Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ITunes/Quicktime won't download... [Solved]


  • This topic is locked This topic is locked

#1
LinL00king

LinL00king

    Member

  • Member
  • PipPip
  • 20 posts
Hi, I'm really hoping someone can help me with this as I am frustrated beyond belief. All of a sudden after using ITunes in the past, it will not update or download, it says there are missing files etc. I have Windows 7 on my Toshiba Laptop, had it for 2 years, never had a problem. I always use Mozilla Firefox, can’t stand Internet Explorer. I have Avast free version, have ran the scan, nothing wrong there. So here is a list of all the things I have tried:
Restore computer to an earlier point
Uninstalled ITunes
Uninstalled Quicktime
Both in an effort to re-install
Deleted old copies
Did the “Start-Run-CMD-ipconfig” =yes, I have an IP address
I think I reinstalled Firefox, but now I can’t remember :)
Did the Task Manager ‘end process’ but didn’t know what to ‘end’ and what to leave alone!

Now when I go to either of these web pages to install, when I click the “Install Now” or “Download” button or whatever, it does nothing!! It used to show the green arrow in the upper right of the page, where when you click it, it shows what you just downloaded. Now, nothing. The web page then goes to the “Thanks for downloading” page. I’ve gone directly to ‘my downloads’ and it’s not there (where my computer saves what I want to download). I’ve had no problem downloading other things, it works exactly as I described above. I can click on the green arrow-it shows what I’ve just downloaded-I click it-my computer asks me if I want to run it-I say yes-IT RUNS!

ITunes & QuickTime WILL NOT DO THAT! It does nothing.I went back and read your instructions for posting and the only thing I can think of that could have caused any corruption would be that my phone got a virus (I THINK, tho it wasn't confirmed) and I did connect it to my computer to save contacts before I did a hard reset to factory. I also took out my sim card and connected it to my computer; it was there that I found a BUNCH of junk pictures that I never took/stored. I deleted all of them before taking the sim card out. That's when I did the system restore on my computer.First couple of times it wouldn't let me, it said 'could not complete' but I don't remember why. Sorry! I just picked an earlier date until it went through.

So I have done all of the steps you’ve suggested and here is my OLT.Txt:

OTL logfile created on: 3/23/2014 7:24:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lin55\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.39% Memory free
7.79 Gb Paging File | 5.82 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 457.02 Gb Free Space | 78.60% Space Free | Partition Type: NTFS

Computer Name: LIN55-PC | User Name: Lin55 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/23 19:23:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lin55\Downloads\OTL.exe
PRC - [2014/03/22 17:30:31 | 001,141,336 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/03/22 17:30:29 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/03/12 22:27:14 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/02/14 20:06:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/12 16:29:36 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/02/12 14:42:30 | 000,367,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2014/02/12 14:42:10 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/02/09 11:32:49 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/09 11:32:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/08/17 18:33:10 | 000,131,512 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2012/01/20 18:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/01/20 18:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/01/20 13:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/20 13:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/05 05:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/30 19:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/22 17:30:32 | 000,571,992 | ---- | M] () -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
MOD - [2014/03/12 22:27:13 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/14 20:06:12 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/24 16:13:15 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/23 16:53:08 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/09 11:32:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/01/10 23:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/16 01:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 17:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/25 20:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 15:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/22 17:30:31 | 001,141,336 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/03/12 22:27:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 20:06:12 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/12 16:29:36 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/02/12 14:42:10 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/17 18:33:10 | 000,131,512 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 18:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 18:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 13:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 13:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/30 19:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/09 11:32:53 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/09 11:32:53 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/02/09 11:32:53 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/02/09 11:32:53 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/28 20:27:38 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/24 16:13:16 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/24 16:13:16 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/02 06:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/06 16:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/16 17:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/05 05:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 05:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 05:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/22 21:22:12 | 000,412,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/22 21:22:10 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2011/12/06 05:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 21:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/07/28 16:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/07/18 18:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {B53FA071-DB70-433D-A95F-9550BEAE00B1}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
IE - HKCU\..\SearchScopes\{B53FA071-DB70-433D-A95F-9550BEAE00B1}: "URL" = http://www.google.co...1I7TSNP_enUS493
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Dictionary"
FF - prefs.js..browser.search.selectedEngine: "Dictionary"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.6.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.6: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.6.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/03/09 17:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/03/22 17:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/09 11:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/09 11:57:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/25 19:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lin55\AppData\Roaming\Mozilla\Extensions
[2014/03/20 21:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions
[2013/12/15 20:55:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/08/31 10:15:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/28 11:36:10 | 000,000,931 | ---- | M] () -- C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\searchplugins\dictionary.xml
[2012/08/28 11:22:24 | 000,000,705 | ---- | M] () -- C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\searchplugins\webster.xml
[2014/02/14 20:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 20:06:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/14 20:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 20:06:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/03/08 13:53:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/09 17:28:53 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2014/03/22 17:31:07 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CEDA102-85DF-4047-BFC7-7CCDC8B16B71}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/23 16:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/23 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/22 17:31:40 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Roaming\RealNetworks
[2014/03/22 17:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/03/22 17:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/03/22 17:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/03/22 17:30:35 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/03/22 17:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2014/03/22 17:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/03/22 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Roaming\Real
[2014/03/22 17:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/03/15 23:12:29 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Bloody Mary
[2014/03/15 23:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Bloody Mary
[2014/03/15 23:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grim Tales - Bloody Mary
[2014/03/15 20:09:46 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Between the Worlds II - The Pyramid
[2014/03/15 20:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Between the Worlds II - The Pyramid
[2014/03/15 20:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Between the Worlds II - The Pyramid
[2014/03/15 19:09:16 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Roaming\Between The Worlds 2
[2014/03/13 21:16:19 | 000,000,000 | ---D | C] -- C:\Users\Lin55\Documents\The Lonely Hearts Murders SE
[2014/03/13 00:51:35 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brink of Consciousness - The Lonely Hearts Murders
[2014/03/13 00:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brink of Consciousness - The Lonely Hearts Murders
[2014/03/13 00:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brink of Consciousness - The Lonely Hearts Murders
[2014/02/23 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2014/02/23 22:04:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2014/02/23 22:03:27 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Local\Samsung
[2014/02/23 22:03:25 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Roaming\Samsung
[2014/02/23 21:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/02/23 21:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2014/02/23 21:53:55 | 000,000,000 | ---D | C] -- C:\Users\Lin55\AppData\Local\Downloaded Installations
[2014/02/23 21:52:15 | 075,211,320 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\Lin55\Documents\KiesSetup.exe
[2014/02/21 20:19:17 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2013/09/21 19:42:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lin55\AppData\Roaming\pcouffin.sys
[2013/04/04 12:05:35 | 013,079,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Lin55\Silverlight_x64.exe
[9 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/23 19:27:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/23 19:09:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/23 18:40:01 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/03/23 18:39:59 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/23 18:37:39 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/23 18:37:39 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/23 18:36:46 | 000,782,470 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/23 18:36:46 | 000,662,634 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/23 18:36:46 | 000,122,470 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/23 18:31:55 | 000,416,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/23 18:31:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/23 18:31:01 | 3136,921,600 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/23 16:53:08 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/23 16:53:08 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/23 16:33:41 | 000,775,084 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/03/23 11:01:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/03/22 17:31:21 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/03/22 17:30:49 | 000,001,259 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/03/22 17:30:35 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/03/15 23:16:27 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/03/09 20:36:38 | 000,003,021 | ---- | M] () -- C:\Users\Lin55\Desktop\Microsoft Word 2010.lnk
[2014/03/09 17:29:59 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/23 21:53:35 | 075,211,320 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Lin55\Documents\KiesSetup.exe
[2014/02/23 14:46:51 | 000,000,843 | ---- | M] () -- C:\Users\Lin55\Documents\sd.jnlp
[2014/02/23 14:08:09 | 000,000,843 | ---- | M] () -- C:\Users\Lin55\Documents\kies.jnlp
[2014/02/23 13:32:15 | 000,674,184 | ---- | M] () -- C:\Users\Lin55\Documents\sms_12.25.00.02.23.14.xml
[2014/02/23 13:31:59 | 000,213,910 | ---- | M] () -- C:\Users\Lin55\Documents\contacts_12.22.58.02.23.14.vcf
[2014/02/23 13:31:31 | 000,092,432 | ---- | M] () -- C:\Users\Lin55\Documents\cal_12.21.46.02.23.14.xml
[9 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/23 16:53:08 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/23 16:53:08 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/22 17:31:21 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/03/22 17:30:49 | 000,001,259 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/03/15 23:16:27 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/03/09 20:36:38 | 000,003,021 | ---- | C] () -- C:\Users\Lin55\Desktop\Microsoft Word 2010.lnk
[2014/02/23 14:47:01 | 000,000,843 | ---- | C] () -- C:\Users\Lin55\Documents\sd.jnlp
[2014/02/23 14:08:34 | 000,000,843 | ---- | C] () -- C:\Users\Lin55\Documents\kies.jnlp
[2014/02/23 13:32:21 | 000,674,184 | ---- | C] () -- C:\Users\Lin55\Documents\sms_12.25.00.02.23.14.xml
[2014/02/23 13:32:09 | 000,213,910 | ---- | C] () -- C:\Users\Lin55\Documents\contacts_12.22.58.02.23.14.vcf
[2014/02/23 13:31:52 | 000,092,432 | ---- | C] () -- C:\Users\Lin55\Documents\cal_12.21.46.02.23.14.xml
[2014/01/23 19:31:08 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2013/09/21 19:42:57 | 000,099,384 | ---- | C] () -- C:\Users\Lin55\AppData\Roaming\inst.exe
[2013/09/21 19:42:57 | 000,007,859 | ---- | C] () -- C:\Users\Lin55\AppData\Roaming\pcouffin.cat
[2013/09/15 11:33:26 | 000,001,167 | ---- | C] () -- C:\Users\Lin55\AppData\Roaming\pcouffin.inf
[2012/10/28 05:58:06 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2012/10/01 23:07:52 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2012/08/26 16:10:34 | 000,039,904 | ---- | C] () -- C:\windows\SysWow64\dischandler.exe
[2012/08/20 22:15:22 | 003,978,240 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
[2012/08/20 22:14:04 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/08/20 22:12:48 | 000,271,360 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
[2012/08/20 22:12:34 | 000,099,840 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
[2012/08/20 22:12:32 | 000,157,184 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
[2012/08/20 22:12:30 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
[2012/08/20 22:12:28 | 001,525,760 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
[2012/08/20 22:12:28 | 000,211,968 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
[2012/08/20 22:12:28 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
[2012/08/20 22:12:24 | 000,330,240 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
[2012/08/15 21:29:36 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2012/07/19 13:56:08 | 000,172,544 | ---- | C] () -- C:\windows\SysWow64\libbluray.dll
[2012/07/19 13:56:02 | 006,894,331 | ---- | C] () -- C:\windows\SysWow64\avcodec-lav-54.dll
[2012/07/19 13:56:02 | 001,111,581 | ---- | C] () -- C:\windows\SysWow64\avformat-lav-54.dll
[2012/07/19 13:56:02 | 000,401,685 | ---- | C] () -- C:\windows\SysWow64\swscale-lav-2.dll
[2012/07/19 13:56:02 | 000,232,895 | ---- | C] () -- C:\windows\SysWow64\avutil-lav-51.dll
[2012/07/19 13:56:02 | 000,162,743 | ---- | C] () -- C:\windows\SysWow64\avfilter-lav-3.dll
[2012/07/19 13:56:02 | 000,101,820 | ---- | C] () -- C:\windows\SysWow64\avresample-lav-0.dll
[2012/05/10 15:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/05/10 14:24:08 | 013,214,720 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/05/01 21:59:24 | 000,775,084 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/01 21:17:44 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/25 20:02:12 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\4 Friends Games
[2013/04/01 23:09:18 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\8floor
[2012/10/01 21:35:42 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Absolutist
[2012/11/17 00:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Alawar
[2013/03/29 14:38:16 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Alawar Stargaze
[2013/09/24 20:26:41 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\AlawarEntertainment
[2013/09/22 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\AlderGames
[2012/11/22 23:53:02 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Amaranth Games
[2013/10/14 20:38:46 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Artifex Mundi
[2012/11/01 18:06:34 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\ArtifexMundi
[2013/08/03 15:14:52 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Artogon
[2013/10/24 16:25:22 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\AVAST Software
[2012/07/25 16:08:24 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Awem
[2014/03/15 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Between The Worlds 2
[2013/02/05 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Big Fish Games
[2013/03/10 22:59:13 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Boolat Games
[2014/01/14 21:24:35 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Boomzap
[2013/10/01 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\com.zoosk.Desktop
[2013/10/01 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/10/06 19:25:30 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\DailyMagic
[2013/09/22 14:04:36 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\DarkManor
[2012/08/17 23:44:14 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\EleFun Games
[2014/03/16 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Elephant Games
[2014/01/04 21:13:07 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\ERS Game Studios
[2013/01/19 13:35:43 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Fenomen Games
[2012/09/26 00:45:28 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Friday's games
[2012/10/01 23:47:14 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Frogwares
[2013/02/20 00:09:29 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Ghost Ship Studios
[2013/09/05 18:47:58 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Gunnar Games
[2013/01/23 21:58:35 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Jetdogs Studios
[2012/11/09 01:19:07 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\LegacyGames
[2013/01/26 23:05:47 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\LegacyInteractive
[2012/09/19 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Mad Head Games
[2014/03/13 21:16:19 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\MagicIndie
[2013/10/06 13:19:56 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\MediaArt
[2012/07/30 05:13:32 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\MumboJumbo
[2012/07/23 22:00:06 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Oberon Media
[2013/10/05 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Orneon
[2012/07/20 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\PCCUStubInstaller
[2012/09/06 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\PlataGames
[2012/07/25 18:13:51 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\PlayFavoriteGames
[2013/05/19 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\PlayFirst
[2012/08/19 21:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Playrix Entertainment
[2013/09/30 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\PuzzleLab
[2012/10/01 21:49:27 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\RenPy
[2012/09/13 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Sahmon Games
[2014/02/28 19:27:21 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Samsung
[2012/11/12 01:08:19 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\SecretIslandEng
[2012/09/28 01:03:55 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Skyborn
[2013/10/13 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Specialbit
[2012/09/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\SpinTop Games
[2012/09/28 01:20:38 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Sylia_Act_I_Saves
[2012/11/12 00:46:27 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\TMInc
[2012/11/18 22:47:04 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\TOMI2.THE GATES OF FATE
[2012/11/09 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Top Evidence
[2012/07/19 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Toshiba
[2012/09/14 02:25:38 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\TWODESPERADOS
[2012/08/14 09:12:54 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Vast Studios
[2012/09/05 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\VendelGAMES
[2012/10/13 00:27:48 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Vogat Interactive
[2013/09/21 19:42:58 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Vso
[2012/07/20 09:58:12 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\WildTangent
[2012/07/19 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\WinBatch
[2012/07/19 23:42:09 | 000,000,000 | ---D | M] -- C:\Users\Lin55\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 377 bytes -> C:\ProgramData\TEMP:214562D2
@Alternate Data Stream - 254 bytes -> C:\ProgramData\TEMP:48862C37
@Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:462A7C89
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:9EDA68BD
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:5C717402
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:4AC7B5C1
@Alternate Data Stream - 250 bytes -> C:\ProgramData\TEMP:94A31742
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:B6E58523
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:6CF828C2
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:11590865
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:49EA4410
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:1B96CF22
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:00F3978A
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:D1FE35E7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:B6E6C4EA
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:6ECE93A8
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:E402E439
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:C6104C4F
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:4D729D61
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:60E755E6
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:997DA6D7
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:63C48B80
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:D64DD961
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:E47BBD7B
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:C3899C0B
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:4C9782FB
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:1E17A249
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:D4DD372D
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:B79964F6
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:80FA23CA
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:036AA5DD
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:3A7527E8
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:F1381B87
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:BE6B5FC3
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:302ECBD6
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:EDDBC69E
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:5A068EE1
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:460638C7
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:BB99F46B
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:3F266659
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:0BACBDD9
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:BBC9C1EB
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:795F6DEC
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:57176330
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:1EAB6298
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:F83E8359
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:66C764F5
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:406E0034
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:92CA7E75
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:922DA2DB
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:EFBD4447
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:A60D0FA6
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:371060CE
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:1322DDBD
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:0410A323
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:71F04C26
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:1234ADAE
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:097C4B7D
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:4EFA2FC7
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:C370B84F
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:8DD20B4A
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:1DB77A89
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:762408BA
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:9BB8C675
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:13CDB0E0
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:EE69D7DF
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:72A1B66A
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:1416AAA6
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:95D2904B
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:6B2FBF73
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:2DAD076E
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:43357A12
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:B904C348
@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:506E1E25
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:881ED4D3
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:7FA0D639
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:C0AAC015
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D987CB43
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:59540531
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:351662E7
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:72C99D4E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:39B14E09
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EFF3C3C8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:95D421DF
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:37207201
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C89D1773
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A9056F42
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5133A494
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F1174C93
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5ED7E575
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:54403233
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CE3AADB7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14A1BBE3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB299F13
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7EC01D6D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >


Sooooooooooooo, any help would be appreciated. Yes, I have a lot of games, but that has never been a problem before. Oh, and please don't embarrass me :)

Thanks, Linda
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello LinL00king,

Sorry for the delay in getting to you.

Now

Please run OTL.exe
 

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

     

     

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
    IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
    IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNP
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    [2014/03/20 21:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions
    [2013/12/15 20:55:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2014/02/14 20:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    @Alternate Data Stream - 377 bytes -> C:\ProgramData\TEMP:214562D2
    @Alternate Data Stream - 254 bytes -> C:\ProgramData\TEMP:48862C37
    @Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:462A7C89
    @Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:9EDA68BD
    @Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:5C717402
    @Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:4AC7B5C1
    @Alternate Data Stream - 250 bytes -> C:\ProgramData\TEMP:94A31742
    @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:B6E58523
    @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:6CF828C2
    @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:11590865
    @Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:49EA4410
    @Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:1B96CF22
    @Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:00F3978A
    @Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:D1FE35E7
    @Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:B6E6C4EA
    @Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:6ECE93A8
    @Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:E402E439
    @Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:C6104C4F
    @Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:4D729D61
    @Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:60E755E6
    @Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:997DA6D7
    @Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:63C48B80
    @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:D64DD961
    @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:A819A132
    @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:0E22C5DB
    @Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:E47BBD7B
    @Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:C3899C0B
    @Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:E8B61305
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:AAA06E15
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:5E73E1C2
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:4C9782FB
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:1E17A249
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:D4DD372D
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:C6920A5D
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:B79964F6
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:80FA23CA
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:036AA5DD
    @Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:3A7527E8
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:F1381B87
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:BE6B5FC3
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:6BFA43EB
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:302ECBD6
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0696EC8E
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:EDDBC69E
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:5A068EE1
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:460638C7
    @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:BB99F46B
    @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:3F266659
    @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:0BACBDD9
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:BBC9C1EB
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:207C4C79
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:1604D047
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:B54E4B5A
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:795F6DEC
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:689AB7E9
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:57176330
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:4E79C4F8
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:1EAB6298
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:F83E8359
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:66C764F5
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:406E0034
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:92CA7E75
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:922DA2DB
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:EFBD4447
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:A60D0FA6
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:371060CE
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:53BA2DF6
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:4A448DB2
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:1322DDBD
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:0410A323
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:71F04C26
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:1234ADAE
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:097C4B7D
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:A02025CE
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:9BAC4211
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:8B4B9596
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:4EFA2FC7
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:C370B84F
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:8DD20B4A
    @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:569CEE83
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:2C86E2AD
    @Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:206470A5
    @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:0EC7A545
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:512E1728
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:491270B8
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:1DB77A89
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:A6D6E537
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:762408BA
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:E411AA0D
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:9BB8C675
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:848CC150
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:61AF2B29
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:13CDB0E0
    @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:EE69D7DF
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:72A1B66A
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:1416AAA6
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:95D2904B
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:6B2FBF73
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:2DAD076E
    @Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:43357A12
    @Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:D507B5A8
    @Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:B904C348
    @Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:506E1E25
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:881ED4D3
    @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:7FA0D639
    @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:C0AAC015
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D987CB43
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:59540531
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:351662E7
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:72C99D4E
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:39B14E09
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2CB9631F
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EFF3C3C8
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:95D421DF
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2AE74FF9
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:37207201
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C89D1773
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CB85CA
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A9056F42
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5133A494
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3B454A5C
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F1174C93
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5ED7E575
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F84B8DB5
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A9562832
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:54403233
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3E06C78F
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E6CDFB4A
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CE3AADB7
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:943E8182
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14A1BBE3
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB299F13
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7EC01D6D
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8BE7A048
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

After that

Please download Malwarebytes Anti-Malware Free from here.


  • Double click to install the progamme
  • When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box enable free trial of Malwarebytes Anti-Malware Premium

MBAMcompletinginstall.jpg
 

  • The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
  • When update is complete select Settings > Detection and Protection and check (tick) Scan for rootkits

MBAMSettings-1.jpg

Go back to the Dashboard and click on the green Scan Now button.

MBAM1.jpg
 

  • If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

MBAMReboot.JPG



  • On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
  • Click on the Export button and select Text file and save to the desktop

MBAMLog.JPG

Copy and paste the log back here.

So when you return please post

  • OTL fix log
  • MBAM report

  • 0

#3
LinL00king

LinL00king

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi there, no apology needed, I'm very grateful for the help!! Thank you for your reply, here are the things you asked for:

 

OTL fix log

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions folder moved successfully.
Folder C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\ProgramData\TEMP:214562D2 deleted successfully.
ADS C:\ProgramData\TEMP:48862C37 deleted successfully.
ADS C:\ProgramData\TEMP:462A7C89 deleted successfully.
ADS C:\ProgramData\TEMP:9EDA68BD deleted successfully.
ADS C:\ProgramData\TEMP:5C717402 deleted successfully.
ADS C:\ProgramData\TEMP:4AC7B5C1 deleted successfully.
ADS C:\ProgramData\TEMP:94A31742 deleted successfully.
ADS C:\ProgramData\TEMP:B6E58523 deleted successfully.
ADS C:\ProgramData\TEMP:6CF828C2 deleted successfully.
ADS C:\ProgramData\TEMP:11590865 deleted successfully.
ADS C:\ProgramData\TEMP:49EA4410 deleted successfully.
ADS C:\ProgramData\TEMP:1B96CF22 deleted successfully.
ADS C:\ProgramData\TEMP:00F3978A deleted successfully.
ADS C:\ProgramData\TEMP:D1FE35E7 deleted successfully.
ADS C:\ProgramData\TEMP:B6E6C4EA deleted successfully.
ADS C:\ProgramData\TEMP:6ECE93A8 deleted successfully.
ADS C:\ProgramData\TEMP:E402E439 deleted successfully.
ADS C:\ProgramData\TEMP:C6104C4F deleted successfully.
ADS C:\ProgramData\TEMP:4D729D61 deleted successfully.
ADS C:\ProgramData\TEMP:60E755E6 deleted successfully.
ADS C:\ProgramData\TEMP:997DA6D7 deleted successfully.
ADS C:\ProgramData\TEMP:63C48B80 deleted successfully.
ADS C:\ProgramData\TEMP:D64DD961 deleted successfully.
ADS C:\ProgramData\TEMP:A819A132 deleted successfully.
ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.
ADS C:\ProgramData\TEMP:E47BBD7B deleted successfully.
ADS C:\ProgramData\TEMP:C3899C0B deleted successfully.
ADS C:\ProgramData\TEMP:E8B61305 deleted successfully.
ADS C:\ProgramData\TEMP:AAA06E15 deleted successfully.
ADS C:\ProgramData\TEMP:5E73E1C2 deleted successfully.
ADS C:\ProgramData\TEMP:4C9782FB deleted successfully.
ADS C:\ProgramData\TEMP:1E17A249 deleted successfully.
ADS C:\ProgramData\TEMP:D4DD372D deleted successfully.
ADS C:\ProgramData\TEMP:C6920A5D deleted successfully.
ADS C:\ProgramData\TEMP:B79964F6 deleted successfully.
ADS C:\ProgramData\TEMP:80FA23CA deleted successfully.
ADS C:\ProgramData\TEMP:036AA5DD deleted successfully.
ADS C:\ProgramData\TEMP:3A7527E8 deleted successfully.
ADS C:\ProgramData\TEMP:F1381B87 deleted successfully.
ADS C:\ProgramData\TEMP:BE6B5FC3 deleted successfully.
ADS C:\ProgramData\TEMP:6BFA43EB deleted successfully.
ADS C:\ProgramData\TEMP:302ECBD6 deleted successfully.
ADS C:\ProgramData\TEMP:0696EC8E deleted successfully.
ADS C:\ProgramData\TEMP:EDDBC69E deleted successfully.
ADS C:\ProgramData\TEMP:5A068EE1 deleted successfully.
ADS C:\ProgramData\TEMP:460638C7 deleted successfully.
ADS C:\ProgramData\TEMP:BB99F46B deleted successfully.
ADS C:\ProgramData\TEMP:3F266659 deleted successfully.
ADS C:\ProgramData\TEMP:0BACBDD9 deleted successfully.
ADS C:\ProgramData\TEMP:BBC9C1EB deleted successfully.
ADS C:\ProgramData\TEMP:207C4C79 deleted successfully.
ADS C:\ProgramData\TEMP:1604D047 deleted successfully.
ADS C:\ProgramData\TEMP:B54E4B5A deleted successfully.
ADS C:\ProgramData\TEMP:795F6DEC deleted successfully.
ADS C:\ProgramData\TEMP:689AB7E9 deleted successfully.
ADS C:\ProgramData\TEMP:57176330 deleted successfully.
ADS C:\ProgramData\TEMP:4E79C4F8 deleted successfully.
ADS C:\ProgramData\TEMP:1EAB6298 deleted successfully.
ADS C:\ProgramData\TEMP:F83E8359 deleted successfully.
ADS C:\ProgramData\TEMP:66C764F5 deleted successfully.
ADS C:\ProgramData\TEMP:406E0034 deleted successfully.
ADS C:\ProgramData\TEMP:92CA7E75 deleted successfully.
ADS C:\ProgramData\TEMP:922DA2DB deleted successfully.
ADS C:\ProgramData\TEMP:EFBD4447 deleted successfully.
ADS C:\ProgramData\TEMP:A60D0FA6 deleted successfully.
ADS C:\ProgramData\TEMP:371060CE deleted successfully.
ADS C:\ProgramData\TEMP:53BA2DF6 deleted successfully.
ADS C:\ProgramData\TEMP:4A448DB2 deleted successfully.
ADS C:\ProgramData\TEMP:1322DDBD deleted successfully.
ADS C:\ProgramData\TEMP:0410A323 deleted successfully.
ADS C:\ProgramData\TEMP:71F04C26 deleted successfully.
ADS C:\ProgramData\TEMP:1234ADAE deleted successfully.
ADS C:\ProgramData\TEMP:097C4B7D deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:9BAC4211 deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:4EFA2FC7 deleted successfully.
ADS C:\ProgramData\TEMP:C370B84F deleted successfully.
ADS C:\ProgramData\TEMP:8DD20B4A deleted successfully.
ADS C:\ProgramData\TEMP:569CEE83 deleted successfully.
ADS C:\ProgramData\TEMP:2C86E2AD deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:0EC7A545 deleted successfully.
ADS C:\ProgramData\TEMP:512E1728 deleted successfully.
ADS C:\ProgramData\TEMP:491270B8 deleted successfully.
ADS C:\ProgramData\TEMP:1DB77A89 deleted successfully.
ADS C:\ProgramData\TEMP:A6D6E537 deleted successfully.
ADS C:\ProgramData\TEMP:762408BA deleted successfully.
ADS C:\ProgramData\TEMP:E411AA0D deleted successfully.
ADS C:\ProgramData\TEMP:9BB8C675 deleted successfully.
ADS C:\ProgramData\TEMP:848CC150 deleted successfully.
ADS C:\ProgramData\TEMP:61AF2B29 deleted successfully.
ADS C:\ProgramData\TEMP:13CDB0E0 deleted successfully.
ADS C:\ProgramData\TEMP:EE69D7DF deleted successfully.
ADS C:\ProgramData\TEMP:72A1B66A deleted successfully.
ADS C:\ProgramData\TEMP:1416AAA6 deleted successfully.
ADS C:\ProgramData\TEMP:95D2904B deleted successfully.
ADS C:\ProgramData\TEMP:6B2FBF73 deleted successfully.
ADS C:\ProgramData\TEMP:2DAD076E deleted successfully.
ADS C:\ProgramData\TEMP:43357A12 deleted successfully.
ADS C:\ProgramData\TEMP:D507B5A8 deleted successfully.
ADS C:\ProgramData\TEMP:B904C348 deleted successfully.
ADS C:\ProgramData\TEMP:506E1E25 deleted successfully.
ADS C:\ProgramData\TEMP:881ED4D3 deleted successfully.
ADS C:\ProgramData\TEMP:7FA0D639 deleted successfully.
ADS C:\ProgramData\TEMP:C0AAC015 deleted successfully.
ADS C:\ProgramData\TEMP:D987CB43 deleted successfully.
ADS C:\ProgramData\TEMP:59540531 deleted successfully.
ADS C:\ProgramData\TEMP:351662E7 deleted successfully.
ADS C:\ProgramData\TEMP:72C99D4E deleted successfully.
ADS C:\ProgramData\TEMP:39B14E09 deleted successfully.
ADS C:\ProgramData\TEMP:2CB9631F deleted successfully.
ADS C:\ProgramData\TEMP:EFF3C3C8 deleted successfully.
ADS C:\ProgramData\TEMP:95D421DF deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:37207201 deleted successfully.
ADS C:\ProgramData\TEMP:C89D1773 deleted successfully.
ADS C:\ProgramData\TEMP:10CB85CA deleted successfully.
ADS C:\ProgramData\TEMP:A9056F42 deleted successfully.
ADS C:\ProgramData\TEMP:5133A494 deleted successfully.
ADS C:\ProgramData\TEMP:3B454A5C deleted successfully.
ADS C:\ProgramData\TEMP:F1174C93 deleted successfully.
ADS C:\ProgramData\TEMP:5ED7E575 deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:A9562832 deleted successfully.
ADS C:\ProgramData\TEMP:54403233 deleted successfully.
ADS C:\ProgramData\TEMP:3E06C78F deleted successfully.
ADS C:\ProgramData\TEMP:E6CDFB4A deleted successfully.
ADS C:\ProgramData\TEMP:CE3AADB7 deleted successfully.
ADS C:\ProgramData\TEMP:943E8182 deleted successfully.
ADS C:\ProgramData\TEMP:14A1BBE3 deleted successfully.
ADS C:\ProgramData\TEMP:CB299F13 deleted successfully.
ADS C:\ProgramData\TEMP:7EC01D6D deleted successfully.
ADS C:\ProgramData\TEMP:8BE7A048 deleted successfully.
ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lin55\Downloads\cmd.bat deleted successfully.
C:\Users\Lin55\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 110856 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->FireFox cache emptied: 21241047 bytes
->Flash cache emptied: 56967 bytes
 
User: Lin55
->Temp folder emptied: 1302979700 bytes
->Temporary Internet Files folder emptied: 186701830 bytes
->Java cache emptied: 6733290 bytes
->FireFox cache emptied: 446799561 bytes
->Flash cache emptied: 88036 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6115328 bytes
%systemroot%\System32 (64bit) .tmp files removed: 20104520 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 684617797 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84595233 bytes
RecycleBin emptied: 1856 bytes
 
Total Files Cleaned = 2,632.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03272014_182930

Files\Folders moved on Reboot...
C:\Users\Lin55\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lin55\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

MBAM Report:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/27/2014
Scan Time: 8:50:52 PM
Logfile: Log file.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.28.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lin55

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276260
Time Elapsed: 21 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-783567103-2195990892-4293511471-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [8d739a66f8080ff1e733a5d79073db25],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.BundleInstaller.DW, C:\Users\Lin55\Downloads\Shark_Tank.exe, Quarantined, [659bb54bb24e936da03f35c63bc516ea],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Please let me know if these are the correct ones :)

 

Linda


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hi Linda,

 

Yep, looking good.

 

Now

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.


  • 0

#5
LinL00king

LinL00king

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Ok here ya go:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lin55 (administrator) on LIN55-PC on 27-03-2014 21:40:20
Running from C:\Users\Lin55\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-03-22] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-783567103-2195990892-4293511471-1001\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-783567103-2195990892-4293511471-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-01] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {B53FA071-DB70-433D-A95F-9550BEAE00B1} URL = http://www.google.co...1I7TSNP_enUS493
SearchScopes: HKCU - {B53FA071-DB70-433D-A95F-9550BEAE00B1} URL = http://www.google.co...1I7TSNP_enUS493
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNP
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default
FF user.js: detected! => C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\user.js
FF DefaultSearchEngine: Dictionary
FF SelectedSearchEngine: Dictionary
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\Lin55\AppData\Roaming\Mozilla\Firefox\Profiles\8evhfb5a.default\searchplugins\webster.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [131512 2012-08-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-22] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-12] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] ()
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-22] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 21:40 - 2014-03-27 21:40 - 00020722 _____ () C:\Users\Lin55\Downloads\FRST.txt
2014-03-27 21:39 - 2014-03-27 21:40 - 00000000 ____D () C:\FRST
2014-03-27 21:39 - 2014-03-27 21:39 - 02157056 _____ (Farbar) C:\Users\Lin55\Downloads\FRST64.exe
2014-03-27 21:05 - 2014-03-27 21:05 - 00001304 _____ () C:\Users\Lin55\Desktop\MBAM Report.txt
2014-03-27 20:27 - 2014-03-27 21:02 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 20:27 - 2014-03-27 20:27 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 20:26 - 2014-03-27 20:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 20:26 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-27 20:26 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-27 20:26 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-27 20:21 - 2014-03-27 20:21 - 00029100 _____ () C:\Users\Lin55\Downloads\03272014_182930.log
2014-03-27 20:18 - 2014-03-27 20:19 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Lin55\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 18:29 - 2014-03-27 18:29 - 00000000 ____D () C:\_OTL
2014-03-24 21:12 - 2014-03-27 20:52 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-783567103-2195990892-4293511471-1001
2014-03-23 19:30 - 2014-03-23 20:12 - 00077518 _____ () C:\Users\Lin55\Downloads\Extras.Txt
2014-03-23 19:30 - 2014-03-23 20:11 - 00133480 _____ () C:\Users\Lin55\Downloads\OTL.Txt
2014-03-23 19:23 - 2014-03-27 18:21 - 00602112 _____ (OldTimer Tools) C:\Users\Lin55\Downloads\OTL.exe
2014-03-23 18:54 - 2014-03-23 18:56 - 00000000 ____D () C:\Users\Lin55\Downloads\Hmmm
2014-03-23 16:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-03-23 16:53 - 2014-03-23 16:53 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-23 16:53 - 2014-03-23 16:53 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-23 16:53 - 2014-03-23 16:53 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-23 16:53 - 2014-03-23 16:53 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-23 16:53 - 2014-03-23 16:53 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-03-23 16:53 - 2014-03-23 16:53 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-03-23 16:53 - 2014-03-23 16:53 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-03-23 16:53 - 2014-03-23 16:53 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-03-23 16:53 - 2014-03-23 16:53 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-03-23 16:53 - 2014-03-23 16:53 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-03-23 16:53 - 2014-03-23 16:53 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-23 16:51 - 2014-03-23 16:57 - 00007784 _____ () C:\windows\IE11_main.log
2014-03-23 16:34 - 2014-03-23 16:40 - 00007326 _____ () C:\windows\IE10_main.log
2014-03-23 16:05 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-03-23 16:05 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-23 16:04 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-23 16:04 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-23 16:04 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-23 16:04 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-23 16:04 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-23 16:04 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-23 16:04 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-23 16:04 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-23 15:56 - 2014-03-23 15:56 - 00002946 _____ () C:\windows\System32\Tasks\{BCFA1287-8641-4FB8-8412-3119E1ADC504}
2014-03-22 17:31 - 2014-03-27 20:52 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-783567103-2195990892-4293511471-1001
2014-03-22 17:31 - 2014-03-22 17:31 - 00001275 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\RealNetworks
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-22 17:30 - 2014-03-22 17:31 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-22 17:30 - 2014-03-22 17:30 - 00505416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00353864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00278600 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00201800 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2014-03-22 17:29 - 2014-03-22 17:34 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Real
2014-03-22 17:27 - 2014-03-22 17:32 - 00000000 ____D () C:\ProgramData\Real
2014-03-22 17:27 - 2014-03-22 17:27 - 00895696 _____ (RealNetworks, Inc.) C:\Users\Lin55\Downloads\RealPlayerCloud.exe
2014-03-15 23:16 - 2014-03-15 23:16 - 00001278 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-03-15 23:12 - 2014-03-15 23:16 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Bloody Mary
2014-03-15 23:12 - 2014-03-15 23:12 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Bloody Mary
2014-03-15 22:54 - 2014-03-15 22:54 - 00236648 _____ (Big Fish Games) C:\Users\Lin55\Downloads\bigfishgames_p207071213_s1_l1.exe
2014-03-15 20:09 - 2014-03-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Between the Worlds II - The Pyramid
2014-03-15 20:09 - 2014-03-15 20:09 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Between the Worlds II - The Pyramid
2014-03-15 19:09 - 2014-03-15 19:12 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Between The Worlds 2
2014-03-13 21:16 - 2014-03-13 21:16 - 00000000 ____D () C:\Users\Lin55\Documents\The Lonely Hearts Murders SE
2014-03-13 00:51 - 2014-03-13 00:54 - 00000000 ____D () C:\Program Files (x86)\Brink of Consciousness - The Lonely Hearts Murders
2014-03-13 00:51 - 2014-03-13 00:51 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brink of Consciousness - The Lonely Hearts Murders
2014-03-13 00:20 - 2014-03-15 19:56 - 00236648 _____ (Big Fish Games) C:\Users\Lin55\Downloads\bigfishgames_p207071194_s1_l1.exe
2014-03-13 00:17 - 2014-03-13 00:17 - 00236648 _____ (Big Fish Games) C:\Users\Lin55\Downloads\bigfishgames_p207071142_s1_l1.exe
2014-03-09 20:36 - 2014-03-09 20:36 - 00003021 _____ () C:\Users\Lin55\Desktop\Microsoft Word 2010.lnk
2014-03-02 12:01 - 2014-03-02 12:01 - 00000000 _____ () C:\Users\Lin55\agent.log

==================== One Month Modified Files and Folders =======

2014-03-27 21:40 - 2014-03-27 21:40 - 00020722 _____ () C:\Users\Lin55\Downloads\FRST.txt
2014-03-27 21:40 - 2014-03-27 21:39 - 00000000 ____D () C:\FRST
2014-03-27 21:39 - 2014-03-27 21:39 - 02157056 _____ (Farbar) C:\Users\Lin55\Downloads\FRST64.exe
2014-03-27 21:27 - 2012-05-01 22:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 21:15 - 2012-05-01 20:57 - 01943091 _____ () C:\windows\WindowsUpdate.log
2014-03-27 21:09 - 2012-05-01 21:44 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 21:05 - 2014-03-27 21:05 - 00001304 _____ () C:\Users\Lin55\Desktop\MBAM Report.txt
2014-03-27 21:02 - 2014-03-27 20:27 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 20:59 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 20:59 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 20:56 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-27 20:52 - 2014-03-24 21:12 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-783567103-2195990892-4293511471-1001
2014-03-27 20:52 - 2014-03-22 17:31 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-783567103-2195990892-4293511471-1001
2014-03-27 20:52 - 2012-05-01 21:44 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 20:52 - 2012-05-01 21:03 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-03-27 20:51 - 2010-11-20 22:47 - 01594448 _____ () C:\windows\PFRO.log
2014-03-27 20:51 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 20:51 - 2009-07-13 23:51 - 00053257 _____ () C:\windows\setupact.log
2014-03-27 20:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\security
2014-03-27 20:27 - 2014-03-27 20:27 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 20:27 - 2014-03-27 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 20:21 - 2014-03-27 20:21 - 00029100 _____ () C:\Users\Lin55\Downloads\03272014_182930.log
2014-03-27 20:19 - 2014-03-27 20:18 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Lin55\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 19:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-03-27 18:29 - 2014-03-27 18:29 - 00000000 ____D () C:\_OTL
2014-03-27 18:21 - 2014-03-23 19:23 - 00602112 _____ (OldTimer Tools) C:\Users\Lin55\Downloads\OTL.exe
2014-03-27 18:09 - 2012-08-25 14:04 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-27 18:09 - 2009-07-14 00:08 - 00032538 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-23 20:12 - 2014-03-23 19:30 - 00077518 _____ () C:\Users\Lin55\Downloads\Extras.Txt
2014-03-23 20:11 - 2014-03-23 19:30 - 00133480 _____ () C:\Users\Lin55\Downloads\OTL.Txt
2014-03-23 19:06 - 2013-07-21 09:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-23 18:56 - 2014-03-23 18:54 - 00000000 ____D () C:\Users\Lin55\Downloads\Hmmm
2014-03-23 18:40 - 2012-07-19 20:48 - 00001424 _____ () C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 18:31 - 2009-07-13 23:45 - 00416688 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-23 18:30 - 2012-08-16 01:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-23 18:30 - 2012-08-16 01:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-23 18:27 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-03-23 16:57 - 2014-03-23 16:51 - 00007784 _____ () C:\windows\IE11_main.log
2014-03-23 16:57 - 2012-08-03 17:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-23 16:53 - 2014-03-23 16:53 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-23 16:53 - 2014-03-23 16:53 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-23 16:53 - 2014-03-23 16:53 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-23 16:53 - 2014-03-23 16:53 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-23 16:53 - 2014-03-23 16:53 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-03-23 16:53 - 2014-03-23 16:53 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-03-23 16:53 - 2014-03-23 16:53 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-03-23 16:53 - 2014-03-23 16:53 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-03-23 16:53 - 2014-03-23 16:53 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-03-23 16:53 - 2014-03-23 16:53 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-03-23 16:53 - 2014-03-23 16:53 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-03-23 16:53 - 2014-03-23 16:53 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-03-23 16:53 - 2014-03-23 16:53 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-23 16:50 - 2012-11-15 13:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 16:50 - 2012-11-15 13:58 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 16:45 - 2009-07-13 21:34 - 00000478 _____ () C:\windows\win.ini
2014-03-23 16:40 - 2014-03-23 16:34 - 00007326 _____ () C:\windows\IE10_main.log
2014-03-23 16:33 - 2012-05-01 21:59 - 00775084 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-23 16:31 - 2013-07-20 21:26 - 00000000 ____D () C:\windows\system32\MRT
2014-03-23 16:22 - 2012-07-22 11:54 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-23 15:59 - 2013-07-21 09:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-23 15:56 - 2014-03-23 15:56 - 00002946 _____ () C:\windows\System32\Tasks\{BCFA1287-8641-4FB8-8412-3119E1ADC504}
2014-03-23 11:01 - 2012-05-01 21:03 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-03-22 17:34 - 2014-03-22 17:29 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Real
2014-03-22 17:32 - 2014-03-22 17:27 - 00000000 ____D () C:\ProgramData\Real
2014-03-22 17:31 - 2014-03-22 17:31 - 00001275 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\RealNetworks
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-22 17:31 - 2014-03-22 17:31 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-22 17:31 - 2014-03-22 17:30 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-22 17:30 - 2014-03-22 17:30 - 00505416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00353864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00278600 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00201800 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2014-03-22 17:27 - 2014-03-22 17:27 - 00895696 _____ (RealNetworks, Inc.) C:\Users\Lin55\Downloads\RealPlayerCloud.exe
2014-03-20 13:35 - 2013-07-20 15:39 - 00000000 ____D () C:\BigFishCache
2014-03-20 13:35 - 2012-08-20 22:37 - 00000000 ___RD () C:\Users\Lin55\Desktop\GAMES
2014-03-16 21:43 - 2012-07-25 15:41 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Elephant Games
2014-03-16 11:50 - 2013-04-04 09:46 - 00000000 ____D () C:\Users\Lin55\Desktop\Me
2014-03-15 23:16 - 2014-03-15 23:16 - 00001278 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-03-15 23:16 - 2014-03-15 23:12 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Bloody Mary
2014-03-15 23:12 - 2014-03-15 23:12 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Bloody Mary
2014-03-15 22:54 - 2014-03-15 22:54 - 00236648 _____ (Big Fish Games) C:\Users\Lin55\Downloads\bigfishgames_p207071213_s1_l1.exe
2014-03-15 20:10 - 2014-03-15 20:09 - 00000000 ____D () C:\Program Files (x86)\Between the Worlds II - The Pyramid
2014-03-15 20:09 - 2014-03-15 20:09 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Between the Worlds II - The Pyramid
2014-03-15 19:56 - 2014-03-13 00:20 - 00236648 _____ (Big Fish Games) C:\Users\Lin55\Downloads\bigfishgames_p207071194_s1_l1.exe
2014-03-15 19:12 - 2014-03-15 19:09 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Between The Worlds 2
2014-03-13 21:16 - 2014-03-13 21:16 - 00000000 ____D () C:\Users\Lin55\Documents\The Lonely Hearts Murders SE
2014-03-13 21:16 - 2013-09-02 12:29 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\MagicIndie
2014-03-13 00:54 - 2014-03-13 00:51 - 00000000 ____D () C:\Program Files (x86)\Brink of Consciousness - The Lonely Hearts Murders
2014-03-13 00:51 - 2014-03-13 00:51 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brink of Consciousness - The Lonely Hearts Murders
2014-03-13 00:17 - 2014-03-13 00:17 - 00236648 _____ (Big Fish Games) C:\Users\Lin55\Downloads\bigfishgames_p207071142_s1_l1.exe
2014-03-12 22:27 - 2012-05-01 22:03 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 22:27 - 2012-05-01 22:03 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 22:27 - 2012-03-22 16:34 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 20:36 - 2014-03-09 20:36 - 00003021 _____ () C:\Users\Lin55\Desktop\Microsoft Word 2010.lnk
2014-03-09 17:29 - 2013-09-15 19:09 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-09 17:27 - 2012-07-19 20:46 - 00000000 ____D () C:\Users\Lin55
2014-03-09 17:27 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-03-09 17:26 - 2012-10-27 21:23 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-09 17:26 - 2012-10-27 21:23 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-09 16:25 - 2014-02-14 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-09 16:25 - 2013-12-15 19:27 - 00000000 ____D () C:\Users\Lin55\Desktop\junk2
2014-03-09 16:25 - 2012-10-27 21:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-09 16:25 - 2012-10-27 21:23 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-03-09 16:25 - 2012-10-27 21:23 - 00000000 ____D () C:\Users\Lin55\AppData\Local\Apple
2014-03-09 16:25 - 2012-10-27 21:23 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-09 16:25 - 2012-09-10 15:54 - 00000000 ____D () C:\Users\Guest
2014-03-09 16:25 - 2012-07-29 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-09 16:25 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-03-09 16:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-03-09 16:19 - 2012-10-27 21:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-09 16:19 - 2012-10-27 21:22 - 00000000 ____D () C:\ProgramData\Apple
2014-03-09 16:18 - 2012-08-03 17:36 - 00000000 __RHD () C:\MSOCache
2014-03-09 11:37 - 2012-07-20 00:19 - 00000000 ____D () C:\Users\Lin55\AppData\Local\CrashDumps
2014-03-08 14:17 - 2012-07-19 22:55 - 00000000 ____D () C:\Users\Lin55\AppData\Local\Adobe
2014-03-07 23:41 - 2014-01-27 22:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-05 09:26 - 2014-03-27 20:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-27 20:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-27 20:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 23:12 - 2012-10-27 21:25 - 00000000 ____D () C:\Users\Lin55\AppData\Local\Apple Computer
2014-03-02 12:01 - 2014-03-02 12:01 - 00000000 _____ () C:\Users\Lin55\agent.log
2014-02-28 19:27 - 2014-02-23 22:03 - 00000000 ____D () C:\Users\Lin55\AppData\Roaming\Samsung
2014-02-28 19:27 - 2014-02-23 21:55 - 00000000 ____D () C:\Program Files (x86)\Samsung

Files to move or delete:
====================
C:\Users\Lin55\Silverlight_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 16:16

==================== End Of Log ============================

 

and:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Lin55 at 2014-03-27 21:40:55
Running from C:\Users\Lin55\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Abyss: The Wraiths of Eden (HKLM-x32\...\BFG-Abyss - The Wraiths of Eden) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Awakening: The Dreamless Castle (HKLM-x32\...\BFG-Awakening - The Dreamless Castle) (Version:  - )
Behind the Reflection (HKLM-x32\...\BFG-Behind the Reflection) (Version:  - )
Between the Worlds II: The Pyramid (HKLM-x32\...\BFG-Between the Worlds II - The Pyramid) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brink of Consciousness: Dorian Gray Syndrome (HKLM-x32\...\BFG-Brink of Consciousness - Dorian Gray Syndrome) (Version:  - )
Brink of Consciousness: The Lonely Hearts Murders (HKLM-x32\...\BFG-Brink of Consciousness - The Lonely Hearts Murders) (Version:  - )
Chimeras: Tune Of Revenge (HKLM-x32\...\BFG-Chimeras - Tune Of Revenge) (Version:  - )
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Criminal Minds (HKLM-x32\...\BFG-Criminal Minds) (Version:  - )
Curse at Twilight: Thief of Souls Collector's Edition (HKLM-x32\...\BFG-Curse at Twilight - Thief of Souls Collector's Edition) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version:  - )
Dark Tales: Edgar Allan Poe's The Premature Burial (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Premature Burial) (Version:  - )
Death at Fairing Point: A Dana Knightstone Novel (HKLM-x32\...\BFG-Death at Fairing Point - A Dana Knightstone Novel) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Depths of Betrayal Collector's Edition (HKLM-x32\...\BFG-Depths of Betrayal Collector's Edition) (Version:  - )
Drawn&reg;: The Painted Tower ™ (HKLM-x32\...\BFG-Drawn - The Painted Tower) (Version:  - )
Drawn®: Dark Flight ™ Collector's Edition (HKLM-x32\...\BFG-Drawn - Dark Flight Collector's Edition) (Version:  - )
Drawn™: Trail of Shadows (HKLM-x32\...\BFG-Drawn - Trail of Shadows) (Version:  - )
Dream Chronicles (HKLM-x32\...\BFG-Dream Chronicles) (Version:  - )
Dream Chronicles: The Chosen Child (HKLM-x32\...\BFG-Dream Chronicles - The Chosen Child) (Version:  - )
Echoes of the Past: Royal House of Stone (HKLM-x32\...\BFG-Echoes of the Past - Royal House of Stone) (Version:  - )
Enigmatis: The Ghosts of Maple Creek (HKLM-x32\...\BFG-Enigmatis - The Ghosts of Maple Creek) (Version:  - )
Enigmatis: The Mists of Ravenwood Collector's Edition (HKLM-x32\...\BFG-Enigmatis - The Mists of Ravenwood Collector's Edition) (Version:  - )
F.A.C.E.S. (HKLM-x32\...\BFG-FACES) (Version:  - )
Forest Legends: The Call of Love (HKLM-x32\...\BFG-Forest Legends - The Call of Love) (Version:  - )
Gardenscapes (HKLM-x32\...\BFG-Gardenscapes) (Version:  - )
Ghost Whisperer™ (HKLM-x32\...\BFG-Ghost Whisperer) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Green Moon (HKLM-x32\...\BFG-Green Moon) (Version:  - )
Grim Facade: Mystery of Venice (HKLM-x32\...\BFG-Grim Facade - Mystery of Venice) (Version:  - )
Grim Facade: Sinister Obsession Collector’s Edition (HKLM-x32\...\BFG-Grim Facade - Sinister Obsession Collector’s Edition) (Version:  - )
Grim Tales: Bloody Mary (HKLM-x32\...\BFG-Grim Tales - Bloody Mary) (Version:  - )
Hallowed Legends: Samhain (HKLM-x32\...\BFG-Hallowed Legends - Samhain) (Version:  - )
Hallowed Legends: Ship of Bones (HKLM-x32\...\BFG-Hallowed Legends - Ship of Bones) (Version:  - )
Haunted Halls: Fears from Childhood (HKLM-x32\...\BFG-Haunted Halls - Fears from Childhood) (Version:  - )
Haunted Halls: Green Hills Sanitarium (HKLM-x32\...\BFG-Haunted Halls - Green Hills Sanitarium) (Version:  - )
Haunted Halls: Nightmare Dwellers (HKLM-x32\...\BFG-Haunted Halls - Nightmare Dwellers) (Version:  - )
Haunted Halls: Revenge of Doctor Blackmore (HKLM-x32\...\BFG-Haunted Halls - Revenge of Doctor Blackmore) (Version:  - )
Haunted Hotel: Charles Dexter Ward (HKLM-x32\...\BFG-Haunted Hotel - Charles Dexter Ward) (Version:  - )
Haunted Hotel: Eclipse Collector's Edition (HKLM-x32\...\BFG-Haunted Hotel - Eclipse Collectors Edition) (Version:  - )
Haunted Hotel: Lonely Dream (HKLM-x32\...\BFG-Haunted Hotel - Lonely Dream) (Version:  - )
Haunted Manor: Queen of Death (HKLM-x32\...\BFG-Haunted Manor - Queen of Death) (Version:  - )
House of 1000 Doors: Family Secrets (HKLM-x32\...\BFG-House of 1000 Doors - Family Secrets) (Version:  - )
House of 1000 Doors: Serpent Flame (HKLM-x32\...\BFG-House of 1000 Doors - Serpent Flame) (Version:  - )
House of 1000 Doors: The Palm of Zoroaster (HKLM-x32\...\BFG-House of 1000 Doors - The Palm of Zoroaster) (Version:  - )
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 15 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170150}) (Version: 1.7.0.150 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Living Legends: Frozen Beauty (HKLM-x32\...\BFG-Living Legends - Frozen Beauty) (Version:  - )
Lost Souls: Enchanted Paintings (HKLM-x32\...\BFG-Lost Souls - Enchanted Paintings) (Version:  - )
Love Story: Letters from the Past (HKLM-x32\...\BFG-Love Story - Letters from the Past) (Version:  - )
Love Story: The Beach Cottage (HKLM-x32\...\BFG-Love Story - The Beach Cottage) (Version:  - )
Love Story: The Way Home (HKLM-x32\...\BFG-Love Story - The Way Home) (Version:  - )
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Midnight Mysteries 3: Devil on the Mississippi (HKLM-x32\...\BFG-Midnight Mysteries 3 - Devil on the Mississippi) (Version:  - )
Millennium Secrets: Emerald Curse (HKLM-x32\...\BFG-Millennium Secrets - Emerald Curse) (Version:  - )
Millennium Secrets: Roxanne's Necklace (HKLM-x32\...\BFG-Millennium Secrets - Roxannes Necklace) (Version:  - )
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery Case Files &reg;: 13th Skull ™ (HKLM-x32\...\BFG-Mystery Case Files - 13th Skull) (Version:  - )
Mystery Case Files &reg;: Dire Grove ™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
Mystery Case Files&reg;: Shadow Lake Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - Shadow Lake Collector's Edition) (Version:  - )
Mystery P.I.: Stolen in San Francisco (HKLM-x32\...\BFG-Mystery P.I. - Stolen in San Francisco) (Version:  - )
Mystery P.I.: The Curious Case of Counterfeit Cove (HKLM-x32\...\BFG-Mystery P.I. - The Curious Case of Counterfeit Cove) (Version:  - )
Mystery Trackers: Raincliff (HKLM-x32\...\BFG-Mystery Trackers - Raincliff) (Version:  - )
Nightfall Mysteries: Black Heart (HKLM-x32\...\BFG-Nightfall Mysteries - Black Heart) (Version:  - )
Nightmare Adventures: The Turning Thorn (HKLM-x32\...\BFG-Nightmare Adventures - The Turning Thorn) (Version:  - )
Nightmare Adventures: The Witch's Prison (HKLM-x32\...\BFG-Nightmare Adventures - The Witch's Prison) (Version:  - )
Nightmares from the Deep: The Cursed Heart (HKLM-x32\...\BFG-Nightmares from the Deep - The Cursed Heart) (Version:  - )
Nightmares from the Deep: The Siren's Call (HKLM-x32\...\BFG-Nightmares from the Deep - The Sirens Call) (Version:  - )
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
Otherworld: Omens of Summer (HKLM-x32\...\BFG-Otherworld - Omens of Summer) (Version:  - )
Otherworld: Shades of Fall Collector's Edition (HKLM-x32\...\BFG-Otherworld - Shades of Fall Collectors Edition) (Version:  - )
Otherworld: Spring of Shadows (HKLM-x32\...\BFG-Otherworld - Spring of Shadows) (Version:  - )
Pirate Mysteries: A Tale of Monkeys, Masks, and Hidden Objects (HKLM-x32\...\BFG-Pirate Mysteries - A Tale of Monkeys, Masks, and Hidden Objects) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redemption Cemetery: Children's Plight (HKLM-x32\...\BFG-Redemption Cemetery - Childrens Plight) (Version:  - )
Redemption Cemetery: Curse of the Raven (HKLM-x32\...\BFG-Redemption Cemetery - Curse of the Raven) (Version:  - )
Redemption Cemetery: Salvation of the Lost (HKLM-x32\...\BFG-Redemption Cemetery - Salvation of the Lost) (Version:  - )
Return to Mysterious Island 2: Mina's Fate (HKLM-x32\...\BFG-Return to Mysterious Island 2 - Mina's Fate) (Version:  - )
Rhiannon: Curse of the Four Branches (HKLM-x32\...\BFG-Rhiannon - Curse of the Four Branches) (Version:  - )
Rite of Passage: The Perfect Show (HKLM-x32\...\BFG-Rite of Passage - The Perfect Show) (Version:  - )
Royal Detective: The Lord of Statues (HKLM-x32\...\BFG-Royal Detective - The Lord of Statues) (Version:  - )
Royal Trouble (HKLM-x32\...\BFG-Royal Trouble) (Version:  - )
Sable Maze: Norwich Caves (HKLM-x32\...\BFG-Sable Maze - Norwich Caves) (Version:  - )
Scratches Director's Cut (HKLM-x32\...\BFG-Scratches Director's Cut) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shadow Wolf Mysteries: Curse of the Full Moon (HKLM-x32\...\BFG-Shadow Wolf Mysteries - Curse of the Full Moon) (Version:  - )
Shadows: Price for Our Sins (HKLM-x32\...\BFG-Shadows - Price for Our Sins) (Version:  - )
Shiver: Moonlit Grove (HKLM-x32\...\BFG-Shiver - Moonlit Grove) (Version:  - )
Shiver: Poltergeist Collector's Edition (HKLM-x32\...\BFG-Shiver - Poltergeist Collector's Edition) (Version:  - )
Shiver: Vanishing Hitchhiker Collector's Edition (HKLM-x32\...\BFG-Shiver - Vanishing Hitchhiker Collector's Edition) (Version:  - )
Skyborn (HKLM-x32\...\BFG-Skyborn) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Small Town Terrors: Pilgrim's Hook (HKLM-x32\...\BFG-Small Town Terrors - Pilgrim's Hook) (Version:  - )
Spirits of Mystery: Song of the Phoenix (HKLM-x32\...\BFG-Spirits of Mystery - Song of the Phoenix) (Version:  - )
Surface: Mystery of Another World Collector's Edition (HKLM-x32\...\BFG-Surface - Mystery of Another World Collector's Edition) (Version:  - )
Surface: The Noise She Couldn't Make Collector's Edition (HKLM-x32\...\BFG-Surface - The Noise She Couldn't Make Collector's Edition) (Version:  - )
Surface: The Pantheon Collector's Edition (HKLM-x32\...\BFG-Surface - The Pantheon Collectors Edition) (Version:  - )
Surface: The Soaring City (HKLM-x32\...\BFG-Surface - The Soaring City) (Version:  - )
Syberia II (HKLM-x32\...\BFG-Syberia II) (Version:  - )
Sylia - Act 1 (HKLM-x32\...\BFG-Sylia - Act 1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated)
The Blackwell Convergence (HKLM-x32\...\BFG-The Blackwell Convergence) (Version:  - )
The Dreamatorium of Dr. Magnus (HKLM-x32\...\BFG-The Dreamatorium of Dr. Magnus) (Version:  - )
The Last Express (HKLM-x32\...\BFG-The Last Express) (Version:  - )
The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play (HKLM-x32\...\BFG-The Legend of Sleepy Hollow - Jar of Marbles III - Free to Play) (Version:  - )
The Mystery of the Crystal Portal: Beyond the Horizon (HKLM-x32\...\BFG-The Mystery of the Crystal Portal - Beyond the Horizon) (Version:  - )
The Treasures of Mystery Island (HKLM-x32\...\BFG-The Treasures of Mystery Island) (Version:  - )
The Treasures of Mystery Island: The Gates of Fate (HKLM-x32\...\BFG-The Treasures of Mystery Island - The Gates of Fate) (Version:  - )
Time Mysteries: The Ancient Spectres (HKLM-x32\...\BFG-Time Mysteries - The Ancient Spectres) (Version:  - )
Timeless: The Forgotten Town (HKLM-x32\...\BFG-Timeless - The Forgotten Town) (Version:  - )
Timeless: The Lost Castle (HKLM-x32\...\BFG-Timeless - The Lost Castle) (Version:  - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.0021.640203 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Treasure Masters (HKLM-x32\...\BFG-Treasure Masters) (Version:  - )
Treasure Seekers: Follow the Ghosts (HKLM-x32\...\BFG-Treasure Seekers - Follow the Ghosts) (Version:  - )
Treasure Seekers: The Enchanted Canvases (HKLM-x32\...\BFG-Treasure Seekers - The Enchanted Canvases) (Version:  - )
Treasure Seekers: The Time Has Come (HKLM-x32\...\BFG-Treasure Seekers - The Time Has Come) (Version:  - )
Twisted Lands: Insomniac (HKLM-x32\...\BFG-Twisted Lands - Insomniac) (Version:  - )
Twisted Lands: Origin (HKLM-x32\...\BFG-Twisted Lands - Origin) (Version:  - )
Twisted Lands: Shadow Town (HKLM-x32\...\BFG-Twisted Lands - Shadow Town) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Urban Legends: The Maze (HKLM-x32\...\BFG-Urban Legends - The Maze) (Version:  - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Witches' Legacy: The Charleston Curse (HKLM-x32\...\BFG-Witches' Legacy - The Charleston Curse) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

09-03-2014 22:27:33 avast! antivirus system restore point
17-03-2014 00:59:35 Scheduled Checkpoint
23-03-2014 20:57:50 Removed iTunes
23-03-2014 21:19:10 Windows Update
24-03-2014 00:06:13 Removed QuickTime

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-03-27 18:29 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04F398D8-2739-406B-9FA0-2B369AFBE0E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01] (Google Inc.)
Task: {10ED4E7E-9A2E-4891-8347-F108380C5DFC} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.36\SymErr.exe
Task: {11BAAE52-752B-4CFD-B275-6F9E883AC09A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {19D2119F-8A24-498F-905F-E0FE81D8BF1A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-09] (AVAST Software)
Task: {495592B6-DDCD-420C-8D38-B1A42DA60196} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {4CACD6C9-ECDB-4CF4-880A-95133AEEBE57} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {72BE3D28-A3F6-46C3-B004-FA70D1160187} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.36\SymErr.exe
Task: {9F4A6E17-B26E-46C4-A6F8-1E2F47BCF465} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A83CD274-7B8D-45D1-AC7C-529A086B24ED} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-783567103-2195990892-4293511471-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {B7263C8F-9DF4-49C2-A358-C1CE9A87912B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {D01CC51C-DDA5-4C53-BFFA-9FD23E92510B} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2012-06-21] (Symantec Corporation)
Task: {D3ABBACB-CEBB-41A9-BA01-BE421F17F052} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-783567103-2195990892-4293511471-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {EE972CFB-5402-4C0D-8D3B-BEB032A308F7} - System32\Tasks\{BCFA1287-8641-4FB8-8412-3119E1ADC504} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {FD9A0058-46B4-4BD1-A5F4-FB7F4AA50C78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-05-01 21:02 - 2012-01-20 13:45 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 16:29 - 2014-02-12 16:29 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-12-17 18:14 - 2012-12-17 18:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2012-02-01 13:34 - 2012-02-01 13:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-25 20:51 - 2011-11-25 20:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-03-27 18:10 - 2014-03-27 15:54 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032701\algo.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2013-10-24 16:13 - 2013-10-24 16:13 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-01 21:02 - 2012-01-20 13:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-14 20:06 - 2014-02-14 20:06 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-22 17:30 - 2014-03-22 17:30 - 00571992 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2014-03-12 22:27 - 2014-03-12 22:27 - 16276872 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Lin55^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2014 08:53:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2014 07:17:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2014 06:48:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2014 06:10:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 06:09:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2014 09:06:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2014 09:12:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 07:00:00 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (03/23/2014 06:32:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 04:19:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (03/27/2014 08:51:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/27/2014 06:46:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/27/2014 06:29:30 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/27/2014 06:09:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/26/2014 06:07:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/25/2014 09:04:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/24/2014 09:11:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/23/2014 06:34:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2925418).

Error: (03/23/2014 06:31:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/23/2014 10:00:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126


Microsoft Office Sessions:
=========================
Error: (03/27/2014 08:53:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2014 07:17:24 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\dark manor - a hidden object mystery\QT\FacebookQT_D.exe

Error: (03/27/2014 06:48:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2014 06:10:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 06:09:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2014 09:06:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2014 09:12:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 07:00:00 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (03/23/2014 06:32:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 04:19:11 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3988.8 MB
Available physical RAM: 2092.22 MB
Total Pagefile: 7975.79 MB
Available Pagefile: 5974.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106401W0D) (Fixed) (Total:581.42 GB) (Free:456.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 4537E8B6)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=17)

==================== End Of Log ============================


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello Linda,

 

Download Windows Repair (All In One) from here.

It will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems.  When using this tool you can select the particular fixes you would like to launch and start the repair process.

Please download the tool to your desktop.

It will probably come as a Zip file and you will need to right click on the Zip file and click Extract. The contents will then be extracted to a separate folder.   

Double click the folder (Tweaking dot.com - Windows Repair) then from the list that shows double click the file (about the 5th one down the list) Repair_Windows.exe to run the program.

When the program opens click on the tab Start Repairs and the button Start

At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Windows Firewall
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Remove Policies Set By Infections
• Repair Icons
• Repair Proxy Settings
• Unhide Non System Files
• Repair Windows Updates

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System

Then click on the Start button if it doesn't do it automatically

If it asks you to back up your system click No and continue

When it is finished come back and tell me how it went.


  • 0

#7
LinL00king

LinL00king

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Can you please confirm whether you want the preset checks (ticks) left 'checked' or do you want none checked but what you listed??


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

do you want none checked but what you listed??

Yes.

 

That is leave the preset ones in the ones I have listed. Remove from the others. :)


  • 0

#9
LinL00king

LinL00king

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Looks like this one will take a while :) so since 530 comes pretty early I will post back to you tomorrow. Thank you!!


  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

:thumbsup:


  • 0

Advertisements


#11
LinL00king

LinL00king

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Okay, so I did exactly as you asked, but I'm unsure if I should have a "log" or such that saved from the results of what you had me do with the Windows Repair (All In One). It ran fine, other than that I don't know how I'd 'know how it went'?? LOL

I've noticed a couple of times that my Firefox would go into not responding, but it wouldn't last long.

 

Not much help, I know :)


  • 0

#12
LinL00king

LinL00king

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Oh! I just noticed my Avast Antivirus is turned off....


  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Okay, so I did exactly as you asked, but I'm unsure if I should have a "log" or such that saved from the results of what you had me do with the Windows Repair (All In One). It ran fine, other than that I don't know how I'd 'know how it went'?? LOL


You had to leave it so wouldn't have seen in real time what it did. I was really wanting to know whether the ITunes & QuickTime problem was fixed? :)

I believe a log is created in the Logs folder. I think a simple way of finding it is by going to the Settings tab and clicking on the Open Log Folder button.
 

Oh! I just noticed my Avast Antivirus is turned off....


May have been a result of Windows Repair All-In-one repairing your Windows Firewall which Avast works with. Start Avast and reboot your computer. I think Avast will reset itself, check for updates and work normally. Tell me if there are any problems.
 

I've noticed a couple of times that my Firefox would go into not responding, but it wouldn't last long.


Hmm... might be just a connection problem with your line but let's do this:

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Other Services
  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.

  • 0

#14
LinL00king

LinL00king

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Ok, here is the Windows repair log from the folder on my desktop titled "tweaking.com-Windows Repair". I have no idea where my Windows Repair All in One is roflmbo!!

 

So you can look over this log and let me know if it's the one you mean. I'll now go do the Avast turn on, reboot and the Farbar thing...

 

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: LIN55-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Lin55
Current Profile SID: S-1-5-21-783567103-2195990892-4293511471-1001
Current Profile Classes: S-1-5-21-783567103-2195990892-4293511471-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Lin55\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:24:02

Process Count: 88
Commit Total: 1.97 GB
Commit Limit: 7.79 GB
Commit Peak: 2.10 GB
Handle Count: 24592
Kernel Total: 362.35 MB
Kernel Paged: 267.17 MB
Kernel Non Paged: 95.18 MB
System Cache: 1.84 GB
Thread Count: 1021
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.90 GB
Memory Used: 1.88 GB(48.3524%)
Memory Avail.: 2.01 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.90 GB
Memory Used: 1.50 GB(38.4421%)
Memory Avail.: 2.40 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Start (3/27/2014 10:15:40 PM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/27/2014 10:15:40 PM)
   Running Repair Under Current User Account
   Done (3/27/2014 10:15:47 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/27/2014 10:15:47 PM)
   Running Repair Under System Account
   Done (3/27/2014 10:16:47 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/27/2014 10:16:47 PM)
   Running Repair Under System Account
   Done (3/27/2014 10:17:29 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (3/27/2014 10:17:29 PM)
   Running Repair Under System Account
   Done (3/27/2014 10:34:46 PM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (3/27/2014 10:34:46 PM)
   Running Repair Under System Account
   Done (3/27/2014 10:35:42 PM)

02 - Reset File Permissions: Current Profile
   C:\Users\Lin55 & Sub Folders
   Start (3/27/2014 10:35:42 PM)
   Running Repair Under System Account
   Done (3/27/2014 10:35:55 PM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (3/27/2014 10:35:55 PM)
   Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Guest\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Lin55\Documents\My Videos>

SetACL finished successfully.
   Done (3/27/2014 10:36:00 PM)

03 - Register System Files
   Start (3/27/2014 10:36:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/27/2014 10:37:07 PM)

04 - Repair WMI
   Start (3/27/2014 10:37:07 PM)
   Running Repair Under Current User Account
   Done (3/27/2014 10:39:14 PM)

05 - Repair Windows Firewall
   Start (3/27/2014 10:39:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/27/2014 10:39:50 PM)

06 - Repair Internet Explorer
   Start (3/27/2014 10:39:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/27/2014 10:40:27 PM)

07 - Repair MDAC/MS Jet
   Start (3/27/2014 10:40:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/27/2014 10:40:40 PM)

09 - Remove Policies Set By Infections
   Start (3/27/2014 10:40:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/27/2014 10:40:45 PM)

11 - Repair Icons
   Start (3/27/2014 10:40:45 PM)
   Running Repair Under Current User Account
   Done (3/27/2014 10:40:47 PM)

14 - Repair Proxy Settings
   Start (3/27/2014 10:40:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/27/2014 10:40:52 PM)

15 - Unhide Non System Files
   Start (3/27/2014 10:40:52 PM)
   C:\ - Total Files Unhidden: 636 - Check Unhidden_Files.txt for list of files unhidden
   Done (3/27/2014 10:43:12 PM)

16 - Repair Windows Updates
   Start (3/27/2014 10:43:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/27/2014 10:43:35 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (3/27/2014 10:43:35 PM)
   Total Repair Time: 00:27:57


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 

Thanks!!!


  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I have no idea where my Windows Repair All in One is roflmbo!!


Sorry you were mislead. That is what the tool is called see here.

So you can look over this log and let me know if it's the one you mean.


Seems to have worked fine.

Look forward to the FSS scan.
 
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP