Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware-gen, iBryte, Proxy Server Refusing Connections [Solved]

Started by Silas-wolf-fang , Feb 18 2015 09:29 PM
Important No internet access

  • This topic is locked This topic is locked

#16
BrianDrab
Posted 21 February 2015 - 08:01 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Got them. I'm reviewing now and will be back shortly.


  • 1

Advertisements

#17
BrianDrab
Posted 21 February 2015 - 08:32 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I'm going to post your logs here since you weren't able to and then I will follow it up with a fix.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by Olivia (administrator) on OLIVIA-PC on 21-02-2015 20:48:46
Running from C:\Users\Olivia\Desktop
Loaded Profiles: Olivia (Available profiles: Olivia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Olivia\AppData\Roaming\Spotify\spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
() C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsEditor.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Adobe Premiere Elements.exe
() C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\PhotoshopServer.exe
(GreenTree Applications SRL) C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
(Ambient Design Ltd.) C:\Program Files (x86)\Ambient Design\ArtRage Studio\ArtRage Studio.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-06] (SRS Labs, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [DelayTSS] => C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-05-18] (RealNetworks, Inc.)
HKLM-x32\...\RunOnce: [Import FF:0] => C:\Users\Olivia\AppData\Local\browser extensions\Resources\certutil.exe [90112 2014-12-18] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-06-06] (Google Inc.)
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Run: [Spotify] => C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-31] (Spotify Ltd)
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Run: [Spotify Web Helper] => C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-31] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1147979992-2349924293-2197084131-1000] => http=127.0.0.1:55512;https=127.0.0.1:55512
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> DefaultScope {652F9CE1-253F-41E3-BD78-9E097B60BDFA} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {2F7C0659-69DD-49B5-903C-8CE4C9C4881D} URL = http://www.google.co...1I7TSNO_enUS493
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {34C44B18-A2BE-4BE8-8B3A-D6FC1EC80815} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {652F9CE1-253F-41E3-BD78-9E097B60BDFA} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default
FF Homepage: hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Olivia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\searchplugins\yahoo_ff.xml
FF Extension: Slick Savings - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\[email protected] [2014-04-10]
FF Extension: Start Page - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-04-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-18]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-16]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Olivia\AppData\Local\Slick Savings\coupons.crx [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-08-27] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1031392 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259176 2011-12-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 20:48 - 2015-02-21 20:49 - 00025626 _____ () C:\Users\Olivia\Desktop\FRST.txt
2015-02-21 20:31 - 2015-02-21 20:31 - 02086912 _____ (Farbar) C:\Users\Olivia\Desktop\frst64.exe
2015-02-21 01:38 - 2015-02-21 01:38 - 00000000 ____D () C:\Users\Olivia\Documents\Ginga Nagareboshi Gin
2015-02-19 02:01 - 2015-02-20 23:04 - 00000000 ____D () C:\Users\Olivia\Desktop\Chuck Comic
2015-02-18 20:29 - 2015-02-18 20:29 - 00130320 _____ () C:\Users\Olivia\Desktop\OTL.Txt
2015-02-18 01:44 - 2015-02-18 01:44 - 00000088 _____ () C:\Users\Olivia\AppData\Local\e55d210da6bc4ff3018ec58d1668bb7a
2015-02-18 01:43 - 2015-02-18 03:19 - 00000000 ____D () C:\Users\Olivia\AppData\Local\browser extensions
2015-02-18 01:43 - 2015-02-18 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-02-17 05:57 - 2015-02-17 05:57 - 00000099 _____ () C:\Users\Olivia\Documents\40 to 50 Reasons Why God Loves Me.txt
2015-02-17 05:56 - 2015-02-17 05:56 - 20747944 _____ () C:\Users\Olivia\Documents\Spirit.ptg
2015-02-16 20:18 - 2015-02-16 20:18 - 00000000 ____D () C:\Users\Olivia\Desktop\User-Made Brushes
2015-02-16 20:17 - 2015-02-16 20:17 - 06505685 _____ () C:\Users\Olivia\Downloads\Trees_Photoshop_Brushes_by_redheadstock.zip
2015-02-16 20:12 - 2015-02-16 20:13 - 00000000 ____D () C:\Users\Olivia\Desktop\The Mercenary Wolfblood
2015-02-15 01:02 - 2015-02-15 01:26 - 142654950 _____ () C:\Users\Olivia\Documents\The Bridge of Healing Speedpaint.wmv
2015-02-14 23:33 - 2015-02-14 23:58 - 217824145 _____ () C:\Users\Olivia\Documents\The Pantheon Speedpaint.wmv
2015-02-14 03:38 - 2015-02-14 04:46 - 1533980390 _____ () C:\Users\Olivia\Documents\clip0061.avi
2015-02-14 03:35 - 2015-02-14 03:37 - 319789352 _____ () C:\Users\Olivia\Documents\clip0060.avi
2015-02-14 03:12 - 2015-02-14 03:27 - 699741040 _____ () C:\Users\Olivia\Documents\clip0059.avi
2015-02-13 08:33 - 2015-02-14 02:36 - 59776350 _____ () C:\Users\Olivia\Documents\pantheon.ptg
2015-02-12 19:38 - 2015-02-12 19:38 - 00003408 ____N () C:\bootsqm.dat
2015-02-12 19:36 - 2015-02-12 19:36 - 00000000 __SHD () C:\found.000
2015-02-11 22:40 - 2015-02-11 22:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2015-02-11 19:57 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-11 19:57 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-11 19:57 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-11 19:57 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-10 19:54 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-10 19:54 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-10 19:54 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 19:54 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-10 19:54 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-10 19:54 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-10 19:54 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 19:54 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 19:54 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-10 19:54 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-10 19:54 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-10 19:54 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-10 19:54 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-10 19:54 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-10 19:54 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-10 19:54 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-10 19:54 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:54 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-10 19:54 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 19:54 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:54 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-10 19:54 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-10 19:54 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-10 19:54 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-10 19:54 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-10 19:54 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:54 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-10 19:54 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-10 19:54 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-10 19:54 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-10 19:54 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-10 19:54 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-10 19:54 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 19:54 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-10 19:54 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 19:54 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-10 19:54 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-10 19:54 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 19:54 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 19:54 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-10 19:54 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-10 19:54 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-10 19:54 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 19:54 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-10 19:54 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-10 19:54 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-10 19:54 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-10 19:54 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 19:54 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-10 19:54 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-10 19:54 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-10 19:54 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-10 19:53 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 19:53 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 19:53 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 19:53 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 19:53 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 19:53 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 19:53 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 19:53 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 19:53 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-10 19:53 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-10 19:53 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-10 19:53 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-10 19:53 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-10 19:53 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-10 19:53 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-10 19:53 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-10 19:53 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-10 19:53 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-10 19:53 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-10 19:53 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-10 19:53 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-10 19:53 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-10 19:52 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:52 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 19:52 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 19:52 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 19:52 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 19:52 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 19:52 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 19:52 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 19:52 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 19:52 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 19:52 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 19:52 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-10 19:52 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-10 19:52 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-10 19:52 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-10 19:52 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-10 19:52 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-10 19:52 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 19:52 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 19:52 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-10 19:51 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 19:51 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-10 19:45 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-10 19:45 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-10 19:45 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-10 19:44 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 19:44 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-10 19:44 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 19:44 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-10 19:43 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 19:43 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-10 19:43 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-10 19:43 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-10 19:43 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-10 19:43 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-10 19:43 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-10 19:33 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 05:49 - 2015-02-10 06:08 - 1558230436 _____ () C:\Users\Olivia\Documents\clip0058.avi
2015-02-02 23:44 - 2015-02-03 00:19 - 197172287 _____ () C:\Users\Olivia\Documents\(40 Subscribers Special) Kaen Legend Garrif - Cover Speedpaint.wmv
2015-01-29 01:59 - 2015-01-29 02:46 - 227539817 _____ () C:\Users\Olivia\Downloads\TEChnoDanceMap.exe
2015-01-29 01:50 - 2015-01-29 01:52 - 107849354 _____ () C:\Users\Olivia\Downloads\futagopasss.rar
2015-01-28 19:23 - 2015-01-28 19:23 - 00000641 _____ () C:\Users\Public\Desktop\FeralHeart.lnk
2015-01-28 19:23 - 2015-01-28 19:23 - 00000000 ___HD () C:\windows\msdownld.tmp
2015-01-28 19:23 - 2015-01-28 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeralHeart
2015-01-28 19:22 - 2015-02-20 19:33 - 00000000 ____D () C:\FeralHeart
2015-01-28 19:21 - 2015-01-28 19:21 - 60391091 _____ (Kovuworks ) C:\Users\Olivia\Downloads\FHSetup.exe
2015-01-28 19:19 - 2015-01-28 19:19 - 00004908 _____ () C:\Users\Olivia\Downloads\FHSetup.torrent
2015-01-26 20:36 - 2015-01-26 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 20:48 - 2013-09-15 22:01 - 00000000 ____D () C:\FRST
2015-02-21 20:48 - 2012-07-18 19:54 - 00000000 ____D () C:\Users\Olivia
2015-02-21 20:48 - 2012-06-06 11:36 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 20:47 - 2014-11-01 17:00 - 00000000 ____D () C:\Users\Olivia\AppData\Roaming\Spotify
2015-02-21 20:41 - 2014-06-27 19:20 - 00000000 ____D () C:\Users\Olivia\Documents\Adobe Premiere Elements Auto-Save
2015-02-21 20:19 - 2012-12-28 00:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 20:05 - 2012-06-06 10:33 - 01929115 _____ () C:\windows\WindowsUpdate.log
2015-02-21 19:29 - 2013-12-20 16:30 - 00032423 _____ () C:\windows\setupact.log
2015-02-21 19:27 - 2012-06-06 10:38 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-21 05:48 - 2012-06-06 11:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 05:00 - 2012-07-26 23:58 - 00000000 ____D () C:\Users\Olivia\AppData\Local\CrashDumps
2015-02-21 03:11 - 2014-06-01 22:42 - 00000000 ____D () C:\Users\Olivia\Desktop\Art
2015-02-20 23:14 - 2014-11-14 05:20 - 00000000 ____D () C:\Users\Olivia\Desktop\Warfang (Graphic Novel)
2015-02-20 20:09 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 20:09 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 20:01 - 2013-09-08 18:25 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-20 19:59 - 2012-06-06 10:38 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-20 19:59 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-20 19:48 - 2013-12-20 16:30 - 00190748 _____ () C:\windows\PFRO.log
2015-02-20 19:48 - 2013-10-12 00:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-20 19:44 - 2012-07-18 20:01 - 00000000 ____D () C:\Users\Olivia\AppData\Roaming\SoftGrid Client
2015-02-20 19:39 - 2012-08-04 01:47 - 00000000 ____D () C:\Users\Olivia\AppData\Roaming\Skype
2015-02-20 06:50 - 2014-11-01 17:00 - 00000000 ____D () C:\Users\Olivia\AppData\Local\Spotify
2015-02-18 20:49 - 2014-01-18 03:31 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-02-18 20:24 - 2014-11-08 04:31 - 00000000 ____D () C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-18 20:24 - 2013-10-12 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-18 01:43 - 2014-01-17 21:52 - 00001304 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-02-16 22:01 - 2013-10-12 08:17 - 00000000 ____D () C:\Users\Olivia\AppData\Local\The Lord of the Rings Online
2015-02-13 23:35 - 2013-10-12 03:14 - 00000000 ____D () C:\Users\Olivia\AppData\Local\Turbine
2015-02-11 22:40 - 2013-09-21 08:16 - 00000000 ____D () C:\Program Files\Tablet
2015-02-11 19:35 - 2009-07-13 23:45 - 00307632 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-11 19:31 - 2014-12-11 18:53 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 19:31 - 2014-05-06 03:06 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-05 05:43 - 2012-06-06 11:36 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 05:43 - 2012-06-06 11:36 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 01:12 - 2013-10-01 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-04 23:20 - 2012-12-28 00:19 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 23:19 - 2012-04-25 20:04 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 23:19 - 2012-04-25 20:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 05:24 - 2014-08-22 16:44 - 00000000 ____D () C:\Users\Olivia\Desktop\Kaen Legend Garrif (Graphic Novel)
2015-01-28 19:24 - 2013-06-18 22:50 - 00000000 ____D () C:\windows\SysWOW64\directx
2015-01-27 05:44 - 2013-02-26 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-25 03:11 - 2012-06-06 11:33 - 00790374 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-25 03:11 - 2009-07-14 00:13 - 00790374 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-23 23:10 - 2012-07-18 19:57 - 00075664 _____ () C:\Users\Olivia\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2014-10-01 03:23 - 2014-10-01 03:23 - 0000096 _____ () C:\Users\Olivia\AppData\Roaming\version2.xml
2013-06-14 00:57 - 2014-08-15 21:59 - 0022528 _____ () C:\Users\Olivia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-18 01:44 - 2015-02-18 01:44 - 0000088 _____ () C:\Users\Olivia\AppData\Local\e55d210da6bc4ff3018ec58d1668bb7a
2013-10-12 03:14 - 2013-10-12 03:14 - 0000094 _____ () C:\Users\Olivia\AppData\Local\fusioncache.dat
2014-02-24 01:09 - 2014-02-24 01:09 - 0000857 _____ () C:\Users\Olivia\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Olivia\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-22 07:25

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
Ran by Olivia at 2015-02-21 20:50:20
Running from C:\Users\Olivia\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 Templates (HKLM-x32\...\PremElem70Templates) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ArtRage Studio (HKLM-x32\...\{71C0F2FA-8AA8-482C-96E4-A8124F2DC84D}) (Version: 3.5.4 - Ambient Design)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Autodesk SketchBook Express 2011 sp2 (HKLM-x32\...\{EB87378B-E64A-4D27-8AB6-0786BAB3AC84}) (Version: 5.20.0000 - Autodesk)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1497.0 - AVAST Software)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Corel Painter Essentials 4 (HKLM-x32\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version:  - Corel Corporation)
Corel Painter Essentials 4 (x32 Version: 4.2 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FeralHeart version 1.13 (HKLM-x32\...\{EAD29228-1A50-4178-B1EA-E1D83FC691F0}_is1) (Version: 1.13 - Kovuworks)
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.01 - Hyperionics Technology LLC)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Last Moon 0.3 (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Last Moon) (Version: 0.3 - Last Moon)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6581 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29006 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements (HKLM-x32\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Spotify (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SRS Premium Sound Control Panel (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.1100 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.7 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)
The Lord of the Rings Online™ v03.08.00.8029 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8029 - Turbine, Inc.)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.3.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0022.640207 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 5.0.0.22-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

10-02-2015 19:32:55 Windows Update
11-02-2015 03:00:29 Windows Update
12-02-2015 03:00:21 Windows Update
17-02-2015 19:33:27 Windows Update
18-02-2015 20:00:23 Revo Uninstaller's restore point - Stronghold Kingdoms

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-06-14 17:54 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06755DD9-9A98-4461-A23D-5D15E093BEAC} - System32\Tasks\{666AAAFE-E1E5-4E8B-BB57-DC93BC5BC5B0} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe
Task: {08A7874C-C109-4A99-8142-CD909A879916} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {15D65F48-E748-41B2-B32E-C73F46C4537E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {1B6ECEDC-EC35-4B14-B3A7-82861481AC43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {2722654F-19F5-4F58-AB17-59D96E03D30D} - System32\Tasks\{19075FE3-FDF4-4E90-A3D7-7426310C48B4} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {379ECFE5-2CB2-4273-ABCB-AA0ABFACFA12} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1147979992-2349924293-2197084131-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {39556666-E434-425E-8710-1476959D0059} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1147979992-2349924293-2197084131-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {488DFC71-783D-4B8F-91D8-30B350F08B42} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {7020A2E1-D391-4DC8-BFB1-A68B8A7513F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {72CAE5FB-2214-43C7-9AEF-B6FF04B3B98D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7DC9D8E9-4F73-4364-BDBF-DCFE73E744A1} - System32\Tasks\{A6A2231A-E4F1-469C-A60C-DA08CAE56EBD} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe
Task: {87CEBCD6-9295-43F3-BE91-28203AC21791} - System32\Tasks\{AA2F28B4-1054-4D73-A549-E43896BA165A} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
Task: {A02E2493-2F06-4C08-86F0-719D828F567F} - System32\Tasks\{7B9C76CF-8986-48DB-9746-0AD5942C994B} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
Task: {A1143871-0848-44E4-A178-0DE5FF151D6C} - System32\Tasks\{633FB87B-102F-487C-935E-548ECD20A3E3} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {B3BD013D-6779-4AE3-9601-0DBA64A42EAE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {B66E581E-FC42-44B1-8E56-15B918659EED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B7D4369D-C39A-4D7E-8FBC-CD4797C89EFA} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {C029761C-A6AD-49C1-A035-4685632E6398} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CE082D40-6ABE-409D-B9B4-C58D00F1242E} - System32\Tasks\{DF7F82CD-1AC8-472A-958C-CD41B3BE1130} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {D027C516-2577-4313-9D2D-D9886F8D10C8} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {D02E00BD-A1CF-48F2-975D-08A97E805E91} - System32\Tasks\{20458206-3846-4981-A082-08E2006E7268} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
Task: {D14DFA03-EC7A-4B4E-BB91-4BBB2CFA7FBA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {E3FAB584-1B20-46D2-8343-2E1EDF6583CA} - System32\Tasks\{11910D26-1D24-424D-8BDB-603662A25BD9} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
Task: {E7C0B068-A9E0-4F1B-A997-D2B54AE92B53} - System32\Tasks\{7115E37A-9A13-4644-8C83-27472F37097B} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) ==============

2012-06-06 10:38 - 2012-01-20 13:45 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-08-22 17:19 - 2011-08-22 17:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2012-03-26 19:33 - 2012-03-26 19:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-01 17:00 - 2014-12-31 20:26 - 00374840 _____ () C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2011-11-25 20:51 - 2011-11-25 20:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-21 08:16 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2008-09-16 04:44 - 2008-09-16 04:44 - 05219712 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Adobe Premiere Elements.exe
2008-09-16 04:44 - 2008-09-16 04:44 - 00079232 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\PhotoshopServer.exe
2011-12-23 12:24 - 2011-12-23 12:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2015-02-21 19:28 - 2015-02-21 14:18 - 02901504 _____ () C:\Program Files\AVAST Software\Avast\defs\15022102\algo.dll
2014-11-01 17:00 - 2014-12-31 20:27 - 36966968 _____ () C:\Users\Olivia\AppData\Roaming\Spotify\Data\libcef.dll
2014-11-01 17:00 - 2014-12-31 20:27 - 00867896 _____ () C:\Users\Olivia\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-11-01 17:00 - 2014-12-31 20:27 - 00886840 _____ () C:\Users\Olivia\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-11-01 17:00 - 2014-12-31 20:27 - 00108600 _____ () C:\Users\Olivia\AppData\Roaming\Spotify\Data\libegl.dll
2012-06-06 10:37 - 2012-01-20 13:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2008-09-16 11:05 - 2008-09-16 11:05 - 00427360 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\DetectionUtils.dll
2008-09-16 11:00 - 2008-09-16 11:00 - 01032266 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\libmmd.dll
2008-09-16 11:05 - 2008-09-16 11:05 - 01418592 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\ems.dll
2008-09-16 11:03 - 2008-09-16 11:03 - 00398688 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobeXMP.dll
2008-09-16 11:06 - 2008-09-16 11:06 - 03626336 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\authplay.dll
2008-09-16 01:24 - 2008-09-16 01:24 - 01339392 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\dvacore.dll
2008-09-16 01:34 - 2008-09-16 01:34 - 00028160 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\PRM.dll
2008-09-16 01:34 - 2008-09-16 01:34 - 00598016 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ASLFoundation.dll
2008-09-16 02:53 - 2008-09-16 02:53 - 00031744 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Startup.dll
2008-09-16 02:17 - 2008-09-16 02:17 - 00249856 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\About.dll
2008-09-16 02:00 - 2008-09-16 02:00 - 04952064 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\UIFramework.dll
2008-09-16 01:38 - 2008-09-16 01:38 - 01175552 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ImageRenderer.dll
2008-09-16 01:38 - 2008-09-16 01:38 - 00139264 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ASLUnitTesting.dll
2008-09-16 01:29 - 2008-09-16 01:29 - 00696320 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\dvaworkspace.dll
2008-09-16 01:28 - 2008-09-16 01:28 - 01830912 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\dvaui.dll
2008-09-16 01:44 - 2008-09-16 01:44 - 11800576 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\BackendLib.dll
2008-09-16 01:35 - 2008-09-16 01:35 - 00110592 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\MediaFoundation.dll
2008-09-16 01:35 - 2008-09-16 01:35 - 00466944 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\AudioRenderer.dll
2008-09-16 01:54 - 2008-09-16 01:54 - 00053760 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ASLConsole.dll
2008-09-16 02:49 - 2008-09-16 02:49 - 03452928 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\UIFramework.en_US.DLL
2008-09-16 02:49 - 2008-09-16 02:49 - 00516096 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\About.en_US.DLL
2008-09-16 02:55 - 2008-09-16 02:55 - 11620352 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Premiere.dll
2008-09-16 02:44 - 2008-09-16 02:44 - 00192512 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerHistory.dll
2008-09-16 02:23 - 2008-09-16 02:23 - 12304384 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HSL.dll
2008-09-16 02:15 - 2008-09-16 02:15 - 00114688 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\MediaCoreUI.dll
2008-09-16 01:33 - 2008-09-16 01:33 - 00528384 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\dvaeve.dll
2008-09-15 23:43 - 2008-09-15 23:43 - 00791904 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\sync_util.dll
2008-09-15 23:43 - 2008-09-15 23:43 - 02479456 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\SyncPrefLib.dll
2008-09-16 02:09 - 2008-09-16 02:09 - 00110592 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\DVDStructures.dll
2008-09-16 02:15 - 2008-09-16 02:15 - 05484544 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Mezzanine.dll
2008-09-16 01:52 - 2008-09-16 01:52 - 00331776 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\AudioFilters.dll
2008-09-16 01:50 - 2008-09-16 01:50 - 06627328 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\MediaLayer.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00483840 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\AdobeXMPFiles.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00424448 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\AdobeXMP.dll
2008-09-15 23:43 - 2008-09-15 23:43 - 00315392 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\livelink.dll
2008-09-16 01:35 - 2008-09-16 01:35 - 00039936 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\MemoryShell.dll
2008-09-16 01:45 - 2008-09-16 01:45 - 00229376 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\VideoFrame.dll
2008-09-16 02:10 - 2008-09-16 02:10 - 01208320 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\TitlerCreator.dll
2008-09-16 02:09 - 2008-09-16 02:09 - 00348160 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\TitlerUI.dll
2008-09-16 02:02 - 2008-09-16 02:02 - 00106496 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\BackendLegacyLib.dll
2008-09-16 02:05 - 2008-09-16 02:05 - 02547712 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\AMocWrapper.dll
2008-09-16 02:09 - 2008-09-16 02:09 - 00253952 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ContentAnalysisHost.dll
2008-09-16 02:08 - 2008-09-16 02:08 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ContentAnalysisData.dll
2008-09-16 02:09 - 2008-09-16 02:09 - 00131072 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Descriptors.dll
2008-09-16 02:03 - 2008-09-16 02:03 - 00196608 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\IPLibrary.dll
2008-09-16 02:17 - 2008-09-16 02:17 - 01409024 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\DVDCreator.dll
2008-09-16 02:45 - 2008-09-16 02:45 - 01187840 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerCapture.dll
2008-09-16 02:43 - 2008-09-16 02:43 - 02174976 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerTimeline.dll
2008-09-16 02:36 - 2008-09-16 02:36 - 00225280 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerAudioNarration.dll
2008-09-16 02:46 - 2008-09-16 02:46 - 00962560 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerAudioMixer.dll
2008-09-16 02:28 - 2008-09-16 02:28 - 02011136 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerOrganizer.dll
2008-09-16 02:44 - 2008-09-16 02:44 - 00565248 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerDVDLayout.dll
2008-09-16 02:30 - 2008-09-16 02:30 - 01441792 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerMonitor.dll
2008-09-16 02:24 - 2008-09-16 02:24 - 00458752 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\OLS.dll
2008-09-16 02:47 - 2008-09-16 02:47 - 00167936 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ARA.dll
2008-09-16 02:24 - 2008-09-16 02:24 - 00270336 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\PresetManager.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00216064 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\amefoundation.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00861184 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\FileInfo.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00177152 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ameproperties.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00998912 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\AMESettingsUI.dll
2008-09-16 01:31 - 2008-09-16 01:31 - 00712704 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\exo.dll
2008-09-16 02:36 - 2008-09-16 02:36 - 00176128 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerInfo.dll
2008-09-16 02:47 - 2008-09-16 02:47 - 00118784 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerEvents.dll
2008-09-16 02:37 - 2008-09-16 02:37 - 00192512 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerSharingCenter.dll
2008-09-16 02:25 - 2008-09-16 02:25 - 00516096 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\SCCommon.dll
2008-09-16 02:35 - 2008-09-16 02:35 - 03162112 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerEffectControls.dll
2008-09-16 02:36 - 2008-09-16 02:36 - 00397312 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerMovieTheme.dll
2008-09-16 02:40 - 2008-09-16 02:40 - 03272704 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerProject.dll
2008-09-16 02:41 - 2008-09-16 02:41 - 00135168 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HandlerGetProperties.dll
2008-09-16 02:51 - 2008-09-16 02:51 - 00055296 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\TitlerUI.en_US.DLL
2008-09-16 02:52 - 2008-09-16 02:52 - 03440640 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Mezzanine.en_US.DLL
2008-09-16 02:52 - 2008-09-16 02:52 - 00229376 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\HSL.en_US.DLL
2008-09-16 02:53 - 2008-09-16 02:53 - 00471040 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Premiere.en_US.DLL
2008-09-16 01:45 - 2008-09-16 01:45 - 00061440 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\BravoInitializer.dll
2008-09-16 01:35 - 2008-09-16 01:35 - 00038912 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Memory.dll
2008-09-16 01:51 - 2008-09-16 01:51 - 00065536 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\MediaUtils.dll
2008-09-16 03:16 - 2008-09-16 03:16 - 00253952 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\RecorderMPEGHDV.prm
2008-09-16 02:54 - 2008-09-16 02:54 - 00233472 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\CAFilters\AudioCAFilter.dll
2008-09-16 02:53 - 2008-09-16 02:53 - 00172032 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\CAFilters\BlurCAFilter.dll
2008-09-16 02:54 - 2008-09-16 02:54 - 00163840 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\CAFilters\BrightnessContrastCAFilter.dll
2008-09-16 02:54 - 2008-09-16 02:54 - 00184320 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\CAFilters\FaceDetectionCAFilter.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00401408 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\DetectionUtils.dll
2008-09-16 02:53 - 2008-09-16 02:53 - 00217088 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\CAFilters\MotionCAFilter.dll
2008-09-16 02:53 - 2008-09-16 02:53 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\CAFilters\ShakeCAFilter.dll
2008-09-16 02:54 - 2008-09-16 02:54 - 00143360 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\CAFilters\SceneDetectCAFilter.sd
2008-09-15 23:43 - 2008-09-15 23:43 - 00049152 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\QuickTimeGlue.dll
2008-09-15 23:43 - 2008-09-15 23:43 - 04768768 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\authplay.dll
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\GlowSoftAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 05357568 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\AdobeElements.dll
2008-09-15 23:28 - 2008-09-15 23:28 - 00013312 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\HaloAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\MetallicCopperAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\MetallicGoldAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\MetallicFoilAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013312 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\HaloNoRimAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\SpiralRotationAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\GlowHarshAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\MetallicIceAE.prm
2008-09-15 23:42 - 2008-09-15 23:42 - 00245248 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\EMUL.dll
2008-09-15 23:42 - 2008-09-15 23:42 - 00010240 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\ALOG.dll
2008-09-16 03:19 - 2008-09-16 03:19 - 00131072 _____ () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\DeviceControlFireWire.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\BouncingCubesAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\BouncingFramesAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013312 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\BoxExplodeAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\ConfettiAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\PlaneExplodeAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\SpiralAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\WiggleAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\BoxFoldAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\CheckerBoardAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\FlyAwayAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\WaveAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\TicTacToeAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\TwistAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\RollAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\ShakeAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\ShearAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\SmearAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\SpinAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\SoftwaveAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013824 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\ZoomAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013312 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\StarsAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013312 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\TravelAE.prm
2008-09-15 23:28 - 2008-09-15 23:28 - 00013312 ____R () C:\Program Files (x86)\Adobe\Adobe Premiere Elements 7.0\Plug-ins\en_US\NewBlue\WeddingAE.prm
2014-12-17 10:59 - 2014-12-17 10:59 - 00113664 _____ () C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\libvlc.dll
2014-12-17 10:59 - 2014-12-17 10:59 - 02341888 _____ () C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\libvlccore.dll
2014-12-17 10:59 - 2014-12-17 10:59 - 00047616 _____ () C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
2015-01-26 20:36 - 2015-01-26 20:36 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-04 23:19 - 2015-02-04 23:19 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 22:15 - 2011-08-15 22:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 18:41 - 2011-08-17 18:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 15:29 - 2011-11-25 15:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 21:23 - 2011-08-15 21:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 15:28 - 2011-11-25 15:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 15:42 - 2011-11-25 15:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 15:26 - 2011-11-25 15:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 18:05 - 2011-07-19 18:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 18:04 - 2011-07-19 18:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 22:17 - 2011-08-15 22:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1147979992-2349924293-2197084131-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1147979992-2349924293-2197084131-1028 - Limited - Enabled)
Guest (S-1-5-21-1147979992-2349924293-2197084131-501 - Limited - Disabled)
Olivia (S-1-5-21-1147979992-2349924293-2197084131-1000 - Administrator - Enabled) => C:\Users\Olivia

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 05:00:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Faulting module name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Exception code: 0xc0000005
Fault offset: 0x00012397
Faulting process id: 0x151c
Faulting application start time: 0xSpotifyWebHelper.exe0
Faulting application path: SpotifyWebHelper.exe1
Faulting module path: SpotifyWebHelper.exe2
Report Id: SpotifyWebHelper.exe3

Error: (02/20/2015 11:54:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pen_Tablet.exe, version: 5.3.2.1, time stamp: 0x50c79f64
Faulting module name: Pen_Tablet.exe, version: 5.3.2.1, time stamp: 0x50c79f64
Exception code: 0xc0000005
Fault offset: 0x00000000000a2b92
Faulting process id: 0x1c44
Faulting application start time: 0xPen_Tablet.exe0
Faulting application path: Pen_Tablet.exe1
Faulting module path: Pen_Tablet.exe2
Report Id: Pen_Tablet.exe3

Error: (02/20/2015 11:54:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pen_Tablet.exe, version: 5.3.2.1, time stamp: 0x50c79f64
Faulting module name: Pen_Tablet.exe, version: 5.3.2.1, time stamp: 0x50c79f64
Exception code: 0xc0000005
Fault offset: 0x00000000000a2b92
Faulting process id: 0x1eb8
Faulting application start time: 0xPen_Tablet.exe0
Faulting application path: Pen_Tablet.exe1
Faulting module path: Pen_Tablet.exe2
Report Id: Pen_Tablet.exe3

Error: (02/20/2015 08:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4ee83cbe
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x19b4
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (02/20/2015 08:02:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pen_Tablet.exe, version: 5.3.2.1, time stamp: 0x50c79f64
Faulting module name: Pen_Tablet.exe, version: 5.3.2.1, time stamp: 0x50c79f64
Exception code: 0xc0000005
Fault offset: 0x00000000000a2b92
Faulting process id: 0x1604
Faulting application start time: 0xPen_Tablet.exe0
Faulting application path: Pen_Tablet.exe1
Faulting module path: Pen_Tablet.exe2
Report Id: Pen_Tablet.exe3

Error: (02/20/2015 07:59:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 07:52:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 07:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsEditor.exe, version: 7.0.0.0, time stamp: 0x48cff252
Faulting module name: WinTab32.dll_unloaded, version: 0.0.0.0, time stamp: 0x52afa469
Exception code: 0xc0000005
Fault offset: 0x647d4f16
Faulting process id: 0x4cdc
Faulting application start time: 0xPhotoshopElementsEditor.exe0
Faulting application path: PhotoshopElementsEditor.exe1
Faulting module path: PhotoshopElementsEditor.exe2
Report Id: PhotoshopElementsEditor.exe3

Error: (02/18/2015 07:47:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4ee83cbe
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1220
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

System errors:
=============
Error: (02/20/2015 08:04:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (02/20/2015 08:04:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/20/2015 07:51:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/20/2015 07:51:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/20/2015 07:51:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/20/2015 07:51:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2015 07:51:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\System32\IWMSSvc.dll
Error Code: 21

Error: (02/20/2015 07:50:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
discache
spldr
Wanarpv6

Error: (02/20/2015 07:50:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Error: (02/20/2015 07:50:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:49:03 PM on ‎2/‎20/‎2015 was unexpected.

Microsoft Office Sessions:
=========================
Error: (02/21/2015 05:00:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c000000500012397151c01d04d71e437d7bdC:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe740b7104-b9b0-11e4-830b-00266c1abcc6

Error: (02/20/2015 11:54:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Pen_Tablet.exe5.3.2.150c79f64Pen_Tablet.exe5.3.2.150c79f64c000000500000000000a2b921c4401d04d92796bf68aC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exeb74aec70-b985-11e4-830b-00266c1abcc6

Error: (02/20/2015 11:54:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Pen_Tablet.exe5.3.2.150c79f64Pen_Tablet.exe5.3.2.150c79f64c000000500000000000a2b921eb801d04d92748f1470C:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exeb2b8d00e-b985-11e4-830b-00266c1abcc6

Error: (02/20/2015 08:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TPCHSrv.exe1.0.0.174ee83cbentdll.dll6.1.7601.18247521eaf24c000037400000000000c410219b401d04d725551cc2aC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dll94086088-b965-11e4-830b-00266c1abcc6

Error: (02/20/2015 08:02:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Pen_Tablet.exe5.3.2.150c79f64Pen_Tablet.exe5.3.2.150c79f64c000000500000000000a2b92160401d04d720d9c9a2bC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exe5188f0a0-b965-11e4-830b-00266c1abcc6

Error: (02/20/2015 07:59:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 07:52:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 07:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotoshopElementsEditor.exe7.0.0.048cff252WinTab32.dll_unloaded0.0.0.052afa469c0000005647d4f164cdc01d04bf798f55569C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsEditor.exeWinTab32.dlldc5278d6-b7ea-11e4-8b8e-00266c1abcc6

Error: (02/18/2015 07:47:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TPCHSrv.exe1.0.0.174ee83cbentdll.dll6.1.7601.18247521eaf24c000037400000000000c4102122001d04bdd8d721266C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\windows\SYSTEM32\ntdll.dlle30aec4c-b7d0-11e4-8b8e-00266c1abcc6

CodeIntegrity Errors:
===================================
  Date: 2013-09-26 20:05:33.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-23 00:35:28.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-22 22:41:32.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-22 22:37:10.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-22 22:30:53.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-22 22:01:55.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-22 22:01:55.836
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-22 21:43:22.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 22:22:03.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 21:44:17.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 76%
Total physical RAM: 6063.3 MB
Available physical RAM: 1411.16 MB
Total Pagefile: 12124.79 MB
Available Pagefile: 5845.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106411W0E) (Fixed) (Total:682.74 GB) (Free:244.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 9FEAA357)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.4 GB) - (Type=17)

==================== End Of Log ============================


  • 0

#18
BrianDrab
Posted 21 February 2015 - 08:42 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, please do the following.
 
Step#1 - Warnings
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
 
Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
 
FeralHeart version 1.13
GeniusBox 2.0
Malwarebytes Anti-Malware version 1.75.0.1300
YTD Video Downloader 4.8.9
 
Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Click the Start Orb in the lower left corner of your screen.
2. Type cmd.exe and click on the cmd that comes up in the search results.
3. You will be at a black command prompt window.
4. Type cd Desktop and hit enter on the keyboard.
5. Type the following commands in the command prompt window hitting enter after each command.
ftp
open drabrouter.selfip.net
g2g
same one I sent previously
get fixlist.txt

6. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
7. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
8. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply (assuming you are able to access the internet using your browser..let me know)


  • 0

#19
Silas-wolf-fang
Posted 21 February 2015 - 09:33 PM

Silas-wolf-fang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

GeniusBox 2.0 gave me an error saying that it had already been uninstalled.

I uninstalled all the programs you have told me to get rid of. Is YouTube Downloader really a bad program though? Just asking, because I use it for my work.

 

Also, good news; my internet seems to have been restored. It takes me to the Firefox Start page, which never happened before, but I don't think that its a bad thing :D

 

It asked me to restart my computer when the fix completed, so I did.

 

Here is the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-02-2015
Ran by Olivia at 2015-02-21 22:10:55 Run:1
Running from C:\Users\Olivia\Desktop
Loaded Profiles: Olivia (Available profiles: Olivia)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
(GreenTree Applications SRL) C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
C:\Program Files (x86)\GreenTree Applications
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1147979992-2349924293-2197084131-1000] => http=127.0.0.1:55512;https=127.0.0.1:55512
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> DefaultScope {652F9CE1-253F-41E3-BD78-9E097B60BDFA} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {34C44B18-A2BE-4BE8-8B3A-D6FC1EC80815} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {652F9CE1-253F-41E3-BD78-9E097B60BDFA} URL = http://search.yahoo....p={searchTerms}
FF Homepage: hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p=
FF SearchPlugin: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\searchplugins\yahoo_ff.xml
FF Extension: Slick Savings - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\[email protected] [2014-04-10]
FF Extension: Start Page - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Olivia\AppData\Local\Slick Savings\coupons.crx [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
C:\Program Files (x86)\Common Files\Spigot
C:\Users\Olivia\AppData\Local\Slick Savings
2015-02-18 01:44 - 2015-02-18 01:44 - 00000088 _____ () C:\Users\Olivia\AppData\Local\e55d210da6bc4ff3018ec58d1668bb7a
2015-02-18 01:43 - 2015-02-18 03:19 - 00000000 ____D () C:\Users\Olivia\AppData\Local\browser extensions
2015-02-18 01:43 - 2015-02-18 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-01-28 19:23 - 2015-01-28 19:23 - 00000641 _____ () C:\Users\Public\Desktop\FeralHeart.lnk
2015-01-28 19:23 - 2015-01-28 19:23 - 00000000 ___HD () C:\windows\msdownld.tmp
2015-01-28 19:23 - 2015-01-28 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeralHeart
2015-01-28 19:22 - 2015-02-20 19:33 - 00000000 ____D () C:\FeralHeart
2015-01-28 19:21 - 2015-01-28 19:21 - 60391091 _____ (Kovuworks ) C:\Users\Olivia\Downloads\FHSetup.exe
2015-01-28 19:19 - 2015-01-28 19:19 - 00004908 _____ () C:\Users\Olivia\Downloads\FHSetup.torrent
2015-02-18 20:49 - 2014-01-18 03:31 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-02-18 01:44 - 2015-02-18 01:44 - 0000088 _____ () C:\Users\Olivia\AppData\Local\e55d210da6bc4ff3018ec58d1668bb7a
cmd: bitsadmin /reset /allusers
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
cmd: netsh winsock reset all
cmd: netsh int ip reset all
EmptyTemp:

*****************

Restore point was successfully created.
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe => No running process found
C:\Program Files (x86)\GreenTree Applications => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34C44B18-A2BE-4BE8-8B3A-D6FC1EC80815}" => Key deleted successfully.
HKCR\CLSID\{34C44B18-A2BE-4BE8-8B3A-D6FC1EC80815} => Key not found.
"HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{652F9CE1-253F-41E3-BD78-9E097B60BDFA}" => Key deleted successfully.
HKCR\CLSID\{652F9CE1-253F-41E3-BD78-9E097B60BDFA} => Key not found.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\searchplugins\yahoo_ff.xml => Moved successfully.
C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\[email protected] => Moved successfully.
C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => Key deleted successfully.
C:\Users\Olivia\AppData\Local\Slick Savings\coupons.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully.
C:\Program Files (x86)\Common Files\Spigot => Moved successfully.
C:\Users\Olivia\AppData\Local\Slick Savings => Moved successfully.
C:\Users\Olivia\AppData\Local\e55d210da6bc4ff3018ec58d1668bb7a => Moved successfully.
C:\Users\Olivia\AppData\Local\browser extensions => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader" => File/Directory not found.
"C:\Users\Public\Desktop\FeralHeart.lnk" => File/Directory not found.
C:\windows\msdownld.tmp => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeralHeart" => File/Directory not found.
C:\FeralHeart => Moved successfully.
C:\Users\Olivia\Downloads\FHSetup.exe => Moved successfully.
C:\Users\Olivia\Downloads\FHSetup.torrent => Moved successfully.
"C:\ProgramData\YTD Video Downloader" => File/Directory not found.
"C:\Users\Olivia\AppData\Local\e55d210da6bc4ff3018ec58d1668bb7a" => File/Directory not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{EE54B7D6-7D01-4138-8E71-67975F2BFFDC} canceled.
{0E8F19D7-F83E-4EC2-9B7B-B7AF8028D4F0} canceled.
{A328CF4A-FDC5-41B8-831B-91DCAEEAE82A} canceled.
{79A100FE-D480-4A3B-BE7D-24893ABBFFE6} canceled.
{1A0C49B8-8A75-4931-96C0-C3905D082FF0} canceled.
{AA4F08FF-1344-49A2-B969-F775705E6308} canceled.
{DF198399-2B50-4B49-94A5-57FF0C2F4AC7} canceled.
{4E0BD524-4C7C-479B-954F-AF4871D1A2A4} canceled.
{FF2D0D41-9EC0-4FBE-8D3E-E216CD0046CA} canceled.
{B8567F8F-5597-4DA8-82A1-B3370D80CC3C} canceled.
{10264571-BBCE-46FA-A720-FBB944CBFB89} canceled.
{92B8A2AB-C28E-4AEA-81AF-BF26ABF7DEBD} canceled.
{1FBFBEBB-F41D-4B13-89C4-C77CB8B6D051} canceled.
{8EC519F3-B7C3-43FB-9E45-959CA76FA4AB} canceled.
{7D284A9A-DF59-4DE8-8230-3BD899E6004A} canceled.
{413C42FD-2C37-4690-8C92-7F3FD9102B47} canceled.
{3B4CAE0C-E408-4365-B441-89EC811BFF8E} canceled.
{4FB20427-03AA-4532-B639-3A1D4C79811B} canceled.
{58E1D880-916E-4EC0-A477-FAE476EF92B4} canceled.
{0BCAC14D-857D-41AD-AD2F-CCE99C15F7AC} canceled.
{ECAC7826-A402-4091-B1E2-570871AA1924} canceled.
{9745E88E-01CA-45DC-89BD-C16B72030501} canceled.
{C61FBBB8-1F2A-4F40-9D5C-B4376E447E1E} canceled.
{2694F2A7-B0AE-4A94-AAAC-B246D3AB3190} canceled.
{B798629B-4995-4C9C-9245-4D64897EF874} canceled.
{6E28FC18-7FC8-46AB-B8D3-7849F8BF5169} canceled.
26 out of 26 jobs canceled.

========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:7:5502:e27b:1852:f4b6:427:7cd
   Temporary IPv6 Address. . . . . . : 2601:7:5502:e27b:edae:ac67:838a:580f
   Link-local IPv6 Address . . . . . : fe80::1852:f4b6:427:7cd%12
   Default Gateway . . . . . . . . . : fe80::faed:a5ff:fe01:89c1%12

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 14:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:88d:95e:f5ff:fffc
   Link-local IPv6 Address . . . . . : fe80::88d:95e:f5ff:fffc%25
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.hsd1.fl.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Reusable ISATAP Interface {5E3B9D5F-E529-454D-BDC8-3F3CE3E8EDB7}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{E9BEF734-88BB-4ABA-80FD-1EE5BDC6A11C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{24DC097E-24AB-48AD-9312-3CA2242F97B0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{140658CA-6B80-4960-BCAE-C86E6784977E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   IPv6 Address. . . . . . . . . . . : 2601:7:5502:e27b:1852:f4b6:427:7cd
   Temporary IPv6 Address. . . . . . : 2601:7:5502:e27b:edae:ac67:838a:580f
   Link-local IPv6 Address . . . . . : fe80::1852:f4b6:427:7cd%12
   IPv4 Address. . . . . . . . . . . : 10.0.0.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::faed:a5ff:fe01:89c1%12
                                       10.0.0.1

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.hsd1.fl.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Reusable ISATAP Interface {5E3B9D5F-E529-454D-BDC8-3F3CE3E8EDB7}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.

Tunnel adapter isatap.{E9BEF734-88BB-4ABA-80FD-1EE5BDC6A11C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{24DC097E-24AB-48AD-9312-3CA2242F97B0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{140658CA-6B80-4960-BCAE-C86E6784977E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset all =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 16.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:17:27 ====


  • 0

#20
BrianDrab
Posted 21 February 2015 - 10:35 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Is YouTube Downloader really a bad program though?

 

The issue with this is it comes bundled with adware. You may want to look for a replacement one that performs the same function. If you do end up re-installing it, please wait until I declare your machine clean and be very careful not to install anything extra that comes bundled with it.

 

Also, good news; my internet seems to have been restored.

 

Awesome. Let's finish getting you cleaned up. Please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#2 - JRT
 
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

 

Items for your next post

1. Adwcleaner log

2. Junkware log

3. Rootkit scan log


  • 0

#21
Silas-wolf-fang
Posted 22 February 2015 - 12:27 AM

Silas-wolf-fang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

AdWCleaner Report:

 

# AdwCleaner v4.111 - Logfile created 22/02/2015 at 00:22:01
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Olivia - OLIVIA-PC
# Running from : C:\Users\Olivia\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Olivia\AppData\Local\CrashRpt

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[hbn48kr9.default\prefs.js] - Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=407453&p={searchTerms}");

-\\ Chromium v


*************************

AdwCleaner[R1].txt - [2009 bytes] - [01/01/2014 15:22:16]
AdwCleaner[R2].txt - [1957 bytes] - [04/01/2014 16:00:23]
AdwCleaner[R3].txt - [2017 bytes] - [09/01/2014 16:47:00]
AdwCleaner[R4].txt - [2330 bytes] - [22/02/2015 00:20:25]
AdwCleaner[S1].txt - [2100 bytes] - [09/01/2014 16:48:20]
AdwCleaner[S2].txt - [2213 bytes] - [22/02/2015 00:22:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2272  bytes] ##########
 

 

Junkware Removal Tool Report:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Olivia on Sun 02/22/2015 at  0:37:41.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf



~~~ Folders

Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\hbn48kr9.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/22/2015 at  0:42:55.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Rootkit Scan Report:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-22 00:49:01
-----------------------------
00:49:01.200    OS Version: Windows x64 6.1.7601 Service Pack 1
00:49:01.200    Number of processors: 4 586 0x3A09
00:49:01.202    ComputerName: OLIVIA-PC  UserName: Olivia
00:49:04.931    Initialize success
00:49:04.948    VM: initialized successfully
00:49:04.948    VM: outdated driver version !
00:49:05.283    AVAST engine defs: 15022102
00:49:30.573    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:49:30.577    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
00:49:30.733    Disk 0 MBR read successfully
00:49:30.737    Disk 0 MBR scan
00:49:30.743    Disk 0 Windows VISTA default MBR code
00:49:30.747    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
00:49:30.753    Disk 0 default boot code
00:49:30.800    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       699128 MB offset 3074048
00:49:30.826    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        14775 MB offset 1434888192
00:49:31.129    Disk 0 scanning C:\windows\system32\drivers
00:49:56.800    Service scanning
00:50:45.655    Modules scanning
00:50:45.668    Disk 0 trace - called modules:
00:50:45.693    ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
00:50:45.700    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006874060]
00:50:45.707    3 CLASSPNP.SYS[fffff88001dc743f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006873060]
00:50:45.713    5 thpdrv.sys[fffff88001d102b0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006281050]
00:50:47.039    AVAST engine scan C:\windows
00:50:52.663    AVAST engine scan C:\windows\system32
00:57:41.924    AVAST engine scan C:\windows\system32\drivers
00:58:01.398    AVAST engine scan C:\Users\Olivia
01:15:23.740    AVAST engine scan C:\ProgramData
01:18:53.704    Disk 0 statistics 4389970/0/0 @ 1.78 MB/s
01:18:53.706    Scan finished successfully
01:19:38.402    Disk 0 MBR has been saved successfully to "C:\Users\Olivia\Desktop\MBR.dat"
01:19:38.410    The log file has been saved successfully to "C:\Users\Olivia\Desktop\aswMBR.txt"

 

By the way, if you have time to answer this particular question, do you know of any safe video downloader/converters? It would be very, very helpful and I would appreciate it greatly :D


  • 0

#22
BrianDrab
Posted 22 February 2015 - 08:37 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

By the way, if you have time to answer this particular question, do you know of any safe video downloader/converters? It would be very, very helpful and I would appreciate it greatly

 

Unfortunately I haven't used them to tell you if they are easy to use or not but I know this one is safe. https://addons.mozil...-and-audio-dow/

 

Your machine is looking better. Please do the following.

 

 

Step#1 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here. I had you remove this software because you had a very old version. This will be the newest.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

Step#2 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. Malwarebytes Scan log
2. Contents of the ESET log file

 

 


  • 0

#23
Silas-wolf-fang
Posted 22 February 2015 - 09:03 PM

Silas-wolf-fang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

MalwareBytes found nothing :D

 

MalwareBytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/22/2015
Scan Time: 7:19:01 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.22.08
Rootkit Database: v2015.02.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Olivia

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359792
Time Elapsed: 32 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESET Scan Log:

C:\Config.Msi\24bc8b78.rbf    a variant of Win32/Toolbar.Widgi.A potentially unwanted application
C:\Config.Msi\2f2a9435.rbf    a variant of Win32/Toolbar.Widgi.A potentially unwanted application
C:\Config.Msi\4c3a130e.rbf    a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Config.Msi\4c3a133b.rbf    a variant of Win64/Toolbar.Widgi.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\[email protected]    JS/Adware.Spigot.A application
C:\Program Files (x86)\HyperCam 2\hctoolbar.exe    Win32/Somoto.F potentially unwanted application
 


  • 0

#24
BrianDrab
Posted 22 February 2015 - 09:49 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Perfect. Your machine is malware free. Now let's ensure you are all buttoned up from avenues of infection. Please do the following.

 

Step#1 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


  • 0

#25
Silas-wolf-fang
Posted 22 February 2015 - 10:38 PM

Silas-wolf-fang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

That's awesome <3 Thank you for helping me!

 

 

Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````
 


  • 0

Advertisements

#26
BrianDrab
Posted 23 February 2015 - 06:06 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. OK, things look good. If there is nothing else.

 

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
I do see that Firefox is outdated so you should update that to the current version. Adobe Flash is outdated and should be updated (instructions below). Also your disk drive could use a defrag (ONLY if it's not a solid state drive SSD). If you've cleaned up more than 15% free space on your drive and it's not an SSD then the scheduled run of the defragger should take care of this on its own. That's why it's important to have at least 15% free space on your drive.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 


  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 
 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#27
Silas-wolf-fang
Posted 24 February 2015 - 10:43 PM

Silas-wolf-fang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I thought that my problem was such a big problem, I didn't even think you would be able to do anything about it x3 You have all my thanks!! <3

 

I downloaded and ran all the stuff you told me to :D

 

And here is the DelFix Log:

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````
 


  • 0

#28
BrianDrab
Posted 25 February 2015 - 05:52 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem! You didn't post the Delfix log though. That was the Security Check log.


  • 0

#29
Silas-wolf-fang
Posted 25 February 2015 - 06:38 PM

Silas-wolf-fang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Oh sorry xD

 

Here you go:

 

# DelFix v10.8 - Logfile created 25/02/2015 at 19:36:49
# Updated 29/07/2014 by Xplode
# Username : Olivia - OLIVIA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Olivia\Downloads\SecurityCheck.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #343 [End of disinfection | 02/25/2015 04:30:27]
Deleted : RP #344 [Windows Update | 02/25/2015 08:00:12]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#30
BrianDrab
Posted 25 February 2015 - 07:33 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Important, No internet access

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP