Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Nasty Problem [Solved]

Started by TerraceHill , Sep 14 2013 06:36 PM

This topic is locked

#1
TerraceHill

Posted 14 September 2013 - 06:36 PM

Member

Member
32 posts

Alright, well I was on deviantART (yes I believe something on dA was to blame) the other day and while looking on someone's page and my computer randomly shut off my Internet tabs, told in a white box bubble down below near the clock that there were potentially harmful programs on my computer, then all of the programs I was running were automatically shut off. I could do nothing about it. Then, my computer resarted, but I know that some viruses are activated upon restart so I just turned it off mmediately during reboot. Later I turned on the computer and it asked me to choose an operating system (which for me would be Windows 7) and I pressed enter, Win 7 being the only option, and then the computer suggested running Startup Recovery, something like that. I typed in my password, no problems getting past that screen, but when I got to my desktop sounds of strange ads and metal music started playing real loudly. An older expire trial of Avast was blocking all these weird popups. They happen on average every four or five seconds, but I am not taken to the websites because avast blocks them for me. Usually the metal/ad sounds stop after a while.

I immediately downloaded Avast! Free Antivirus once the computer was fully on. The Internet is especially slow and sometimes, often, it displays a message saying that the web page cannot be loaded or something like that. I tried to watch YouTube videos and they often won't load or cut short. I ran a full system scan with avast and it found one trojan virus the first day (Alureon-D), then a boot time scan which found two Dropper-gen [Trj]. I think other viruses were found but they were all Trojans. If there were others then there were only like 2 or 3. I rebooted and still had the same problems I have previously stated. Then I retired from trying to fix the problem for a day, and the next day ran another full system scan with avast and found 8 Trojans. I ran a boot time scan again and it didn't find anything. Then I looked at he task manager and went to processes, but I didn't see anything suspicious. Then because the problem was really stressing me out I used the computer and ignored the issues for a few days still running scans now and again.

Today the boot time scan found a Java: Agent-FIL [Trj], but was moved to chest.

Please help me, I don't want the computer to die or anything

Also, I use Windows 7 Home Premium.

Thanks in advance,

Terr

#2
gringo_pr

Posted 14 September 2013 - 07:35 PM

Trusted Helper

Malware Removal
7,268 posts

Hello TerraceHill

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Gringo

#3
TerraceHill

Posted 15 September 2013 - 09:14 PM

Member

Topic Starter
Member
32 posts

HERE IS THE SCAN RESULTS, COPIED AND PASTED AS YOU REQUESTED:
-----------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013
Ran by Olivia (administrator) on OLIVIA-PC on 15-09-2013 23:01:50
Running from C:\Users\Olivia\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip [212281 2012-03-06] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-06-06] (Google Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
HKCU\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKCU\...\Run: [VirtualStore] - rundll32 "C:\Users\Olivia\AppData\Local\Windows Live Writer\VirtualStore\sclui.dll",DllRegisterServerW <===== ATTENTION
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [DW7] - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13106328 2013-05-18] (The Weather Channel)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [DelayTSS] - C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-05-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
URLSearchHook: (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
URLSearchHook: (No Name) - {b2f96685-57eb-4e32-bbe9-d255b4cc4d70} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {34C44B18-A2BE-4BE8-8B3A-D6FC1EC80815} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {34C44B18-A2BE-4BE8-8B3A-D6FC1EC80815} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {6A9A2C21-4FD4-4E8B-B961-27BC472D2F12} URL = http://search.freeca...p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Creflo Dollar Ministries Toolbar BHO - {A9183D22-9F36-4C28-81FE-C295754EEF1D} - C:\Program Files (x86)\Creflo Dollar Ministries Toolbar\Toolbar.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.6\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.6\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {BB11DF3C-D64B-4621-AD5F-F9910320D40E} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR Extension: (Docs) - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (Skype Click to Call) - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0
CHR Extension: () - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0
CHR Extension: (Gmail) - C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-25] (Symantec Corporation)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-25] (Symantec Corporation)
R3 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-09] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-09] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-09] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-09] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259176 2011-12-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NAVx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-20] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-15 23:01 - 2013-09-15 23:01 - 00000000 ____D C:\FRST
2013-09-15 23:00 - 2013-09-15 23:00 - 01951158 _____ (Farbar) C:\Users\Olivia\Desktop\FRST64.exe
2013-09-13 14:43 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-13 14:43 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-13 14:43 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-13 14:43 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-13 14:43 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-13 14:43 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-13 14:43 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-13 14:43 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-13 14:43 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-13 14:43 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-13 14:43 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-13 14:43 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-13 14:43 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-13 14:43 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-13 14:43 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-13 14:43 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-13 14:43 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 14:42 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-13 14:42 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-13 14:42 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-13 14:42 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-13 14:42 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-13 14:42 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-12 15:58 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-12 15:58 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-12 15:57 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-12 15:57 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-12 15:57 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-12 15:57 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-12 15:57 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-12 15:57 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-12 15:57 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-12 15:57 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-12 15:57 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-12 15:57 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-12 15:57 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-12 15:57 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-12 15:57 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-12 15:57 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-12 15:57 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-12 15:57 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-12 15:57 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-12 15:57 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-12 15:57 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-12 15:57 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 15:57 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 15:57 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-12 15:57 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-12 15:57 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-12 15:57 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-11 22:47 - 2013-09-15 22:48 - 00002964 _____ C:\windows\System32\Tasks\ReclaimerUpdateXML_Olivia
2013-09-11 22:47 - 2013-09-15 22:48 - 00000370 _____ C:\windows\Tasks\ReclaimerUpdateXML_Olivia.job
2013-09-11 22:47 - 2013-09-15 22:35 - 00000380 _____ C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Olivia.job
2013-09-11 22:47 - 2013-09-15 22:23 - 00000374 _____ C:\windows\Tasks\ReclaimerUpdateFiles_Olivia.job
2013-09-11 22:47 - 2013-09-13 21:59 - 00002968 _____ C:\windows\System32\Tasks\ReclaimerUpdateFiles_Olivia
2013-09-11 22:47 - 2013-09-11 22:47 - 00003618 _____ C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Olivia
2013-09-11 22:47 - 2013-09-11 22:47 - 00002672 _____ C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Olivia
2013-09-11 12:25 - 2013-09-11 12:26 - 00262144 _____ C:\windows\Minidump\091113-47424-01.dmp
2013-09-11 03:39 - 2013-09-11 03:39 - 00001933 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-11 03:26 - 2013-09-11 03:26 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-09-11 03:26 - 2013-09-11 03:26 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-09-08 23:04 - 2013-09-08 23:04 - 00000000 ____D C:\Users\Olivia\Documents\Adobe
2013-09-08 19:34 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-09-08 19:34 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-09-08 19:34 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-09-08 19:34 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-09-08 19:34 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-09-08 19:34 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-09-08 19:34 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-09-08 19:34 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-09-08 19:34 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-09-08 19:34 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-09-08 19:34 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-09-08 19:34 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-09-08 19:34 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-09-08 19:34 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-09-08 19:25 - 2013-09-14 19:08 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-09-02 18:38 - 2013-09-06 03:14 - 00000000 ____D C:\Users\Olivia\Desktop\Light Fire Adoption Center
2013-08-30 03:02 - 2013-08-30 03:03 - 00000000 ____D C:\06159a860f4fe9145a4d703aacaad2

==================== One Month Modified Files and Folders =======

2013-09-15 23:01 - 2013-09-15 23:01 - 00000000 ____D C:\FRST
2013-09-15 23:00 - 2013-09-15 23:00 - 01951158 _____ (Farbar) C:\Users\Olivia\Desktop\FRST64.exe
2013-09-15 22:58 - 2012-06-06 11:33 - 01360275 _____ C:\windows\WindowsUpdate.log
2013-09-15 22:48 - 2013-09-11 22:47 - 00002964 _____ C:\windows\System32\Tasks\ReclaimerUpdateXML_Olivia
2013-09-15 22:48 - 2013-09-11 22:47 - 00000370 _____ C:\windows\Tasks\ReclaimerUpdateXML_Olivia.job
2013-09-15 22:41 - 2012-06-06 12:36 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-15 22:41 - 2012-06-06 12:36 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-15 22:36 - 2012-08-17 19:05 - 00000000 ____D C:\Users\Olivia\AppData\Local\Windows Live
2013-09-15 22:35 - 2013-09-11 22:47 - 00000380 _____ C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Olivia.job
2013-09-15 22:35 - 2012-09-05 21:51 - 00000000 ____D C:\Users\Olivia\Tracing
2013-09-15 22:35 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-09-15 22:34 - 2012-07-18 20:57 - 00000000 ___RD C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-15 22:34 - 2012-07-18 20:57 - 00000000 ___RD C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-15 22:34 - 2012-06-06 11:38 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-15 22:28 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-15 22:28 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-15 22:27 - 2009-07-14 00:51 - 00056731 _____ C:\windows\setupact.log
2013-09-15 22:23 - 2013-09-11 22:47 - 00000374 _____ C:\windows\Tasks\ReclaimerUpdateFiles_Olivia.job
2013-09-15 22:23 - 2012-12-28 01:19 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-15 15:43 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-14 19:08 - 2013-09-08 19:25 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-09-14 19:05 - 2009-07-14 01:08 - 00032568 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-09-14 19:04 - 2009-07-14 00:45 - 00315544 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-14 16:16 - 2012-06-06 11:38 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-13 21:59 - 2013-09-11 22:47 - 00002968 _____ C:\windows\System32\Tasks\ReclaimerUpdateFiles_Olivia
2013-09-13 15:23 - 2013-05-18 14:23 - 00003344 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1147979992-2349924293-2197084131-1000
2013-09-13 15:23 - 2013-05-18 14:23 - 00003212 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1147979992-2349924293-2197084131-1000
2013-09-13 15:20 - 2012-12-28 01:19 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 15:20 - 2012-04-25 21:04 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 15:20 - 2012-04-25 21:04 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 14:41 - 2012-07-18 21:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-13 14:41 - 2012-06-06 12:33 - 00796420 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-09-11 22:47 - 2013-09-11 22:47 - 00003618 _____ C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Olivia
2013-09-11 22:47 - 2013-09-11 22:47 - 00002672 _____ C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Olivia
2013-09-11 19:46 - 2013-05-18 14:19 - 00000000 ____D C:\ProgramData\Real
2013-09-11 12:26 - 2013-09-11 12:25 - 00262144 _____ C:\windows\Minidump\091113-47424-01.dmp
2013-09-11 12:25 - 2013-05-19 06:49 - 720871793 _____ C:\windows\MEMORY.DMP
2013-09-11 12:25 - 2013-05-19 06:49 - 00000000 ____D C:\windows\Minidump
2013-09-11 06:52 - 2013-01-15 22:16 - 00000000 ____D C:\Users\Test
2013-09-11 06:49 - 2013-06-18 15:34 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanctumOfEventide
2013-09-11 06:49 - 2013-01-11 06:05 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creflo Dollar Ministries Toolbar
2013-09-11 06:49 - 2012-08-27 22:29 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-11 06:49 - 2012-08-04 02:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-11 06:49 - 2012-08-04 02:47 - 00000000 ____D C:\ProgramData\Skype
2013-09-11 06:49 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2013-09-11 06:49 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-11 06:46 - 2012-07-18 21:01 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\SoftGrid Client
2013-09-11 03:39 - 2013-09-11 03:39 - 00001933 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-11 03:39 - 2012-07-27 03:09 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-09-11 03:27 - 2013-06-14 21:52 - 00000359 _____ C:\prefs.js
2013-09-11 03:26 - 2013-09-11 03:26 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-09-11 03:26 - 2013-09-11 03:26 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-09-11 03:24 - 2012-07-18 20:54 - 00000000 ____D C:\Users\Olivia
2013-09-10 00:55 - 2013-07-10 21:11 - 00000000 ____D C:\Users\Olivia\Desktop\Wolves of Ayaruk MAP
2013-09-10 00:39 - 2013-06-16 02:56 - 00000000 ____D C:\Users\Olivia\Desktop\My Art 2013
2013-09-09 21:10 - 2012-07-27 00:58 - 00000000 ____D C:\Users\Olivia\AppData\Local\CrashDumps
2013-09-09 03:23 - 2009-07-14 01:13 - 00794094 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-09 02:46 - 2010-11-20 23:47 - 00022392 _____ C:\windows\PFRO.log
2013-09-08 23:04 - 2013-09-08 23:04 - 00000000 ____D C:\Users\Olivia\Documents\Adobe
2013-09-08 22:59 - 2012-04-25 21:04 - 00000000 ____D C:\windows\SysWOW64\Macromed
2013-09-08 22:59 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Sysprep
2013-09-08 22:58 - 2013-08-05 23:07 - 00000000 ____D C:\Users\Olivia\Documents\Image-Line
2013-09-08 22:57 - 2012-11-02 21:53 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-09-08 22:57 - 2012-04-25 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-08 22:54 - 2013-07-18 01:47 - 00000000 ____D C:\Users\Olivia\Documents\Ancient Archives
2013-09-08 22:54 - 2013-05-18 14:21 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Real
2013-09-08 22:54 - 2012-08-04 02:47 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Skype
2013-09-08 22:52 - 2012-07-18 23:20 - 00000000 __RHD C:\MSOCache
2013-09-08 20:04 - 2012-07-18 20:58 - 00000000 ____D C:\Users\Olivia\AppData\Local\Google
2013-09-07 20:37 - 2013-07-22 23:29 - 00000000 ____D C:\Users\Olivia\Documents\Concepts and Art
2013-09-06 03:14 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Olivia\Desktop\Light Fire Adoption Center
2013-08-30 03:48 - 2013-07-17 00:22 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-08-30 03:48 - 2013-07-17 00:22 - 00033400 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-08-30 03:48 - 2013-07-17 00:21 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-08-30 03:48 - 2013-07-17 00:21 - 00204880 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-08-30 03:48 - 2013-07-17 00:21 - 00080816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-08-30 03:48 - 2013-07-17 00:21 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-08-30 03:48 - 2013-07-17 00:21 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-08-30 03:48 - 2013-07-17 00:21 - 00064288 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-08-30 03:48 - 2013-07-17 00:21 - 00022600 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2013-08-30 03:47 - 2013-07-17 00:20 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-08-30 03:47 - 2012-07-27 03:09 - 00287840 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-08-30 03:03 - 2013-08-30 03:02 - 00000000 ____D C:\06159a860f4fe9145a4d703aacaad2

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1147979992-2349924293-2197084131-1000\$9d285f33747d76752b1c779d2e0bb43d

Some content of TEMP:
====================
C:\Users\Olivia\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Olivia\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Olivia\AppData\Local\Temp\EAD1008.exe
C:\Users\Olivia\AppData\Local\Temp\EAD1409.exe
C:\Users\Olivia\AppData\Local\Temp\EAD1FBF.exe
C:\Users\Olivia\AppData\Local\Temp\EAD2AB7.exe
C:\Users\Olivia\AppData\Local\Temp\EAD3AFD.exe
C:\Users\Olivia\AppData\Local\Temp\EAD3BC8.exe
C:\Users\Olivia\AppData\Local\Temp\EAD400B.exe
C:\Users\Olivia\AppData\Local\Temp\EAD4078.exe
C:\Users\Olivia\AppData\Local\Temp\EAD4874.exe
C:\Users\Olivia\AppData\Local\Temp\EAD4E7C.exe
C:\Users\Olivia\AppData\Local\Temp\EAD5BDF.exe
C:\Users\Olivia\AppData\Local\Temp\EAD6AE2.exe
C:\Users\Olivia\AppData\Local\Temp\EAD7158.exe
C:\Users\Olivia\AppData\Local\Temp\EAD74A2.exe
C:\Users\Olivia\AppData\Local\Temp\EAD7B18.exe
C:\Users\Olivia\AppData\Local\Temp\EAD8334.exe
C:\Users\Olivia\AppData\Local\Temp\EAD8AC1.exe
C:\Users\Olivia\AppData\Local\Temp\EAD8E4B.exe
C:\Users\Olivia\AppData\Local\Temp\EADA07A.exe
C:\Users\Olivia\AppData\Local\Temp\EADA39E.exe
C:\Users\Olivia\AppData\Local\Temp\EADA572.exe
C:\Users\Olivia\AppData\Local\Temp\EADA6BB.exe
C:\Users\Olivia\AppData\Local\Temp\EADB05A.exe
C:\Users\Olivia\AppData\Local\Temp\EADB81D.exe
C:\Users\Olivia\AppData\Local\Temp\EADB846.exe
C:\Users\Olivia\AppData\Local\Temp\EADC0AF.exe
C:\Users\Olivia\AppData\Local\Temp\EADD1FE.exe
C:\Users\Olivia\AppData\Local\Temp\EADDD72.exe
C:\Users\Olivia\AppData\Local\Temp\EADE6F4.exe
C:\Users\Olivia\AppData\Local\Temp\EADEAF.exe
C:\Users\Olivia\AppData\Local\Temp\EADEDC7.exe
C:\Users\Olivia\AppData\Local\Temp\EADEE25.exe
C:\Users\Olivia\AppData\Local\Temp\EADF0F2.exe
C:\Users\Olivia\AppData\Local\Temp\EADF22A.exe
C:\Users\Olivia\AppData\Local\Temp\EADF65F.exe
C:\Users\Olivia\AppData\Local\Temp\EADFE6B.exe
C:\Users\Olivia\AppData\Local\Temp\EADFE7B.exe
C:\Users\Olivia\AppData\Local\Temp\EBU374A.exe
C:\Users\Olivia\AppData\Local\Temp\EBU4906.DLL
C:\Users\Olivia\AppData\Local\Temp\EBU8F29.exe
C:\Users\Olivia\AppData\Local\Temp\EBUA191.exe
C:\Users\Olivia\AppData\Local\Temp\FastFreeConverter_Somoto.exe
C:\Users\Olivia\AppData\Local\Temp\HC2SetupPvt.exe
C:\Users\Olivia\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Olivia\AppData\Local\Temp\install_flashplayer11x32ax_chrd_aih.exe
C:\Users\Olivia\AppData\Local\Temp\lowproc.exe
C:\Users\Olivia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Olivia\AppData\Local\Temp\stubhelper.dll
C:\Users\Olivia\AppData\Local\Temp\stub_441.exe
C:\Users\Olivia\AppData\Local\Temp\The_Weather_Channel_Application.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-13 04:39

==================== End Of Log ============================

-------------------------------------------------------------------------------------

And I'm not sure if you meant to 'attach' the addition file or just paste it into my reply, because you also said not to 'attach' files. umm... i'll just copy and paste it then..?

-------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013
Ran by Olivia at 2013-09-15 23:02:46
Running from C:\Users\Olivia\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0)
Adobe Photoshop.com Inspiration Browser (x32 Version: 2.61)
Adobe Premiere Elements 7.0 (x32 Version: 7.0)
Adobe Premiere Elements 7.0 Templates (x32 Version: 7.0.0)
Adobe Reader X (10.1.6) MUI (x32 Version: 10.1.6)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.12.13)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Celtx (2.9.7) (x32 Version: 2.9.7 (en-US))
Corel Painter Essentials 4 (x32 Version: 4.2)
Corel Painter Essentials 4 (x32)
Creflo Dollar Ministries Toolbar (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
EA Download Manager (x32 Version: 5.0.0.255)
FL Studio 11 (x32)
FlowStone FL 3.0 (x32)
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (x32 Version: 29.0.1547.66)
Google Drive (x32 Version: 1.11.4865.2530)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
HyperCam 2 (x32 Version: 2.27.01)
IL Download Manager (x32)
IL Shared Libraries (x32)
Intel PROSet Wireless
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel® Management Engine Components (x32 Version: 8.0.1.1399)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2712)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® WiDi (x32 Version: 3.0.12.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0708)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
Java Auto Updater (x32 Version: 2.0.4.1)
Java™ 6 Update 25 (x32 Version: 6.0.250)
join.me (HKCU Version: 1.9.2.216)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Last Moon 0.3 (HKCU Version: 0.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft Zoo Tycoon (x32)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Norton AntiVirus (x32 Version: 19.8.0.14)
Photo Gallery (x32 Version: 16.4.3505.0912)
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6581)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29006)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090)
SRS Premium Sound Control Panel (Version: 1.12.1100)
Synaptics Pointing Device Driver (Version: 15.3.41.7)
The Sims™ 3 (x32 Version: 1.0.631)
The Weather Channel App (x32)
TOSHIBA Application Installer (x32 Version: 9.0.1.2)
TOSHIBA Assist (x32 Version: 4.2.3.1)
Toshiba Book Place (x32 Version: 3.0.9490)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.10.64)
TOSHIBA Face Recognition (Version: 3.1.18.64)
TOSHIBA Face Recognition (x32 Version: 3.1.18.64)
TOSHIBA Hardware Setup (x32 Version: 2.1.0.8)
TOSHIBA HDD Protection (Version: 2.2.2.15)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.5)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Quality Application (x32 Version: 1.0.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2004)
Toshiba Security Dashboard (x32 Version: 1.0.0.48)
TOSHIBA Service Station (x32 Version: 2.3.0)
TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104)
TOSHIBA Supervisor Password (x32 Version: 2.1.0.3)
TOSHIBA User's Guide (x32 Version: 1.00.02)
TOSHIBA Value Added Package (Version: 1.6.0022.640207)
TOSHIBA Value Added Package (x32 Version: 1.6.0022.640207)
TOSHIBA VIDEO PLAYER (Version: 5.0.0.22-A)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33)
TOSHIBA Wireless Display Monitor (x32 Version: 1.0.1)
TOSHIBARegistration (x32 Version: 1.0.9)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
YTD Toolbar v7.6 (x32 Version: 7.6)
YTD Video Downloader 4.0 (x32 Version: 4.0)
Zoo Tycoon 2 Endangered Species Trial (x32)
Zoo Tycoon 2 Trial Version (x32 Version: 1.0)

==================== Restore Points =========================

08-09-2013 23:36:20 avast! Internet Security Setup
08-09-2013 23:41:25 Windows Defender Checkpoint
09-09-2013 07:07:03 Windows Update
09-09-2013 23:41:53 avast! Free Antivirus Setup
11-09-2013 07:36:30 avast! Free Antivirus Setup
12-09-2013 19:08:46 Windows Update
13-09-2013 18:22:28 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {06755DD9-9A98-4461-A23D-5D15E093BEAC} - System32\Tasks\{666AAAFE-E1E5-4E8B-BB57-DC93BC5BC5B0} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe [2005-09-28] (Microsoft Corporation)
Task: {08A7874C-C109-4A99-8142-CD909A879916} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {15D65F48-E748-41B2-B32E-C73F46C4537E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {188B6BBB-B80F-43BB-AD2D-C83D59BD5588} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {3B78AB4C-6BA6-45B5-AF89-F929293F8902} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {47BC3D2B-D911-460E-BF62-DFAC5958FD57} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {4A186BED-2801-4ACA-A746-C027FD8647D7} - System32\Tasks\RNUpgradeHelperResumePrompt_Olivia => C:\Users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-11] (RealNetworks, Inc.)
Task: {5943FA42-E3A4-4320-B59E-D07B182AD612} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {5CB505C0-A007-47CE-A671-27DC3C4A2E00} - System32\Tasks\RNUpgradeHelperLogonPrompt_Olivia => C:\Users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-11] (RealNetworks, Inc.)
Task: {7020A2E1-D391-4DC8-BFB1-A68B8A7513F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {727FCAE6-021B-46E0-B5C3-0B873310BFB9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1147979992-2349924293-2197084131-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7DC9D8E9-4F73-4364-BDBF-DCFE73E744A1} - System32\Tasks\{A6A2231A-E4F1-469C-A60C-DA08CAE56EBD} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe [2005-09-28] (Microsoft Corporation)
Task: {85992F55-F0A6-4242-AC94-00152F359B4D} - System32\Tasks\ReclaimerUpdateXML_Olivia => C:\Users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-11] (RealNetworks, Inc.)
Task: {87CEBCD6-9295-43F3-BE91-28203AC21791} - System32\Tasks\{AA2F28B4-1054-4D73-A549-E43896BA165A} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe [2004-11-01] (Microsoft Corporation)
Task: {8D6083F0-992D-4517-A079-5EE0CD7AA14B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\WSCStub.exe [2012-08-09] (Symantec Corporation)
Task: {A02E2493-2F06-4C08-86F0-719D828F567F} - System32\Tasks\{7B9C76CF-8986-48DB-9746-0AD5942C994B} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe [2004-11-01] (Microsoft Corporation)
Task: {AF3F1B44-5C56-4D23-822B-81605DDB6618} - System32\Tasks\ReclaimerUpdateFiles_Olivia => C:\Users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-11] (RealNetworks, Inc.)
Task: {B3BD013D-6779-4AE3-9601-0DBA64A42EAE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {B66E581E-FC42-44B1-8E56-15B918659EED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B7D4369D-C39A-4D7E-8FBC-CD4797C89EFA} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {C0C8CD09-7E1A-4D6B-8ACE-EEA0225E6DDD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1147979992-2349924293-2197084131-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D027C516-2577-4313-9D2D-D9886F8D10C8} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {D02E00BD-A1CF-48F2-975D-08A97E805E91} - System32\Tasks\{20458206-3846-4981-A082-08E2006E7268} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe [2004-11-01] (Microsoft Corporation)
Task: {D14DFA03-EC7A-4B4E-BB91-4BBB2CFA7FBA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {E2DC9FA9-D27D-455B-97B5-ECC4C49C2B1B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {E3FAB584-1B20-46D2-8343-2E1EDF6583CA} - System32\Tasks\{11910D26-1D24-424D-8BDB-603662A25BD9} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe [2004-11-01] (Microsoft Corporation)
Task: {E7C0B068-A9E0-4F1B-A997-D2B54AE92B53} - System32\Tasks\{7115E37A-9A13-4644-8C83-27472F37097B} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe [2004-11-01] (Microsoft Corporation)
Task: {F1002F91-9EE8-4417-A7C5-DE718CBA4830} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Olivia.job => C:\Users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Olivia.job => C:\Users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Olivia.job => C:\Users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-09-02 13:03 - 2013-09-02 13:03 - 00144192 _____ (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx166.dll
2009-07-13 20:18 - 2009-07-13 21:38 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\imaadp32.acm
2009-07-13 20:18 - 2009-07-13 21:38 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\msg711.acm
2009-07-13 20:18 - 2009-07-13 21:38 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\msgsm32.acm
2009-07-13 20:18 - 2009-07-13 21:38 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\msadp32.acm
2009-07-13 20:22 - 2009-07-13 21:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-12-29 23:23 - 2012-12-29 23:23 - 00244696 _____ (Microsoft Corporation) C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
2012-12-29 23:23 - 2012-12-29 23:23 - 00661448 _____ (Microsoft Corporation) C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll
2012-12-29 23:23 - 2012-12-29 23:23 - 00828872 _____ (Microsoft Corporation) C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll
2012-09-23 18:56 - 2012-06-15 22:31 - 01033680 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine64\19.8.0.14\ccL110U.dll
2012-09-23 18:56 - 2012-06-15 22:24 - 00113616 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine64\19.8.0.14\ccVrTrst.dll
2012-09-23 18:56 - 2012-05-21 21:37 - 00113104 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine64\19.8.0.14\EFACli64.dll
2012-09-23 18:56 - 2012-06-15 22:24 - 00469456 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine64\19.8.0.14\ccSet.dll
2012-09-23 18:57 - 2012-08-09 23:18 - 00165784 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine64\19.8.0.14\NavShExt.dll
2012-02-24 20:11 - 2012-02-24 20:11 - 00421648 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2012-02-24 20:11 - 2012-02-24 20:11 - 00229648 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2011-12-16 02:16 - 2011-12-16 02:16 - 00156608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
2011-12-16 02:16 - 2011-12-16 02:16 - 00153024 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
2011-12-27 14:28 - 2011-12-27 14:28 - 00306688 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
2011-09-23 01:21 - 2011-09-23 01:21 - 00266688 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
2011-12-27 14:28 - 2011-12-27 14:28 - 00340992 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
2011-09-23 01:24 - 2011-09-23 01:24 - 00061376 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
2011-09-23 01:23 - 2011-09-23 01:23 - 00278480 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll
2011-09-23 01:20 - 2011-09-23 01:20 - 00268224 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
2011-09-23 01:22 - 2011-09-23 01:22 - 00273856 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
2011-09-23 01:25 - 2011-09-23 01:25 - 00268224 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
2011-09-23 01:22 - 2011-09-23 01:22 - 00266688 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
2011-05-17 17:35 - 2011-05-17 17:35 - 00270784 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TScreen.dll
2012-02-05 17:39 - 2012-02-05 17:39 - 00112512 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
2012-02-05 17:39 - 2012-02-05 17:39 - 00269184 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
2011-08-22 18:19 - 2011-08-22 18:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00265016 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll
2011-07-21 23:43 - 2011-07-21 23:43 - 00299904 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\ButtonSupport\TBSMain.dll
2012-01-10 18:13 - 2012-01-10 18:13 - 00097664 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\Brightness.dll
2011-08-08 19:58 - 2011-08-08 19:58 - 00185728 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
2012-01-17 14:13 - 2012-01-17 14:13 - 00592816 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5_2.dll
2010-12-02 22:50 - 2010-12-02 22:50 - 00044920 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\SmoothView.dll
2008-07-14 13:35 - 2008-07-14 13:35 - 00107832 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2012-02-06 18:53 - 2012-02-06 18:53 - 00123264 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\Touchpad.dll
2011-01-20 18:13 - 2011-01-20 18:13 - 00091000 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\Mute.dll
2011-04-06 15:01 - 2011-04-06 15:01 - 00381360 _____ (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
2011-11-16 16:15 - 2011-11-16 16:15 - 00080288 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
2011-11-24 16:20 - 2011-11-24 16:20 - 00593856 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2011-11-24 16:20 - 2011-11-24 16:20 - 00089536 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHci.dll
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-07-27 18:45 - 2011-07-27 18:45 - 03411376 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2011-06-28 14:30 - 2011-06-28 14:30 - 00067496 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\ReelTimeRemoteStorage.dll
2011-06-28 14:30 - 2011-06-28 14:30 - 00385960 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\DataProcess.dll
2012-05-10 14:20 - 2012-05-10 14:20 - 00286208 _____ (Intel Corporation) C:\windows\system32\igfxrENU.lrc
2012-03-26 20:33 - 2012-03-26 20:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-06-06 12:15 - 2011-11-21 18:32 - 00061824 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\PluginLib.dll
2012-06-06 12:15 - 2011-11-21 18:32 - 00023936 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\libTMachInfo.dll
2012-06-06 12:15 - 2011-11-21 18:13 - 00068096 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll
2012-06-06 12:15 - 2011-11-21 18:13 - 00087552 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\PCHealthInfo.dll
2012-06-06 12:15 - 2011-11-21 18:13 - 00096768 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll
2012-06-06 12:15 - 2011-11-21 18:31 - 00024448 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\FilterLib.dll
2011-11-25 21:51 - 2011-11-25 21:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-11-25 21:53 - 2011-11-25 21:53 - 00265656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2013-09-13 15:20 - 2013-09-13 15:20 - 00529288 _____ (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.dll
2012-09-23 18:57 - 2012-06-15 22:31 - 00678352 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccL110U.dll
2012-09-23 18:57 - 2012-06-15 22:24 - 00085456 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccVrTrst.dll
2012-09-23 18:57 - 2012-05-21 21:37 - 00085968 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\EFACli.dll
2012-09-23 18:57 - 2012-06-15 22:24 - 00146896 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvc.dll
2012-09-23 18:57 - 2012-07-05 22:17 - 00419808 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\srtsp32.dll
2012-09-23 18:57 - 2012-06-15 22:24 - 00161232 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccIPC.dll
2012-09-23 18:57 - 2012-08-09 23:14 - 00419224 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\NPCTRAY.DLL
2012-09-23 18:56 - 2012-08-09 23:14 - 00698264 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\NPCStats.dll
2012-09-23 18:57 - 2012-06-15 22:24 - 00323024 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSet.dll
2012-09-23 18:56 - 2012-08-09 23:13 - 00418712 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\AVPAPP32.DLL
2012-09-23 18:56 - 2012-08-09 23:14 - 01220504 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\isDataPr.dll
2012-09-23 18:57 - 2012-06-15 22:24 - 00396752 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\CCJOBMGR.DLL
2012-09-23 18:57 - 2011-12-12 01:38 - 02760120 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\SYMHTML.DLL
2012-09-23 18:57 - 2012-08-09 23:13 - 00472984 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\AVIfc.dll
2012-09-23 18:57 - 2012-07-03 20:03 - 00365040 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\cltPE.dll
2012-09-23 18:56 - 2012-07-03 20:03 - 01553904 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\CLTALDIS.DLL
2012-09-23 18:57 - 2012-07-03 20:03 - 00962544 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\MUI\19.8.0.14\09\01\cltRes.loc
2012-09-23 18:56 - 2012-08-09 23:14 - 00370072 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\FWSESAL.DLL
2012-09-23 18:56 - 2012-08-09 23:14 - 00409496 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\naHelper.dll
2012-09-23 18:56 - 2012-07-03 20:03 - 00790512 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\cltLMS.dll
2012-09-23 18:57 - 2012-03-09 08:38 - 00169912 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\SDKCMN.DLL
2012-09-23 18:57 - 2012-06-15 22:24 - 00292816 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccGEvt.dll
2012-09-23 18:57 - 2012-08-09 23:14 - 00731544 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\UIALERT.DLL
2012-09-23 18:57 - 2012-05-25 17:10 - 00052120 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.8.0.14\USERCTXT.DLL
2013-09-02 13:03 - 2013-09-02 13:03 - 00117568 _____ (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth166.dll
2012-10-20 00:43 - 2012-10-20 00:43 - 00103424 _____ (Microsoft Corporation) C:\Users\Olivia\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsres.dll.mui
2013-01-14 04:03 - 2013-01-14 04:03 - 00306176 _____ (Microsoft Corporation) C:\Users\Olivia\AppData\Local\Windows Live Writer\VirtualStore\sclui.dll
2013-09-13 15:20 - 2013-09-13 15:20 - 16244616 ____R (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_174.ocx
2012-09-23 18:57 - 2012-06-20 21:26 - 00210400 ____R (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
2012-06-06 12:43 - 2011-07-25 14:15 - 00888248 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20110726.001\Scxpx86.dll
2011-11-03 17:31 - 2011-11-03 17:31 - 00534400 _____ (<TOSHIBA>) C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
2009-07-13 20:07 - 2009-07-13 21:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm

==================== Alternate Data Streams (whitelisted) ==========

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 10:37:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4ee83cbe
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xe18
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (09/15/2013 09:47:53 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (09/15/2013 03:45:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 07:05:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 07:04:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 07:00:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 06:59:39 PM) (Source: Application Virtualization Client) (User: )
Description: The Application Virtualization Core Service could not be start because the system has not been rebooted yet.

Error: (09/13/2013 02:42:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16660, time stamp: 0x51f1c70c
Faulting module name: wthx166.dll, version: 7.6.0.2, time stamp: 0x522461f0
Exception code: 0xc0000005
Fault offset: 0x00000000000093b9
Faulting process id: 0x1534
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/13/2013 02:08:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4ee83cbe
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0xf08
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (09/13/2013 02:05:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/15/2013 10:38:02 PM) (Source: DCOM) (User: )
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (09/15/2013 10:37:49 PM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/15/2013 10:34:26 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a64\??\C:\Users\Olivia\AppData\Local\Microsoft\Windows\UsrClass.dat

Error: (09/15/2013 10:24:08 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (09/15/2013 10:23:38 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

Error: (09/15/2013 03:42:24 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:17:53 PM on ‎9/‎14/‎2013 was unexpected.

Error: (09/14/2013 07:07:33 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (09/14/2013 07:06:32 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056

Error: (09/14/2013 07:06:32 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error:
%%1056

Error: (09/14/2013 07:05:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (09/15/2013 10:37:24 PM) (Source: Application Error)(User: )
Description: TPCHSrv.exe1.0.0.174ee83cbentdll.dll6.1.7601.1822951fb164ac000037400000000000c4102e1801ceb2859f950c11C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dllead4f002-1e78-11e3-bee8-00266c1abcc6

Error: (09/15/2013 09:47:53 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (09/15/2013 03:45:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 07:05:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 07:04:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 07:00:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2013 06:59:39 PM) (Source: Application Virtualization Client)(User: )
Description:

Error: (09/13/2013 02:42:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1666051f1c70cwthx166.dll7.6.0.2522461f0c000000500000000000093b9153401ceb0ac06110b2cC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx166.dll2d9de06b-1ca4-11e3-bd25-00266c1abcc6

Error: (09/13/2013 02:08:08 PM) (Source: Application Error)(User: )
Description: TPCHSrv.exe1.0.0.174ee83cbentdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f2f0801ceb0ac1d3f51b7C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dll715953ac-1c9f-11e3-bd25-00266c1abcc6

Error: (09/13/2013 02:05:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2013-09-15 22:54:18.870
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-15 22:34:55.090
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-15 15:43:14.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-14 19:04:10.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-14 18:58:15.209
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-13 14:04:43.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-12 17:04:39.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-12 16:53:27.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-12 16:06:15.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-12 15:57:43.995
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 6063.3 MB
Available physical RAM: 3665.13 MB
Total Pagefile: 12124.79 MB
Available Pagefile: 9334.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106411W0E) (Fixed) (Total:682.74 GB) (Free:577.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 9FEAA357)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

==================== End Of Log ============================

-------------------------

Let me know if I did all that right and the way you asked for it.

Also, may I ask you a question? What kind of virus is mainly responsible for all this stuff? Maybe you can't answer that yet, but I'd love to know. Thank you for helping me out, it means a lot to me, you probably don't even know how much..

#4
gringo_pr

Posted 15 September 2013 - 09:27 PM

Trusted Helper

Malware Removal
7,268 posts

Hello TerraceHill

I need you to download this script I have made for you -->

fixlist.txt 2.46KB 140 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Gringo

#5
TerraceHill

Posted 15 September 2013 - 09:46 PM

Member

Topic Starter
Member
32 posts

HERE IT IS:
------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013
Ran by Olivia at 2013-09-15 23:44:32 Run:1
Running from C:\Users\Olivia\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Olivia\AppData\Local\Windows Live Writer\VirtualStore\sclui.dll
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Common Files\Spigot
HKCU\...\Run: [VirtualStore] - rundll32 "C:\Users\Olivia\AppData\Local\Windows Live Writer\VirtualStore\sclui.dll",DllRegisterServerW <===== ATTENTION
C:\$Recycle.Bin\S-1-5-21-1147979992-2349924293-2197084131-1000\$9d285f33747d76752b1c779d2e0bb43d
C:\Users\Olivia\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Olivia\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Olivia\AppData\Local\Temp\EAD1008.exe
C:\Users\Olivia\AppData\Local\Temp\EAD1409.exe
C:\Users\Olivia\AppData\Local\Temp\EAD1FBF.exe
C:\Users\Olivia\AppData\Local\Temp\EAD2AB7.exe
C:\Users\Olivia\AppData\Local\Temp\EAD3AFD.exe
C:\Users\Olivia\AppData\Local\Temp\EAD3BC8.exe
C:\Users\Olivia\AppData\Local\Temp\EAD400B.exe
C:\Users\Olivia\AppData\Local\Temp\EAD4078.exe
C:\Users\Olivia\AppData\Local\Temp\EAD4874.exe
C:\Users\Olivia\AppData\Local\Temp\EAD4E7C.exe
C:\Users\Olivia\AppData\Local\Temp\EAD5BDF.exe
C:\Users\Olivia\AppData\Local\Temp\EAD6AE2.exe
C:\Users\Olivia\AppData\Local\Temp\EAD7158.exe
C:\Users\Olivia\AppData\Local\Temp\EAD74A2.exe
C:\Users\Olivia\AppData\Local\Temp\EAD7B18.exe
C:\Users\Olivia\AppData\Local\Temp\EAD8334.exe
C:\Users\Olivia\AppData\Local\Temp\EAD8AC1.exe
C:\Users\Olivia\AppData\Local\Temp\EAD8E4B.exe
C:\Users\Olivia\AppData\Local\Temp\EADA07A.exe
C:\Users\Olivia\AppData\Local\Temp\EADA39E.exe
C:\Users\Olivia\AppData\Local\Temp\EADA572.exe
C:\Users\Olivia\AppData\Local\Temp\EADA6BB.exe
C:\Users\Olivia\AppData\Local\Temp\EADB05A.exe
C:\Users\Olivia\AppData\Local\Temp\EADB81D.exe
C:\Users\Olivia\AppData\Local\Temp\EADB846.exe
C:\Users\Olivia\AppData\Local\Temp\EADC0AF.exe
C:\Users\Olivia\AppData\Local\Temp\EADD1FE.exe
C:\Users\Olivia\AppData\Local\Temp\EADDD72.exe
C:\Users\Olivia\AppData\Local\Temp\EADE6F4.exe
C:\Users\Olivia\AppData\Local\Temp\EADEAF.exe
C:\Users\Olivia\AppData\Local\Temp\EADEDC7.exe
C:\Users\Olivia\AppData\Local\Temp\EADEE25.exe
C:\Users\Olivia\AppData\Local\Temp\EADF0F2.exe
C:\Users\Olivia\AppData\Local\Temp\EADF22A.exe
C:\Users\Olivia\AppData\Local\Temp\EADF65F.exe
C:\Users\Olivia\AppData\Local\Temp\EADFE6B.exe
C:\Users\Olivia\AppData\Local\Temp\EADFE7B.exe
C:\Users\Olivia\AppData\Local\Temp\EBU374A.exe
C:\Users\Olivia\AppData\Local\Temp\EBU4906.DLL
C:\Users\Olivia\AppData\Local\Temp\EBU8F29.exe
C:\Users\Olivia\AppData\Local\Temp\EBUA191.exe

*****************

C:\Users\Olivia\AppData\Local\Windows Live Writer\VirtualStore\sclui.dll => Moved successfully.
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Spigot => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\VirtualStore => Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1147979992-2349924293-2197084131-1000\$9d285f33747d76752b1c779d2e0bb43d => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\bundlesweetimsetup.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD1008.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD1409.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD1FBF.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD2AB7.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD3AFD.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD3BC8.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD400B.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD4078.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD4874.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD4E7C.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD5BDF.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD6AE2.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD7158.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD74A2.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD7B18.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD8334.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD8AC1.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EAD8E4B.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADA07A.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADA39E.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADA572.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADA6BB.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADB05A.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADB81D.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADB846.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADC0AF.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADD1FE.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADDD72.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADE6F4.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADEAF.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADEDC7.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADEE25.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADF0F2.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADF22A.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADF65F.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADFE6B.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EADFE7B.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EBU374A.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EBU4906.DLL => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EBU8F29.exe => Moved successfully.
C:\Users\Olivia\AppData\Local\Temp\EBUA191.exe => Moved successfully.

The system needs a manual reboot.

==== End of Fixlog ====

#6
gringo_pr

Posted 15 September 2013 - 09:56 PM

Trusted Helper

Malware Removal
7,268 posts

Hello TerraceHill

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

#7
TerraceHill

Posted 15 September 2013 - 10:00 PM

Member

Topic Starter
Member
32 posts

Before I do any of this may I ask a small question? How do I disable my other protection software? Thank you so much for the help! my next reply will be the logs you requested and a report on how the computer is doing.

EDIT: I have Avast only, but Norton is on my computer. I don't think it's activated...?

Edited by TerraceHill, 15 September 2013 - 10:36 PM.

#8
gringo_pr

Posted 15 September 2013 - 11:35 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

if Norton is not active go ahead and uninstall it

here is how to disable avast - http://www.ehow.com/...-antivirus.html

gringo

#9
TerraceHill

Posted 17 September 2013 - 08:02 PM

Member

Topic Starter
Member
32 posts

ADWCLEANER REPORT:----------------------------------------------------------------------------------------------------------------

# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\YTD Toolbar
Folder Deleted : C:\Users\Olivia\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Test\AppData\LocalLow\Search Settings
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060237.FCTB000060237Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060237.FCTB000060237Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060237.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060237.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060237.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060237.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-holy-bible-3d_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-holy-bible-3d_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-8-start-screen-full_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-8-start-screen-full_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4507 octets] - [16/09/2013 21:12:04]
AdwCleaner[S0].txt - [4384 octets] - [16/09/2013 21:14:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4444 octets] ##########

----------------------------------------------------------------------------------------------------------------
JUNKWARE-REMOVAL-TOOL REPORT:----------------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Olivia on Tue 09/17/2013 at 21:30:33.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A9A2C21-4FD4-4E8B-B961-27BC472D2F12}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Users\Olivia\AppData\LocalLow\FCTB000060237
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 21:51:09.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------------------------------------------

COMPUTER PERFORMANCE REPORT:
It's a bit faster, not too much lag. Avast is still blocking the "malicious urls and sites" that I was talking about. I have a feeling I should restart and then see, but what do you think? Also, in the system tray in the taskbar there are only two icon, the battery and the volume. Normal? When I make a new tab, as far as fastness goes, it still lags for like, five or seven seconds, maybe ten.. and up in the address bar where the link is it has all messed up graphics, but that was happening before anyway. But it is noticeable how much faster it's going, so we're getting somewhere I think.

Thank you so much, again! !

#10
gringo_pr

Posted 17 September 2013 - 08:19 PM

Trusted Helper

Malware Removal
7,268 posts

Hello TerraceHill

After this scan do a restart or two and then check things over

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#11
gringo_pr

Posted 20 September 2013 - 11:29 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

#12
TerraceHill

Posted 21 September 2013 - 06:12 PM

Member

Topic Starter
Member
32 posts

Sorry I'll post what you need in a minute.

#13
gringo_pr

Posted 21 September 2013 - 07:25 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

OK I will be looking for you

gringo

#14
TerraceHill

Posted 22 September 2013 - 08:52 PM

Member

Topic Starter
Member
32 posts

COMBOFIX REPORT LOG:
----------------------------------------------------------------------------------------

ComboFix 13-09-22.01 - Olivia 09/22/2013 21:48:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6063.3931 [GMT -4:00]
Running from: c:\users\Olivia\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\prefs.js
c:\programdata\Microsoft\Windows\DRM\C044.tmp
c:\programdata\Roaming
c:\users\Olivia\AppData\Local\Google\Chrome\User Data\Default\preferences
.
.
((((((((((((((((((((((((( Files Created from 2013-08-23 to 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-23 02:07 . 2013-09-23 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-23 02:07 . 2013-09-23 02:07 -------- d-----w- c:\users\Test\AppData\Local\temp
2013-09-22 02:22 . 2013-09-22 02:22 -------- d-----w- c:\users\Olivia\AppData\Roaming\Ambient Design
2013-09-22 02:18 . 2013-09-22 02:18 -------- d-----w- c:\program files (x86)\Ambient Design
2013-09-22 01:43 . 2013-09-22 01:43 -------- d-----w- c:\users\Olivia\AppData\Roaming\Autodesk
2013-09-22 01:43 . 2013-09-22 01:43 -------- d-----w- c:\programdata\Alias
2013-09-22 01:43 . 2013-09-22 01:43 -------- d-----w- c:\program files (x86)\Autodesk
2013-09-22 00:08 . 2013-09-22 00:08 -------- d-----w- c:\windows\Sun
2013-09-21 13:25 . 2013-09-21 13:25 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1709B49-EEEE-453B-AB56-5B457E770AD2}\offreg.dll
2013-09-21 13:21 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1709B49-EEEE-453B-AB56-5B457E770AD2}\mpengine.dll
2013-09-21 13:19 . 2013-09-21 13:19 -------- d-----w- c:\users\Olivia\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2013-09-21 13:17 . 2013-09-21 13:17 -------- d-----w- c:\users\Olivia\AppData\Roaming\Wacom
2013-09-21 13:17 . 2013-09-22 01:21 -------- d-----w- c:\programdata\Wacom
2013-09-21 13:17 . 2013-09-21 13:17 -------- d-----w- c:\program files (x86)\Bamboo Dock
2013-09-21 13:17 . 2013-09-21 13:20 -------- d-----w- c:\users\Olivia\AppData\Roaming\WTablet
2013-09-18 01:30 . 2013-09-18 01:30 -------- d-----w- c:\windows\ERUNT
2013-09-17 01:11 . 2013-09-17 01:14 -------- d-----w- C:\AdwCleaner
2013-09-16 03:01 . 2013-09-16 03:45 -------- d-----w- C:\FRST
2013-09-13 18:42 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-13 18:42 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-13 18:42 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-13 18:42 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-12 19:58 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 19:58 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-08 23:34 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-30 07:02 . 2013-08-30 07:03 -------- d-----w- C:\06159a860f4fe9145a4d703aacaad2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 13:19 . 2012-04-26 01:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-21 13:19 . 2012-04-26 01:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-30 07:48 . 2013-07-17 04:22 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-07-17 04:21 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-07-17 04:21 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-07-17 04:21 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-07-17 04:21 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-07-17 04:21 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-07-17 04:22 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-07-17 04:21 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-08-30 07:48 . 2013-07-17 04:21 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-07-17 04:20 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-07-27 07:09 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 08:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-12 19:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 08:57 . 2013-08-15 03:39 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 03:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-06-26 23:21 . 2013-06-26 23:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys
2013-06-26 23:21 . 2013-06-26 23:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys
2013-06-26 23:21 . 2013-06-26 23:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys
2013-06-26 23:21 . 2013-06-26 23:21 1777320 ----a-w- c:\windows\system32\sftldr.dll
2013-06-26 23:21 . 2013-06-26 23:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll
2013-06-26 23:21 . 2013-06-26 23:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-30 03:23 220632 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-30 03:23 220632 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-30 03:23 220632 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-06 39408]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"AdobeUpdater6"="c:\program files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2012-08-28 2521464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-05-18 295512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /A:C: /A:*STARTUP-SHORT /A:*STARTUP /L:1033 /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /wow /dir:C:\Program
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-22 00:06 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:19]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 16:35]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 16:35]
.
2013-09-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-09-22 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-09-23 c:\windows\Tasks\ReclaimerUpdateFiles_Olivia.job
- c:\users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-11 23:46]
.
2013-09-22 c:\windows\Tasks\ReclaimerUpdateXML_Olivia.job
- c:\users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-11 23:46]
.
2013-09-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Olivia.job
- c:\users\Olivia\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-11 23:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-30 03:23 244696 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-30 03:23 244696 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-30 03:23 244696 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-06 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b2f96685-57eb-4e32-bbe9-d255b4cc4d70} - c:\program files (x86)\Creflo Dollar Ministries Toolbar\Helper.dll
BHO-{A9183D22-9F36-4C28-81FE-C295754EEF1D} - c:\program files (x86)\Creflo Dollar Ministries Toolbar\Toolbar.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{BB11DF3C-D64B-4621-AD5F-F9910320D40E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1147979992-2349924293-2197084131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1147979992-2349924293-2197084131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-22 22:35:15
ComboFix-quarantined-files.txt 2013-09-23 02:35
.
Pre-Run: 613,945,397,248 bytes free
Post-Run: 616,225,501,184 bytes free
.
- - End Of File - - 1F1C20BE4DEC3E131F35A26864516B30

---------------------------------------------------------------------------------------------

I don't think there has been a problem with it, but I could not turn off Avast antivirus as I could not find the icon in the system tray. I can now, after ComboFix fixed the problem.

My avast is still blocking the popups, but when I turned it on after restart no popups came until like five minutes later. The internet is faster and better. I restarted it once. I wish this problem wasn't so stubborn xD

Thank you so much for your help, it really means to me! You're doing a great job too!

#15
gringo_pr

Posted 22 September 2013 - 09:19 PM

Trusted Helper

Malware Removal
7,268 posts

Hello TerraceHill

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

If the forum still complains about it being to long send me everything that is at the end of the report after where it says

==================
Scan finished
==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

Quit all programs that you may have started.
Please disconnect any external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
Exit/Close RogueKiller+