/2015 11:45:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/15/2015 11:45:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/15/2015 11:45:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (07/15/2015 11:48:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/14/2015 06:09:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 07:05:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 09:26:26 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:26 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:11 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:272 S3Request::WriteFile
   via LockingStorageRequest.h:54 LockingStorageRequest<class S3Request>::WriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:26:18 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:26:18 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:29:03 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:591 S3Request::DeleteFileW
   via LockingStorageRequest.h:67 LockingStorageRequest<class S3Request>::DeleteFileW
   via JungleDiskAdv.cpp:786 JungleDiskAdv::NetworkWriteFile
   via JungleDiskBase.cpp:222 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:59 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:59 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:44 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:54 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tuesdays with Morrie.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:54 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:28:39 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BD0FDCA76BF9CB474611C422435966F3D50A09C2246CB48F3180D77117A7B112B04DE894CDB9EBD0B734D83448092B76;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:07 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular Bells for Two Hands.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:07 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:52 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6BC02019E9863E565A01359491BE54DB468FF63A4ED602D8F036870739EAEEE0714F8CCA88000D38F3803E1E5D4C5493B;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:25:00 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular Bells for Two Hands.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:25:00 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:45 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6D436AC61B2EE8DB543592EC54D3E943A9BE90749A1E52587AC2ED2DFDE1CB4D35C1B58DB5089A3F2D835AA76800514BE;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
Error: (07/13/2015 09:24:57 AM) (Source: JungleDiskService) (EventID: 2) (User: )
Description: Warning Details (Jungle Disk Desktop 3.16 Win64)
------------------------
Backup Upload Retry: C:\Users\cathy\Documents\Tubular Bells for Two Hands.docx
Exception Code: xRequestSignDenied (102)
Time: 13/07/2015 9:24:57 AM (GMT+10)
Detailed Message: Sign Request Failed (500)
HTTP Result Code: 500
HTTP Headers:
HTTP/1.1 500 Internal Server Error
Cache-control: no-cache="set-cookie"
Content-Type: text/plain
Date: Sun, 12 Jul 2015 23:27:42 GMT
Server: Jungle Disk DAV
Set-Cookie: AWSELB=ED37BD57164185BB51D6D25B06B2F9184D0E9E00B6ADDADD27BC7FFBC92CB8BBE48D14D2703BA2FE3D4A5BC62F081C89AE67B685DEF5B4AC73B6E174C9E892EB52B339E3EA;PATH=/;MAX-AGE=302
Content-Length: 37
Connection: keep-alive
 
HTTP Body:
 (500) Error Code: UnhandledException
Error Location: RemoteRequestSigner.cpp:92 RemoteRequestSigner::SignRequest
   via S3Request.cpp:93 S3Request::GetHeaders
   via S3Request.cpp:326 S3Request::GetObjectEtag
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via DirectoryCache.cpp:160 DirectoryCache::GetCachedDirectoryEntry
   via JungleDiskBase.cpp:251 JungleDiskBase::GetDirectoryEntry
   via JungleDiskBase.cpp:19 JungleDiskAPI::PathExists
   via JungleDiskBase.cpp:201 JungleDiskBase::WriteFile
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-14 18:04:48.816
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-14 18:04:48.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 8139.86 MB
Available physical RAM: 4660.12 MB
Total Virtual: 16277.93 MB
Available Virtual: 12441.56 MB
 
==================== Drives ================================
 
Drive c: (S3A5216D002) (Fixed) (Total:917.96 GB) (Free:287.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 642E09BB)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=17)
 
==================== End of log ============================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 AM

Posted 15 July 2015 - 02:51 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 cathyb9

cathyb9
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 15 July 2015 - 09:42 AM

Here is the log. As requested, I unchecked the option for "Remove found threats", so none of the threats have been removed.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=init
# utc_time=2015-07-15 07:52:52
# local_time=2015-07-15 05:52:52 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 24806
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=updated
# utc_time=2015-07-15 08:12:09
# local_time=2015-07-15 06:12:09 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# engine=24806
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-15 09:47:53
# local_time=2015-07-15 07:47:53 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188587123 0 0
# scanned=211059
# found=14
# cleaned=0
# scan_time=5743
sh=9E7658C0A571B4E1F54C71A77C7A0CE41A0B33BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0\28.vir"
sh=8A5F09604C64AF042B3B39901F51186F792BA705 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\background.js.vir"
sh=FACE741554898D55AF0554A9C92D994B1FD97D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\chrome.js.vir"
sh=159E57B9F0EE41F82829AF4353AE146339592D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\cookie.js.vir"
sh=3E60A78959E14927C01EAB668A41FCAAC25F9376 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\message.js.vir"
sh=870E2CCAA69B1960D66D748DC1F401390BB2C37F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\background.js.vir"
sh=AE14E309AE928554D70A3C4105393E5353BB6A31 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\extension.js.vir"
sh=8F2DEB4894FE0456513D83D467EF2C7FA5E2C79D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\bg_app_api.js.vir"
sh=93C6F4C27F02EBD3EFB52325D4CEE29D88C9ECD9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\cookie_store.js.vir"
sh=49E9BC8F2AF35650A6D1126128A99C5D84B3CC9D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\data_store.js.vir"
sh=4146009863A69421D0026D24520648805B28C9F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\events.js.vir"
sh=632BDF594B0BBB5742129320E1ECF93CFE9B6B38 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\onBGDocumentLoad.js.vir"
sh=638E7ECDDB345767E0499DF7252FE7BE4D6ED892 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\reports.js.vir"
sh=3F3E6A6E44060CF5EC1F3B977926477E4E0666CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\xhr.js.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=init
# utc_time=2015-07-15 09:50:17
# local_time=2015-07-15 07:50:17 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24806
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=updated
# utc_time=2015-07-15 09:50:50
# local_time=2015-07-15 07:50:50 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# engine=24806
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-15 10:22:13
# local_time=2015-07-15 08:22:13 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188589183 0 0
# scanned=62906
# found=0
# cleaned=0
# scan_time=1883
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=init
# utc_time=2015-07-15 10:23:18
# local_time=2015-07-15 08:23:18 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24806
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=updated
# utc_time=2015-07-15 10:23:41
# local_time=2015-07-15 08:23:41 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# engine=24806
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-15 02:25:55
# local_time=2015-07-16 12:25:55 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188603805 0 0
# scanned=426807
# found=29
# cleaned=0
# scan_time=14533
sh=9E7658C0A571B4E1F54C71A77C7A0CE41A0B33BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0\28.vir"
sh=8A5F09604C64AF042B3B39901F51186F792BA705 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\background.js.vir"
sh=FACE741554898D55AF0554A9C92D994B1FD97D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\chrome.js.vir"
sh=159E57B9F0EE41F82829AF4353AE146339592D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\cookie.js.vir"
sh=3E60A78959E14927C01EAB668A41FCAAC25F9376 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\message.js.vir"
sh=870E2CCAA69B1960D66D748DC1F401390BB2C37F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\background.js.vir"
sh=AE14E309AE928554D70A3C4105393E5353BB6A31 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\extension.js.vir"
sh=8F2DEB4894FE0456513D83D467EF2C7FA5E2C79D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\bg_app_api.js.vir"
sh=93C6F4C27F02EBD3EFB52325D4CEE29D88C9ECD9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\cookie_store.js.vir"
sh=49E9BC8F2AF35650A6D1126128A99C5D84B3CC9D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\data_store.js.vir"
sh=4146009863A69421D0026D24520648805B28C9F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\events.js.vir"
sh=632BDF594B0BBB5742129320E1ECF93CFE9B6B38 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\onBGDocumentLoad.js.vir"
sh=638E7ECDDB345767E0499DF7252FE7BE4D6ED892 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\reports.js.vir"
sh=3F3E6A6E44060CF5EC1F3B977926477E4E0666CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\xhr.js.vir"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\cathy\Documents\Downloads\cbsidlm-cbsi145-DebugMode_Wax-ORG-10413349 (1).exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\cathy\Documents\Downloads\EB6B.tmp"
sh=D9137C408A4CF82C82E0D68BC728DB4C12E16E5F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Downloads\PDFXVwer.zip"
sh=CCDAF2962152EFA4C9A62A4C3A6338925562272A ft=1 fh=2963933e7df8bdff vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Downloads\PDFXVwer\PDFXVwer.exe"
sh=DABF7136C12F046453104FABC648308BF824130D ft=1 fh=d5271ac16c5d0b06 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Exergy\FoxitReader614.0217_enu_Setup.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Exergy\Ex-Wiki\Friday Talk Reports\CCleaner_v5.05.5176.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.13.4693.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.14.4707.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.15.4725.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v5.00.5050.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\ccsetup412.exe"
sh=8DF989B916268D8F8773CA81E6C096BBB6A8DDF6 ft=1 fh=1002a0d718a5eb30 vn="a variant of Win32/DownloadGuide.D potentially unwanted application" ac=I fn="C:\Users\cathy\Downloads\download-avidemux.exe"
sh=8039E3FC46614041EAD15F9339FA8C71B35C2179 ft=1 fh=979185d395bc4abb vn="multiple threats" ac=I fn="C:\Users\cathy\Downloads\DriverRepair_signed.exe"
sh=6D0A8877CD82C957F50B05FA7B4B2CB0B34A5CC8 ft=1 fh=d420c201dab6bb71 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\Foxit_Reader_v6.2.0.0429 (1).exe"
sh=6D0A8877CD82C957F50B05FA7B4B2CB0B34A5CC8 ft=1 fh=d420c201dab6bb71 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\Foxit_Reader_v6.2.0.0429.exe"
 
 
Thanks again!


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 AM

Posted 15 July 2015 - 02:10 PM

# end=stopped

The scan wasn't complete.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 cathyb9

cathyb9
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 15 July 2015 - 06:21 PM

:/ This happened twice. I will run it again and report back. It seemed to be stuck at 45% for a very long time.

 

I am going away for the weekend from tomorrow onwards, back late Sunday night Australian time, just so that you know if I go quiet!



#14 cathyb9

cathyb9
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 15 July 2015 - 11:57 PM

It seems to have run successfully this time. Here are the results. 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=init
# utc_time=2015-07-15 07:52:52
# local_time=2015-07-15 05:52:52 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 24806
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=updated
# utc_time=2015-07-15 08:12:09
# local_time=2015-07-15 06:12:09 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# engine=24806
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-15 09:47:53
# local_time=2015-07-15 07:47:53 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188587123 0 0
# scanned=211059
# found=14
# cleaned=0
# scan_time=5743
sh=9E7658C0A571B4E1F54C71A77C7A0CE41A0B33BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0\28.vir"
sh=8A5F09604C64AF042B3B39901F51186F792BA705 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\background.js.vir"
sh=FACE741554898D55AF0554A9C92D994B1FD97D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\chrome.js.vir"
sh=159E57B9F0EE41F82829AF4353AE146339592D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\cookie.js.vir"
sh=3E60A78959E14927C01EAB668A41FCAAC25F9376 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\message.js.vir"
sh=870E2CCAA69B1960D66D748DC1F401390BB2C37F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\background.js.vir"
sh=AE14E309AE928554D70A3C4105393E5353BB6A31 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\extension.js.vir"
sh=8F2DEB4894FE0456513D83D467EF2C7FA5E2C79D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\bg_app_api.js.vir"
sh=93C6F4C27F02EBD3EFB52325D4CEE29D88C9ECD9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\cookie_store.js.vir"
sh=49E9BC8F2AF35650A6D1126128A99C5D84B3CC9D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\data_store.js.vir"
sh=4146009863A69421D0026D24520648805B28C9F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\events.js.vir"
sh=632BDF594B0BBB5742129320E1ECF93CFE9B6B38 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\onBGDocumentLoad.js.vir"
sh=638E7ECDDB345767E0499DF7252FE7BE4D6ED892 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\reports.js.vir"
sh=3F3E6A6E44060CF5EC1F3B977926477E4E0666CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\xhr.js.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=init
# utc_time=2015-07-15 09:50:17
# local_time=2015-07-15 07:50:17 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24806
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=updated
# utc_time=2015-07-15 09:50:50
# local_time=2015-07-15 07:50:50 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# engine=24806
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-15 10:22:13
# local_time=2015-07-15 08:22:13 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188589183 0 0
# scanned=62906
# found=0
# cleaned=0
# scan_time=1883
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=init
# utc_time=2015-07-15 10:23:18
# local_time=2015-07-15 08:23:18 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24806
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=updated
# utc_time=2015-07-15 10:23:41
# local_time=2015-07-15 08:23:41 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# engine=24806
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-15 02:25:55
# local_time=2015-07-16 12:25:55 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188603805 0 0
# scanned=426807
# found=29
# cleaned=0
# scan_time=14533
sh=9E7658C0A571B4E1F54C71A77C7A0CE41A0B33BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0\28.vir"
sh=8A5F09604C64AF042B3B39901F51186F792BA705 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\background.js.vir"
sh=FACE741554898D55AF0554A9C92D994B1FD97D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\chrome.js.vir"
sh=159E57B9F0EE41F82829AF4353AE146339592D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\cookie.js.vir"
sh=3E60A78959E14927C01EAB668A41FCAAC25F9376 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\message.js.vir"
sh=870E2CCAA69B1960D66D748DC1F401390BB2C37F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\background.js.vir"
sh=AE14E309AE928554D70A3C4105393E5353BB6A31 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\extension.js.vir"
sh=8F2DEB4894FE0456513D83D467EF2C7FA5E2C79D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\bg_app_api.js.vir"
sh=93C6F4C27F02EBD3EFB52325D4CEE29D88C9ECD9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\cookie_store.js.vir"
sh=49E9BC8F2AF35650A6D1126128A99C5D84B3CC9D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\data_store.js.vir"
sh=4146009863A69421D0026D24520648805B28C9F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\events.js.vir"
sh=632BDF594B0BBB5742129320E1ECF93CFE9B6B38 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\onBGDocumentLoad.js.vir"
sh=638E7ECDDB345767E0499DF7252FE7BE4D6ED892 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\reports.js.vir"
sh=3F3E6A6E44060CF5EC1F3B977926477E4E0666CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\xhr.js.vir"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\cathy\Documents\Downloads\cbsidlm-cbsi145-DebugMode_Wax-ORG-10413349 (1).exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\cathy\Documents\Downloads\EB6B.tmp"
sh=D9137C408A4CF82C82E0D68BC728DB4C12E16E5F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Downloads\PDFXVwer.zip"
sh=CCDAF2962152EFA4C9A62A4C3A6338925562272A ft=1 fh=2963933e7df8bdff vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Downloads\PDFXVwer\PDFXVwer.exe"
sh=DABF7136C12F046453104FABC648308BF824130D ft=1 fh=d5271ac16c5d0b06 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Exergy\FoxitReader614.0217_enu_Setup.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Exergy\Ex-Wiki\Friday Talk Reports\CCleaner_v5.05.5176.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.13.4693.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.14.4707.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.15.4725.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v5.00.5050.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\ccsetup412.exe"
sh=8DF989B916268D8F8773CA81E6C096BBB6A8DDF6 ft=1 fh=1002a0d718a5eb30 vn="a variant of Win32/DownloadGuide.D potentially unwanted application" ac=I fn="C:\Users\cathy\Downloads\download-avidemux.exe"
sh=8039E3FC46614041EAD15F9339FA8C71B35C2179 ft=1 fh=979185d395bc4abb vn="multiple threats" ac=I fn="C:\Users\cathy\Downloads\DriverRepair_signed.exe"
sh=6D0A8877CD82C957F50B05FA7B4B2CB0B34A5CC8 ft=1 fh=d420c201dab6bb71 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\Foxit_Reader_v6.2.0.0429 (1).exe"
sh=6D0A8877CD82C957F50B05FA7B4B2CB0B34A5CC8 ft=1 fh=d420c201dab6bb71 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\Foxit_Reader_v6.2.0.0429.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=init
# utc_time=2015-07-15 11:15:40
# local_time=2015-07-16 09:15:40 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24821
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# end=updated
# utc_time=2015-07-15 11:17:51
# local_time=2015-07-16 09:17:51 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e27932de33eba643836856bc0f4fd5d4
# engine=24821
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-16 04:31:39
# local_time=2015-07-16 02:31:39 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 188654549 0 0
# scanned=511634
# found=29
# cleaned=0
# scan_time=18828
sh=9E7658C0A571B4E1F54C71A77C7A0CE41A0B33BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gecgbcfdfbdlbhpmafjaepphedjkibjm_0\28.vir"
sh=8A5F09604C64AF042B3B39901F51186F792BA705 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\background.js.vir"
sh=FACE741554898D55AF0554A9C92D994B1FD97D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\chrome.js.vir"
sh=159E57B9F0EE41F82829AF4353AE146339592D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\cookie.js.vir"
sh=3E60A78959E14927C01EAB668A41FCAAC25F9376 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\api\message.js.vir"
sh=870E2CCAA69B1960D66D748DC1F401390BB2C37F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\background.js.vir"
sh=AE14E309AE928554D70A3C4105393E5353BB6A31 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\app\extension.js.vir"
sh=8F2DEB4894FE0456513D83D467EF2C7FA5E2C79D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\bg_app_api.js.vir"
sh=93C6F4C27F02EBD3EFB52325D4CEE29D88C9ECD9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\cookie_store.js.vir"
sh=49E9BC8F2AF35650A6D1126128A99C5D84B3CC9D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\data_store.js.vir"
sh=4146009863A69421D0026D24520648805B28C9F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\events.js.vir"
sh=632BDF594B0BBB5742129320E1ECF93CFE9B6B38 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\onBGDocumentLoad.js.vir"
sh=638E7ECDDB345767E0499DF7252FE7BE4D6ED892 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\reports.js.vir"
sh=3F3E6A6E44060CF5EC1F3B977926477E4E0666CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgbcfdfbdlbhpmafjaepphedjkibjm\1.23.18_0\js\lib\xhr.js.vir"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\cathy\Documents\Downloads\cbsidlm-cbsi145-DebugMode_Wax-ORG-10413349 (1).exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\cathy\Documents\Downloads\EB6B.tmp"
sh=D9137C408A4CF82C82E0D68BC728DB4C12E16E5F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Downloads\PDFXVwer.zip"
sh=CCDAF2962152EFA4C9A62A4C3A6338925562272A ft=1 fh=2963933e7df8bdff vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Downloads\PDFXVwer\PDFXVwer.exe"
sh=DABF7136C12F046453104FABC648308BF824130D ft=1 fh=d5271ac16c5d0b06 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Exergy\FoxitReader614.0217_enu_Setup.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Documents\Exergy\Ex-Wiki\Friday Talk Reports\CCleaner_v5.05.5176.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.13.4693.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.14.4707.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v4.15.4725.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\CCleaner_v5.00.5050.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\ccsetup412.exe"
sh=8DF989B916268D8F8773CA81E6C096BBB6A8DDF6 ft=1 fh=1002a0d718a5eb30 vn="a variant of Win32/DownloadGuide.D potentially unwanted application" ac=I fn="C:\Users\cathy\Downloads\download-avidemux.exe"
sh=8039E3FC46614041EAD15F9339FA8C71B35C2179 ft=1 fh=979185d395bc4abb vn="multiple threats" ac=I fn="C:\Users\cathy\Downloads\DriverRepair_signed.exe"
sh=6D0A8877CD82C957F50B05FA7B4B2CB0B34A5CC8 ft=1 fh=d420c201dab6bb71 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\Foxit_Reader_v6.2.0.0429 (1).exe"
sh=6D0A8877CD82C957F50B05FA7B4B2CB0B34A5CC8 ft=1 fh=d420c201dab6bb71 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\cathy\Downloads\Foxit_Reader_v6.2.0.0429.exe"


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 AM

Posted 17 July 2015 - 11:18 AM

I am going away for the weekend from tomorrow onwards, back late Sunday night Australian time, just so that you know if I go quiet!


Thanks for letting me know.!

No active malware has been found, that's great.

Please run FRST again:

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users