FRST scan results are pasted below.
Thanks,
Rob
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Eileen (administrator) on HEURATOSHIBA (02-03-2017 21:50:52)
Running from C:\Users\Eileen\Downloads
Loaded Profiles: Eileen (Available Profiles: Eileen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TP-LINK) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [571304 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-07] (Intel(R) Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-11-16] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4234240 2012-11-26] (TP-LINK)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Eileen\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Eileen\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid d22ee7d8b69f47d1b8e139d4c123ddd2-7c43c0ce615f6360d4e97c2d0d8fd32db466c56d --CMPID 0913b
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\Run: [GoogleChromeAutoLaunch_E4D4801071A5FFC48F688E5CF61730E7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7ABF574C-5012-4C66-AB04-19FF47E66455}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D8373AE5-EEDD-456A-9A5B-4103226F8B25}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
SearchScopes: HKLM -> DefaultScope {8A7A9F89-63BE-4332-BFFA-35FA2A3077B2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8A7A9F89-63BE-4332-BFFA-35FA2A3077B2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {A491BF89-63E3-4553-9378-46518311524A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A491BF89-63E3-4553-9378-46518311524A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1155948075-947392242-1488163081-1001 -> {8A7A9F89-63BE-4332-BFFA-35FA2A3077B2} URL =
SearchScopes: HKU\S-1-5-21-1155948075-947392242-1488163081-1001 -> {A491BF89-63E3-4553-9378-46518311524A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1155948075-947392242-1488163081-1001 -> {F4BE43F5-0D6B-44BE-B065-2747FC951EAD} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-04] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-11-09] (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-1155948075-947392242-1488163081-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D9CDEFE3-51BB-4737-A12C-53D9814A148C} hxxps://webmail.ontario.ca/exchweb/controls/DAX.cab
FireFox:
========
FF DefaultProfile: 02pjg2ea.default-1394501245210
FF ProfilePath: C:\Users\Eileen\AppData\Roaming\Mozilla\Firefox\Profiles\02pjg2ea.default-1394501245210 [2017-03-02]
FF Homepage: Mozilla\Firefox\Profiles\02pjg2ea.default-1394501245210 -> hxxps://www.google.ca/
FF Session Restore: Mozilla\Firefox\Profiles\02pjg2ea.default-1394501245210 -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://start.toshiba.com/g/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.ca/","hxxps://mogs.pvcloud.com/planview/login/body.asp?forward=%2fplanview%2fMyPlanview%2fMyPlanview.aspx%3fptab%3dHV_DASH%26pt%3dHOMEVIEW%26scode%3d%24None"
CHR Session Restore: Profile 1 -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll => No File
CHR Profile: C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default [2017-01-01]
CHR Extension: (YouTube) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-07-22]
CHR Extension: (Little Alchemy) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-06-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
CHR Extension: (Google Wallet) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Profile: C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-02]
CHR Extension: (Google Slides) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-22]
CHR Extension: (Google Docs) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-22]
CHR Extension: (Google Drive) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Cast) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-01-16]
CHR Extension: (Google Search) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Go Back With Backspace) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eekailopagacbcdloonjhbiecobagjci [2017-01-01]
CHR Extension: (Google Sheets) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-22]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Google Play Music) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-01-18]
CHR Extension: (Google Hangouts) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-03-02]
CHR Extension: (Little Alchemy) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-14]
CHR Extension: (Google Play) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-02]
CHR Extension: (Gmail) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-02]
CHR Profile: C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile [2015-08-09]
CHR Extension: (Google Slides) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-22]
CHR Extension: (Google Docs) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-22]
CHR Extension: (Google Drive) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-22]
CHR Extension: (YouTube) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-22]
CHR Extension: (Google Search) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-22]
CHR Extension: (Google Sheets) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-02] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [111544 2017-03-02] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-02] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [82208 2017-03-02] (Malwarebytes)
S3 pmxdrv; C:\windows\system32\drivers\pmxdrv.sys [31152 2017-03-02] ()
S3 Tosrfcom; no ImagePath
R3 TPLINKUDSMBus; C:\windows\System32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
R3 TplinkUDSTcpBus; C:\windows\System32\drivers\TplinkUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-02 21:50 - 2017-03-02 21:52 - 00027420 _____ C:\Users\Eileen\Downloads\FRST.txt
2017-03-02 21:49 - 2017-03-02 21:50 - 00000000 ____D C:\FRST
2017-03-02 21:49 - 2017-03-02 21:49 - 02423808 _____ (Farbar) C:\Users\Eileen\Downloads\FRST64.exe
2017-03-02 15:50 - 2017-03-02 16:25 - 00186304 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-03-02 15:50 - 2017-03-02 16:24 - 00251840 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-02 15:50 - 2017-03-02 16:24 - 00111544 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-03-02 15:50 - 2017-03-02 16:24 - 00082208 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-03-02 15:50 - 2017-03-02 16:24 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-03-02 15:49 - 2017-03-02 15:49 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-02 15:49 - 2017-03-02 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-02 15:49 - 2017-03-02 15:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-02 15:49 - 2017-02-24 06:23 - 00077408 _____ C:\windows\system32\Drivers\mbae64.sys
2017-03-02 15:32 - 2017-03-02 15:33 - 57131432 _____ (Malwarebytes ) C:\Users\Eileen\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-02 13:53 - 2017-03-02 13:53 - 10603976 _____ C:\Users\Eileen\Downloads\tc10108400a.exe
2017-03-02 13:49 - 2017-03-02 14:23 - 00000441 _____ C:\Users\Eileen\Desktop\BIOS Launcher.lnk
2017-03-02 13:49 - 2017-03-02 13:49 - 00000000 ____D C:\t320v280
2017-03-02 13:47 - 2017-03-02 13:47 - 13446360 _____ C:\Users\Eileen\Downloads\tc00209700g.exe
2017-03-02 13:46 - 2017-03-02 13:46 - 05677048 _____ C:\Users\Eileen\Downloads\t320v280.exe
2017-03-02 13:41 - 2017-03-02 13:41 - 13888232 _____ C:\Users\Eileen\Downloads\tc00367700a.exe
2017-03-02 13:40 - 2017-03-02 13:43 - 81870392 _____ C:\Users\Eileen\Downloads\tc00354000m.exe
2017-03-02 13:37 - 2017-03-02 13:38 - 04083720 _____ (TOSHIBA Corporation) C:\Users\Eileen\Downloads\MEUpdate71521176 (1).exe
2017-03-02 13:37 - 2017-03-02 13:38 - 00031152 _____ C:\windows\system32\Drivers\pmxdrv.sys
2017-03-02 13:37 - 2017-03-02 13:37 - 04083720 _____ (TOSHIBA Corporation) C:\Users\Eileen\Downloads\MEUpdate71521176.exe
2017-03-02 11:50 - 2017-03-02 12:44 - 00242278 _____ C:\windows\ntbtlog.txt
2017-03-02 11:23 - 2017-03-02 11:30 - 00000000 ____D C:\windows\pss
2017-02-28 10:05 - 2017-02-28 10:05 - 00024867 _____ C:\Users\Eileen\Downloads\pass.pkpass
2017-02-28 08:53 - 2017-02-28 08:53 - 00035513 _____ C:\Users\Eileen\Downloads\Hacienda Moyano Invoice PR - 02-27-2017.pdf
2017-02-27 14:16 - 2017-02-27 14:16 - 00029444 _____ C:\Users\Eileen\Downloads\VT_Tenants_Contract.pdf
2017-02-27 14:16 - 2017-02-27 14:16 - 00029444 _____ C:\Users\Eileen\Downloads\VT_Tenants_Contract (1).pdf
2017-02-27 14:15 - 2017-02-27 14:15 - 00171760 _____ C:\Users\Eileen\Downloads\english Directions SJU (1).pdf
2017-02-27 14:14 - 2017-02-27 14:14 - 00171760 _____ C:\Users\Eileen\Downloads\english Directions SJU.pdf
2017-02-27 14:12 - 2017-02-27 14:12 - 00028681 _____ C:\Users\Eileen\Downloads\Estimate (No. 9156) from Villa Tropical, Inc..pdf
2017-02-19 16:52 - 2017-02-19 16:52 - 00002115 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-19 16:52 - 2017-02-19 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-13 14:39 - 2017-02-13 14:39 - 08925624 _____ C:\Users\Eileen\Downloads\test2016_TravelMaps.pdf
2017-02-13 14:32 - 2017-02-13 14:32 - 08929680 _____ C:\Users\Eileen\Downloads\2016_TravelMaps.pdf
2017-02-13 14:07 - 2017-02-13 14:08 - 02070243 _____ C:\Users\Eileen\Downloads\file-4.jpeg
2017-02-10 15:50 - 2017-02-10 15:50 - 00072589 _____ C:\Users\Eileen\Downloads\SikaSil-GP PDS 3.23.11.pdf
2017-02-04 21:39 - 2017-02-04 21:40 - 02061847 _____ C:\Users\Eileen\Downloads\design_guide-bosch_custom_dish_design_guide.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-02 21:13 - 2012-07-23 21:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-03-02 20:11 - 2011-05-17 07:50 - 00000000 ____D C:\ProgramData\MFAData
2017-03-02 17:15 - 2013-01-09 19:52 - 00007601 _____ C:\Users\Eileen\AppData\Local\Resmon.ResmonCfg
2017-03-02 16:32 - 2009-07-13 23:45 - 00015792 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 16:32 - 2009-07-13 23:45 - 00015792 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 16:21 - 2013-03-23 15:47 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2017-03-02 16:21 - 2013-01-21 17:39 - 00000354 _____ C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2017-03-02 16:21 - 2012-09-14 16:41 - 00000000 ____D C:\Users\Eileen\AppData\Local\Eye-Fi
2017-03-02 16:21 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-02 15:49 - 2012-07-23 21:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-02 14:32 - 2009-07-14 00:13 - 00791602 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-02 14:32 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2017-03-02 14:25 - 2011-01-04 22:10 - 00000000 ____D C:\ProgramData\Toshiba
2017-03-02 14:09 - 2016-09-21 08:11 - 00003600 _____ C:\windows\System32\Tasks\AVG EUpdate Task
2017-03-02 13:20 - 2011-05-17 07:34 - 00000000 ____D C:\Users\Eileen\AppData\Roaming\Toshiba
2017-03-02 13:20 - 2011-05-17 07:33 - 00000000 ____D C:\Users\Eileen\AppData\Local\Toshiba
2017-02-23 15:14 - 2016-04-18 07:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 20:49 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2017-02-19 16:52 - 2011-01-04 22:12 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-15 15:14 - 2012-07-23 21:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 15:14 - 2012-03-28 17:56 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 15:14 - 2011-05-24 18:40 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 15:13 - 2011-11-30 22:13 - 00000000 ____D C:\windows\system32\Macromed
2017-02-15 15:13 - 2011-01-04 22:05 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-07 14:03 - 2011-01-04 22:12 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 14:02 - 2012-05-28 04:49 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2017-01-01 13:19 - 2017-01-01 13:19 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-06-08 11:51 - 2012-06-08 11:51 - 0034764 _____ () C:\Users\Eileen\AppData\Local\dt.dat
2011-05-18 20:52 - 2011-05-18 20:52 - 0001565 _____ () C:\Users\Eileen\AppData\Local\PDLSetup.20110518.215233.txt
2011-05-18 21:26 - 2011-05-18 21:26 - 0001565 _____ () C:\Users\Eileen\AppData\Local\PDLSetup.20110518.222651.txt
2011-07-26 18:34 - 2011-07-26 18:34 - 0001564 _____ () C:\Users\Eileen\AppData\Local\PDLSetup.20110726.193412.txt
2013-01-18 13:33 - 2013-01-18 13:33 - 0001566 _____ () C:\Users\Eileen\AppData\Local\PDLSetup.20130118.133317.txt
2013-01-09 19:52 - 2017-03-02 17:15 - 0007601 _____ () C:\Users\Eileen\AppData\Local\Resmon.ResmonCfg
2011-07-18 13:58 - 2011-07-18 13:58 - 0000000 _____ () C:\Users\Eileen\AppData\Local\{244AEAD1-54F7-4066-BABE-FCF9F80494EA}
Some files in TEMP:
====================
2015-11-13 09:46 - 2015-11-13 09:47 - 2892128 _____ (AVG Technologies) C:\Users\Eileen\AppData\Local\Temp\avg-7e766562-d349-4c13-97f5-8f533047a33e.exe
2016-04-17 20:15 - 2016-02-18 12:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_081015080385.exe
2016-08-25 15:13 - 2016-07-20 13:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_081097194458.exe
2016-06-07 11:42 - 2016-04-22 09:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_081441172672.exe
2016-06-23 06:55 - 2016-05-18 07:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_081760201404.exe
2016-02-23 11:17 - 2016-01-12 16:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_082065805430.exe
2016-01-23 19:50 - 2015-11-12 16:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_082098951611.exe
2015-11-18 09:13 - 2015-10-16 13:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_08258694431.exe
2016-04-20 07:38 - 2016-03-23 15:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_08613856889.exe
2016-05-14 07:46 - 2016-04-14 16:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_0878299405.exe
2016-08-01 19:15 - 2016-06-21 17:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Eileen\AppData\Local\Temp\avguirn_08949483022.exe
2017-03-02 14:11 - 2012-09-26 20:01 - 8864168 _____ (SurfRight B.V.) C:\Users\Eileen\AppData\Local\Temp\HitmanPro.exe
2016-01-03 13:27 - 2016-01-03 13:28 - 28849904 _____ () C:\Users\Eileen\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-02 20:45
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Eileen (02-03-2017 21:53:23)
Running from C:\Users\Eileen\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-05-17 12:30:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1155948075-947392242-1488163081-500 - Administrator - Disabled)
Eileen (S-1-5-21-1155948075-947392242-1488163081-1001 - Administrator - Enabled) => C:\Users\Eileen
Guest (S-1-5-21-1155948075-947392242-1488163081-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1155948075-947392242-1488163081-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\uTorrent) (Version: 3.4.2.33870 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
ASUS Bluetooth Suite (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.60 - ASUS Communications)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.13 - Atheros Communications)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)
BrLauncher (x32 Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (x32 Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (x32 Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (x32 Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (x32 Version: 1.0.6.2 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (x32 Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Chief Architect 10.0 Full Version (HKLM-x32\...\{2B82EF41-0E63-474D-8C5F-A8EFD0FF3497}) (Version: 10.0 - ART Inc)
ControlCenter4 (x32 Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (x32 Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
CopyTrans Suite Remove Only (HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDetect (x32 Version: 1.2.1.0 - Brother Industries Ltd.) Hidden
EasyTAG 2.2.6 (HKLM-x32\...\EasyTAG) (Version: 2.2.6 - EasyTAG project)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Garmin BaseCamp (HKLM-x32\...\{B0BED0BB-E1C4-49AA-840F-7CA052ADF5EB}) (Version: 4.3.4 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2010.31 Update (HKLM-x32\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapInstall (HKLM-x32\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
gPodder version 3.8.3 (HKLM-x32\...\{ABE123A1-41D1-4917-8E1E-C7E37991B673}_is1) (Version: 3.8.3 - Thomas Perl)
GPS Track Editor (HKLM-x32\...\GpsTrackEditor) (Version: 1.14 (build 135) - MapSphere)
HowToGuide (x32 Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{626663EE-B9E6-4982-995F-02C31E84F8FC}) (Version: 2.0.29.0 - Intel Corporation)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NetworkRepairTool (x32 Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
OSM generic routable (HKLM-x32\...\OSM generic routable) (Version: - )
PC-FAXReceive (x32 Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (x32 Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
PL-2303 USB to Serial Driver (HKLM-x32\...\{4CEF9DFE-BE2F-4DD0-94DA-C402F9273278}) (Version: 1.00.0000 - Prolific)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Python 2.7 PyGTK 2.24.2 (HKLM-x32\...\{09F82967-D26B-48AC-830E-33191EC177C8}) (Version: 2.24.2 - hxxp://www.pygtk.org/)
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
RemoteSetup (x32 Version: 3.9.2.1 - Brother Industries Ltd.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.11.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.11.17.02 - RICOH)
Sansa Updater (HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
ScannerUtilityInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StatusMonitor (x32 Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 2.1.5889 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.21.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.85.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.13 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.3.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.4.12-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.5.7 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TP-LINK USB Printer Controller (HKLM-x32\...\{A72F84C1-7F66-49FB-A1AD-F48C7E82555A}) (Version: 1.12.1126 - TP-LINK)
UsbRepairTool (x32 Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {069156EA-9A0B-4016-BAA8-2E6FE07A6D29} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {14B05BE1-FC85-4EF4-8376-767C9010336A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {16C2A870-B0DD-4D89-8285-AB1FE9C855FC} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {502500F0-5ACF-4A74-87CD-81FB97909C05} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {561624AC-D6D2-47A5-9762-A82809F81388} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {778C230B-2C61-4120-BA9E-293DBE0F3AF2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {8AC961F0-C0EC-415F-B38D-CD077EFF8210} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {9176BF01-8E64-43DC-9978-AC6FC9B91CDA} - System32\Tasks\{AC2D498D-4024-47C1-905A-B205AA24EE78} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {93099466-41DE-4495-A184-1FE499070E54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {97DC0955-2BD1-4C95-B097-4C72748105BB} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {C65B221E-891D-49FA-A98B-F7FACB624A4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {EB95C0C7-3569-468D-8CD7-6B1F6F35E469} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {FB9B26CC-0148-4126-88B4-801435CCD083} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Eileen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2010-12-07 14:32 - 2010-12-07 14:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-07 14:32 - 2010-12-07 14:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-01-27 10:11 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-07-08 11:50 - 2005-04-22 13:36 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll
2017-03-02 15:49 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-02 15:49 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-12-21 21:59 - 2011-12-21 21:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 21:56 - 2011-12-21 21:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2009-02-27 16:38 - 2009-02-27 16:38 - 00139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-02-07 14:02 - 2017-02-01 04:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 14:02 - 2017-02-01 04:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-11-28 11:39 - 2016-11-28 11:39 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1155948075-947392242-1488163081-1001\...\ontario.ca -> hxxps://webmail.ontario.ca
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2013-04-23 21:44 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1155948075-947392242-1488163081-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{CB165388-84C7-4A20-995E-78413156393F}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{071B99AC-76DC-4F91-B686-24B1E77BD527}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [TCP Query User{37E4A8D3-9244-4105-9A44-DBEDDF985FDA}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{7CEAB74E-81E1-4D31-9157-38D58092CA26}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [{9C173114-C834-4F70-81AB-613CD11B97EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B8D521DE-6906-44E3-965B-B2199436D7D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{DD3A36E7-90C0-419A-B9E0-B1551B2AD2D0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{E837A759-B81D-4271-9336-804CC9C3AB9F}C:\users\eileen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eileen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{661D3EEE-B6DD-40C4-8369-757550C41A40}C:\users\eileen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eileen\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7977B794-CF45-4083-94E3-AAAF302C95B4}C:\users\eileen\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\eileen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5970E38F-6471-48CE-858D-A957EADF2E57}C:\users\eileen\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\eileen\appdata\local\akamai\netsession_win.exe
FirewallRules: [{2A9C0D3C-F6EC-4B6B-B18D-9122E46E5BAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E5DFCD2E-A9C1-44E9-AD60-87A0778631B5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8F591997-E660-4FC5-80E3-6B8925A034FC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{4A537869-8F35-4FEA-800E-EDD09FB92DD0}] => (Allow) C:\Users\Eileen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CD291AD-7E35-44F5-93F4-B545E6BF2280}] => (Allow) C:\Users\Eileen\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9A71E549-A3D1-4D51-8B04-1FE25ED776EE}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
FirewallRules: [{27CCEBCA-3AE4-4BFB-B1B5-D27C81847239}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe
FirewallRules: [{56EE5E09-701A-4145-9D1A-7ACD2F0B891E}] => (Allow) LPort=7437
FirewallRules: [TCP Query User{78B24FBD-42BC-4D8E-AC0F-5FBE162CAD44}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe] => (Block) C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe
FirewallRules: [UDP Query User{6ECE5E18-8953-4172-A6B3-218FC125AFF9}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe] => (Block) C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe
FirewallRules: [{9437042F-E9C3-44E7-8BA2-9BA7DA77E0ED}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9815EF7D-987D-4C22-9E1A-A64E6C50112E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{25D3FF08-D3B8-4F96-918E-BA8FAFAC6754}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{CDC653F4-2121-42DC-8EF9-B7453EC57218}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{14AB3F93-BE1F-4D2B-AE60-E9EFACEBF4BA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{57FC439F-B311-4398-AD1D-8D63DEC993A1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{CE7EAE6D-88F6-4BE5-BC73-0513B5A10154}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{41DF7B94-BAB4-4986-8478-A5A3FC299B5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{82C3DCA7-393C-4A6D-B42A-778DBFAEAB5F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F6B4D3A3-BD71-4E3B-8767-1AB3FA09BA2E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5F1FBB55-15F8-4571-912E-F9437D141281}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{65DB4CB7-694C-49F2-B7AA-20CBD467A9F8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2C9EA060-EC1A-4261-B756-9A14338DC701}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0D242ED2-29DF-4605-B4B5-DF198AA7C936}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2987EEE2-49D5-4FDE-8279-774211D03C78}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{147D12E0-01A4-43FF-A2BA-1C060B7535B8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D51958FA-BBE8-4C86-B6C1-A829C3E5A7ED}] => (Allow) D:\Install\wlan_wiz\.\wlan_assistant\waw.exe
FirewallRules: [{81CB0BE4-659E-406C-96D4-BE3AC2B8F77C}] => (Allow) C:\Users\Eileen\Downloads\install\wlan_wiz\.\wlan_assistant\waw.exe
FirewallRules: [{3F2A07BF-0A3C-4890-84AE-6A9A349DC7BD}] => (Allow) C:\Users\Eileen\Downloads\install\wlan_wiz\.\wlan_assistant\waw.exe
FirewallRules: [{8C6B0B81-9BD2-4442-AF52-6D7D0423FBDA}] => (Allow) C:\Users\Eileen\Downloads\install\wlan_wiz\.\wlan_assistant\waw.exe
FirewallRules: [{0F040BA0-BC26-47F4-95DD-9B7FCE6E79E6}] => (Allow) LPort=54925
FirewallRules: [{56380F65-84D5-4CCE-BC1B-D186B156647B}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{7444EBA2-9E76-45F1-A938-9563FE232DE9}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [TCP Query User{D50B919A-2FFF-4C15-A4EC-715D76B2E9C0}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [UDP Query User{7FA54F02-4301-4185-ADF1-FB0761587F2D}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{589A0CC4-0ED0-44F1-8BBC-17652EE5F666}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{0F13D528-5382-4FE6-840F-F28F8954B6A1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F951BD63-1EDA-47DE-A422-41F719CF6D6C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{22103326-CBFF-42FF-B126-3AABC50934B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{B9780D63-31ED-4564-9180-9C76BE8FEB25}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
24-01-2017 22:21:36 Scheduled Checkpoint
31-01-2017 09:49:20 Windows Update
31-01-2017 09:57:33 Windows Update
10-02-2017 08:46:32 Scheduled Checkpoint
02-03-2017 14:12:58 Removed Sonos Controller.
02-03-2017 14:20:12 Installed TOSHIBA Service Station
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/02/2017 04:22:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (03/02/2017 02:30:18 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (03/02/2017 02:02:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 20828. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (03/02/2017 02:02:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (03/02/2017 02:02:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 20828. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (03/02/2017 01:57:02 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (03/02/2017 01:48:39 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (03/02/2017 01:48:39 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.
Error: (03/02/2017 01:48:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Eileen\AppData\Local\Temp\tc00209700g.temp\TSSsetup.exe; Description = Installed TOSHIBA Service Station; Error = 0x8007043c).
Error: (03/02/2017 12:32:14 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
System errors:
=============
Error: (03/02/2017 04:23:02 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (03/02/2017 04:22:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/02/2017 04:22:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/02/2017 04:21:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
Error: (03/02/2017 04:21:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
Error: (03/02/2017 04:19:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
Error: (03/02/2017 02:29:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/02/2017 02:29:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (03/02/2017 02:29:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/02/2017 02:29:09 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.
CodeIntegrity:
===================================
Date: 2012-09-26 20:26:24.729
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-09-26 20:26:24.666
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 72%
Total physical RAM: 3999.43 MB
Available physical RAM: 1100.28 MB
Total Virtual: 7997.04 MB
Available Virtual: 4614.42 MB
==================== Drives ================================
Drive c: (TI106080W0F) (Fixed) (Total:584 GB) (Free:437.63 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: C157272B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.7 GB) - (Type=17)
==================== End of Addition.txt ============================