Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by Barbara (administrator) on WEBASIA-PC on 03-06-2015 10:58:57 Running from C:\Users\Barbara\Desktop\FIXITPC Loaded Profiles: Barbara (Available Profiles: Barbara) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Users\Barbara\Google Drive - work\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Users\Barbara\Google Drive - work\Malwarebytes Anti-Malware\mbamservice.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe (Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Users\Barbara\Google Drive - work\Malwarebytes Anti-Malware\mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWXUX.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Opera Software) C:\Program Files (x86)\Opera\launcher.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.) HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-26] (Avast Software s.r.o.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-11-26] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited) HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-03-25] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-847376195-2476872231-1730056214-1001\...\Run: [GoogleChromeAutoLaunch_035C95D17CB2EE397E9F49F677AE7ABF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.) HKU\S-1-5-21-847376195-2476872231-1730056214-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation) HKU\S-1-5-21-847376195-2476872231-1730056214-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google) HKU\S-1-5-21-847376195-2476872231-1730056214-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-847376195-2476872231-1730056214-1001\...\MountPoints2: {3722eb08-44f6-11e4-826c-40f02f4b01b6} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL I:\start.exe HKU\S-1-5-21-847376195-2476872231-1730056214-1001\...\MountPoints2: {f70027b3-1a61-11e4-8261-40f02f4b01b6} - "G:\SETUP.EXE" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-08-02] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-08-02] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Limited.) Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-30] ShortcutTarget: Dropbox.lnk -> C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) CHR HKU\S-1-5-21-847376195-2476872231-1730056214-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-847376195-2476872231-1730056214-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-847376195-2476872231-1730056214-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/symbaloo_c HKU\S-1-5-21-847376195-2476872231-1730056214-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/symbaloo_c SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-847376195-2476872231-1730056214-1001 -> {EB811CC9-D232-4490-B27E-614EDD543517} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (Avast Software s.r.o.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-27] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (Avast Software s.r.o.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-27] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKU\S-1-5-21-847376195-2476872231-1730056214-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2012-08-18] (Intuit, Inc.) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll No File FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-27] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-06-24] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-847376195-2476872231-1730056214-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Barbara\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-15] (Citrix Online) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-02] Chrome: ======= CHR StartupUrls: Default -> "https://www.google.co.uk/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-28] CHR Extension: (Avast Online Security) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-28] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-28] CHR Extension: (Google Wallet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-28] CHR HKU\S-1-5-21-847376195-2476872231-1730056214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Barbara\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-04-28] CHR HKU\S-1-5-21-847376195-2476872231-1730056214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-847376195-2476872231-1730056214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-22] (Microsoft Corporation) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-26] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-26] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-26] (Avast Software) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed] R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] () R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] () S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) R2 MBAMScheduler; C:\Users\Barbara\Google Drive - work\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Users\Barbara\Google Drive - work\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-11-26] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-11-26] (Intuit Inc.) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2214168 2015-05-08] (IBM Corp.) R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [File not signed] R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [File not signed] R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed] R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2013-01-30] (Sage (UK) Limited) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-26] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-26] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-26] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-26] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-26] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-26] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-26] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-26] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-26] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-26] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R1 RapportCerberus_1412097; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412097.sys [910872 2015-05-26] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [484088 2015-05-08] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121208 2015-05-08] (IBM Corp.) R3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [265784 2015-05-26] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [375128 2015-05-08] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [479320 2015-05-08] (IBM Corp.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-26] (Avast Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com) S3 aswTap; \SystemRoot\system32\DRIVERS\aswTap.sys [X] S3 tap0901; \SystemRoot\system32\DRIVERS\tap0901.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 22:36 - 2015-06-02 22:36 - 00286296 _____ () C:\Windows\Minidump\060215-27437-01.dmp 2015-06-02 21:49 - 2015-06-02 22:14 - 00000000 ____D () C:\Users\Barbara\Desktop\FIXITPC 2015-06-01 17:52 - 2015-06-01 17:52 - 00000000 ____D () C:\Users\Barbara\AppData\Local\GWX 2015-05-30 11:56 - 2006-04-12 11:11 - 01933312 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf251.dll 2015-05-30 11:55 - 2015-05-30 11:55 - 00000218 _____ () C:\Users\Public\Desktop\Cheques & More for QuickBooks.url 2015-05-30 11:44 - 2015-06-02 22:36 - 863871867 _____ () C:\Windows\MEMORY.DMP 2015-05-30 11:44 - 2015-06-02 22:36 - 00000000 ____D () C:\Windows\Minidump 2015-05-30 11:44 - 2015-05-30 11:44 - 00286240 _____ () C:\Windows\Minidump\053015-47421-01.dmp 2015-05-30 11:41 - 2015-05-30 11:41 - 00000095 _____ () C:\Users\Barbara\AppData\Local\fusioncache.dat 2015-05-30 11:41 - 2015-05-30 11:41 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2015-05-30 11:32 - 2015-05-30 11:34 - 00872506 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-30 11:31 - 2015-05-30 11:31 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP 2015-05-27 20:25 - 2015-05-27 20:26 - 00000000 ____D () C:\Users\Barbara\Desktop\malgosia gumula 2015-05-27 09:17 - 2015-05-27 09:17 - 00000000 ____D () C:\Users\Barbara\Tracing 2015-05-27 08:54 - 2015-05-27 08:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-05-26 20:48 - 2015-06-03 10:53 - 00001116 _____ () C:\Windows\error.log 2015-05-26 20:48 - 2015-06-03 10:53 - 00001044 _____ () C:\Windows\setupact.log 2015-05-26 20:48 - 2015-05-26 20:48 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-26 20:47 - 2015-06-03 10:52 - 00004648 _____ () C:\Windows\PFRO.log 2015-05-26 20:46 - 2015-06-03 10:52 - 00000252 _____ () C:\Windows\errord.log 2015-05-26 20:25 - 2015-05-26 20:25 - 00000000 ____D () C:\Program Files (x86)\GUMEB93.tmp 2015-05-26 19:58 - 2015-06-03 10:59 - 00000000 ____D () C:\FRST 2015-05-26 19:45 - 2015-05-26 19:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-05-26 19:45 - 2015-05-26 19:44 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-05-26 19:45 - 2015-05-26 19:44 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-05-26 19:44 - 2015-05-26 19:44 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-05-26 19:44 - 2015-05-26 19:44 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-05-26 19:44 - 2015-05-26 19:44 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-05-26 19:35 - 2015-05-26 19:35 - 00000197 _____ () C:\Windows\system32\2015-05-26-18-35-53.047-AvastVBoxSVC.exe-4072.log 2015-05-26 19:30 - 2015-05-26 19:30 - 00000197 _____ () C:\Windows\system32\2015-05-26-18-30-27.078-AvastVBoxSVC.exe-3380.log 2015-05-26 18:16 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-26 18:16 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-25 21:30 - 2015-05-25 21:30 - 00001227 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-25 21:29 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-25 21:29 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-25 21:29 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-25 21:06 - 2015-05-25 21:09 - 00000000 ____D () C:\Program Files\Recuva 2015-05-25 21:06 - 2015-05-25 21:07 - 00000000 ____D () C:\Program Files\Speccy 2015-05-25 21:06 - 2015-05-25 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2015-05-25 21:06 - 2015-05-25 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2015-05-25 21:05 - 2015-05-25 21:06 - 00000000 ____D () C:\Program Files\Defraggler 2015-05-25 21:05 - 2015-05-25 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2015-05-25 20:32 - 2015-05-25 20:32 - 00000197 _____ () C:\Windows\system32\2015-05-25-19-32-02.023-AvastVBoxSVC.exe-3292.log 2015-05-25 20:17 - 2015-05-25 20:17 - 00000197 _____ () C:\Windows\system32\2015-05-25-19-17-32.010-AvastVBoxSVC.exe-1184.log 2015-05-23 16:05 - 2015-05-26 20:18 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Chromium 2015-05-23 15:52 - 2015-05-23 15:52 - 00000197 _____ () C:\Windows\system32\2015-05-23-14-52-20.014-AvastVBoxSVC.exe-3364.log 2015-05-23 02:13 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-05-23 02:13 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-05-23 02:13 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys 2015-05-23 02:13 - 2014-10-29 02:57 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\BthHFSrv.dll 2015-05-23 02:12 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-23 02:12 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-23 02:12 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2015-05-23 02:12 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2015-05-23 02:12 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2015-05-23 02:12 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-05-23 02:12 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll 2015-05-23 02:12 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-23 02:12 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-05-23 02:12 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll 2015-05-23 02:11 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-23 02:11 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-23 02:11 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-23 02:11 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-23 02:11 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-23 02:11 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-23 02:11 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-23 02:11 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-23 02:11 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-05-23 02:11 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-23 02:11 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-23 02:11 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-23 02:11 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-05-23 02:11 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-23 02:11 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-23 02:11 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-05-23 02:11 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-23 02:11 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-05-23 02:11 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-23 02:11 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-23 02:11 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-23 02:11 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-23 02:11 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-23 02:11 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-23 02:11 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-05-23 02:11 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-23 02:11 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-05-23 02:11 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-23 02:11 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-05-23 02:11 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-23 02:11 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-23 02:11 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-23 02:11 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-23 02:11 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-23 02:11 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-23 02:11 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-23 02:11 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-23 02:11 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-23 02:11 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-23 02:11 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-23 02:11 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-23 02:11 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-23 02:11 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-23 02:11 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-23 02:11 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2015-05-23 02:11 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2015-05-23 02:11 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2015-05-23 02:11 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-05-23 02:11 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-23 02:11 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-23 02:11 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-23 02:11 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2015-05-23 02:11 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2015-05-23 02:11 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2015-05-23 02:11 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2015-05-23 02:11 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll 2015-05-23 02:11 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-23 02:11 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-23 02:11 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-23 02:11 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-05-23 02:11 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-23 02:11 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2015-05-23 02:11 - 2014-10-29 03:45 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-23 02:11 - 2014-10-29 03:44 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-23 02:11 - 2014-10-29 03:00 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-23 02:11 - 2014-10-29 03:00 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-23 02:11 - 2014-10-29 02:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe 2015-05-23 02:11 - 2014-10-29 02:54 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2015-05-23 02:11 - 2014-10-29 02:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe 2015-05-23 02:11 - 2014-10-29 02:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll 2015-05-23 02:10 - 2014-10-29 03:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-23 02:10 - 2014-10-29 02:19 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-23 02:10 - 2014-10-29 01:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-23 01:06 - 2015-05-23 01:06 - 00000197 _____ () C:\Windows\system32\2015-05-23-00-06-37.029-AvastVBoxSVC.exe-3404.log 2015-05-20 18:33 - 2015-05-20 18:33 - 00003834 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1411684083 2015-05-20 18:33 - 2015-05-20 18:33 - 00001034 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-05-14 22:18 - 2015-05-14 22:18 - 00205571 _____ () C:\Users\Barbara\Desktop\FS_NewPolishDeliLtd_30092014.xhtml 2015-05-09 19:02 - 2015-05-09 19:02 - 00000197 _____ () C:\Windows\system32\2015-05-09-18-02-50.069-AvastVBoxSVC.exe-3160.log 2015-05-06 23:01 - 2015-05-06 23:01 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\DivX 2015-05-06 22:57 - 2015-05-26 20:25 - 00000000 ____D () C:\Program Files (x86)\DivX 2015-05-06 22:56 - 2015-05-26 20:47 - 00000000 ____D () C:\ProgramData\DivX ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-06-03 10:58 - 2014-09-03 19:28 - 00000000 ___RD () C:\Users\Barbara\Google Drive - work 2015-06-03 10:57 - 2015-01-02 18:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-03 10:57 - 2014-07-15 22:45 - 00000000 __RDO () C:\Users\Barbara\SkyDrive 2015-06-03 10:54 - 2014-10-09 20:00 - 02078393 _____ () C:\Windows\WindowsUpdate.log 2015-06-03 10:53 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-03 10:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-06-03 10:51 - 2014-08-24 23:01 - 00000000 ____D () C:\Users\Barbara\Documents\Pliki programu Outlook 2015-06-03 10:49 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-06-03 10:17 - 2014-07-15 23:52 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\ClassicShell 2015-06-03 10:16 - 2015-02-11 01:33 - 00000000 ____D () C:\Users\Barbara\Desktop\comfort 03-06-15 2015-06-02 23:16 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-06-02 18:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-06-01 22:44 - 2014-08-26 20:46 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-06-01 21:32 - 2015-04-28 18:10 - 00000000 ____D () C:\AdwCleaner 2015-06-01 21:29 - 2014-07-15 22:44 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-847376195-2476872231-1730056214-1001 2015-05-31 17:51 - 2014-08-02 17:15 - 00000000 ___RD () C:\Users\Barbara\Dropbox 2015-05-31 17:51 - 2014-08-02 17:13 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Dropbox 2015-05-31 03:45 - 2014-07-15 22:38 - 00000000 ____D () C:\Users\Barbara 2015-05-31 02:24 - 2014-08-12 18:49 - 00000000 ____D () C:\Users\Barbara\Desktop\accounting 2015-05-31 01:49 - 2013-09-09 17:17 - 00864578 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-30 11:55 - 2014-08-02 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks 2015-05-30 11:53 - 2014-08-02 18:23 - 00000000 ____D () C:\ProgramData\Intuit 2015-05-30 11:53 - 2014-08-02 18:23 - 00000000 ____D () C:\Program Files (x86)\Intuit 2015-05-30 11:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration 2015-05-30 11:30 - 2014-08-02 17:14 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-28 00:10 - 2013-08-22 15:44 - 00496840 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-27 20:25 - 2015-05-02 09:41 - 00094720 ___SH () C:\Users\Barbara\Desktop\Thumbs.db 2015-05-27 09:28 - 2014-09-20 15:36 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Skype 2015-05-27 09:16 - 2014-09-20 15:36 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-27 09:16 - 2014-09-20 15:36 - 00000000 ____D () C:\ProgramData\Skype 2015-05-27 08:52 - 2015-01-07 01:05 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-26 20:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-05-26 20:45 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-26 20:22 - 2015-01-17 21:43 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\ipla 2015-05-26 20:15 - 2014-08-24 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2015-05-26 20:15 - 2014-08-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2015-05-26 19:29 - 2014-10-11 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2015-05-26 18:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-05-25 21:30 - 2015-01-02 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-25 21:23 - 2014-08-02 15:14 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-25 21:13 - 2015-05-02 11:27 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CrashDumps 2015-05-25 21:13 - 2014-08-02 15:11 - 00000000 ____D () C:\Users\Barbara\Desktop\czyszczenie kompa 2015-05-23 15:47 - 2014-10-04 19:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-23 15:47 - 2014-10-04 19:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-23 15:45 - 2015-04-16 00:55 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-23 15:45 - 2015-04-16 00:55 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-23 15:44 - 2014-08-02 17:43 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-23 15:42 - 2014-07-16 00:52 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-23 15:37 - 2014-07-16 00:52 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-23 15:29 - 2014-10-04 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-23 15:24 - 2013-08-22 21:59 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-20 18:33 - 2014-09-25 23:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-05-10 22:31 - 2015-04-29 11:10 - 00000160 _____ () C:\Users\Barbara\b0aabb19a5038e51a4a215db80ce09e5f24a8125 2015-05-08 17:25 - 2014-10-11 17:41 - 00375128 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys 2015-05-08 17:25 - 2014-10-11 17:41 - 00121208 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys ==================== Files in the root of some directories ======= 2015-05-30 11:41 - 2015-05-30 11:41 - 0000095 _____ () C:\Users\Barbara\AppData\Local\fusioncache.dat 2014-08-03 00:09 - 2014-08-03 00:09 - 0000754 _____ () C:\Users\Barbara\AppData\Local\recently-used.xbel 2015-04-29 11:07 - 2015-04-30 01:07 - 0005322 _____ () C:\Users\Barbara\AppData\Local\tcNSISDump.Log 2015-03-07 21:46 - 2010-05-28 23:37 - 0015086 _____ () C:\ProgramData\Amazon.ico Some files in TEMP: ==================== C:\Users\Barbara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpotbge5.dll C:\Users\Barbara\AppData\Local\Temp\Quarantine.exe C:\Users\Barbara\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-29 19:49 ==================== End of log ============================