Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Protection Live, Multiple Firefox Windows, YouTube Downloader


  • Please log in to reply

#1
TerraceHill

TerraceHill

    Member

  • Member
  • PipPip
  • 32 posts

So I updated YouTube Downloader last night. I feel its the source of the virus. But anyway, a bunch of internet windows would just keep popping up one after another, but not like spamming my screen or anything; it was as if I clicked on the icon itself and it was a whole Firefox window across my entire screen and stuff. And it was only every 5-10 seconds. So after that, as depicted in the photo, this thing called Malware Protection Live came up in like a command box thing.

 

I uninstalled Malware Protection Live and YouTube Downloader... but the problem persists.

 

I don't like it. I would appreciate any help with this, really <3 Not sure what I'm supposed to do. I've been here before on Geeks To Go, hence my having Revo Uninstaller and stuff.

 

Please help me as fast as you can! <3

 

I'm not being watched in any way am I? O.O


Edited by TerraceHill, 28 January 2016 - 08:24 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • click on the Addition.txt box. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    TerraceHill

    TerraceHill

      Member

    • Topic Starter
    • Member
    • PipPip
    • 32 posts

    ADWCLEANER REPORT:

     

    # AdwCleaner v5.031 - Logfile created 28/01/2016 at 18:43:50
    # Updated 25/01/2016 by Xplode
    # Database : 2016-01-25.3 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Olivia - OLIVIA-PC
    # Running from : C:\Users\Olivia\Downloads\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [#] Folder Deleted : C:\Users\Olivia\AppData\Local\MalwareProtectionLive

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\searchplugins\yahoo_ff.xml

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\APN PIP
    [-] Key Deleted : HKCU\Software\geniusboxinstalled
    [-] Key Deleted : HKLM\SOFTWARE\GeniusBox
    [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{474403DA-8B41-4003-9E98-8ED75FFBFAF3}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=715483&fr=spigot-yhp-ffhxxps://www.youtube.com/");
    [-] [C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=715483&p=");

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1660 bytes] ##########
     

     

    ----------------------------------------------------------------------------------------------------------------------------------------------------------

     

    JRT REPORT:

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Olivia (Administrator) on Thu 01/28/2016 at 18:58:44.36
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 27

    Successfully deleted: C:\ProgramData\esellerate (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\malwareprotectionlive (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MG8848Q (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K33KPBC (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\897K6X5O (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WHYYDEE (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFD4ADXD (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTFZUF0E (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBA5O0AO (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2JB95UN (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GD5G5V1D (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGRUX6RE (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5C9DFE4 (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LR03ESQQ (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXGJPGRU (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OG54JYRK (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OTY0YLNT (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PA1M9NZC (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWXK667M (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TH9XEF4V (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMIK1OEY (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVDHY12U (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQO1C3S5 (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7J9G60A (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX2V5N3C (Folder)
    Successfully deleted: C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCUO19JL (Folder)
    Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/28/2016 at 19:09:29.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------

     

    FRST REPORTS:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
    Ran by Olivia (administrator) on OLIVIA-PC (28-01-2016 23:38:16)
    Running from C:\Users\Olivia\Downloads
    Loaded Profiles: Olivia (Available Profiles: Olivia)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-24] (Synaptics Incorporated)
    HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-06] (SRS Labs, Inc.)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
    HKLM-x32\...\Run: [DelayTSS] => C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-05-18] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-27] (AVAST Software)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
    HKLM-x32\...\RunOnce: [Import FF:0] => "C:\Users\Olivia\AppData\Local\browser extensions\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Olivia\AppData\Local\browser extensions\TrustedRoot.cer" -d "C: (the data entry has 72 more characters).
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-06-06] (Google Inc.)
    HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Run: [Spotify] => C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-31] (Spotify Ltd)
    HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Run: [Spotify Web Helper] => C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-31] (Spotify Ltd)
    HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Run: [Google Update] => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-03-02] (Google Inc.)
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-27] (AVAST Software)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-02-24]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-1147979992-2349924293-2197084131-1000] => Proxy is enabled.
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{400FAA9F-183D-47C5-816F-A31E6C55C2A6}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com
    SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {2F7C0659-69DD-49B5-903C-8CE4C9C4881D} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS493
    SearchScopes: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-27] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-09-14] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-27] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03] (<TOSHIBA>)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
    Toolbar: HKU\S-1-5-21-1147979992-2349924293-2197084131-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default
    FF DefaultSearchEngine: Yahoo!
    FF DefaultSearchEngine.US: Yahoo!
    FF SelectedSearchEngine: Yahoo!
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-05-18] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-05-18] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Olivia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: @talk.google.com/O1DPlugin -> C:\Users\Olivia\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Olivia\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Olivia\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Olivia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-11] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1147979992-2349924293-2197084131-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin ProgramFiles/Appdata: C:\Users\Olivia\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Olivia\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Extension: YouTube Video and Audio Downloader - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\hbn48kr9.default\Extensions\[email protected] [2016-01-02]
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
    FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-18] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-28]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-27]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-27]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-27] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-08-27] (Macrovision Europe Ltd.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
    S2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
    R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
    S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-27] (AVAST Software)
    R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-27] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-27] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-27] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-27] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-27] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-27] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-27] (AVAST Software)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2016-01-28] (Malwarebytes Corporation)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
    R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259176 2011-12-13] (Realtek Semiconductor Corp.)
    R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-28 23:38 - 2016-01-28 23:38 - 00038813 _____ C:\Users\Olivia\Downloads\FRST.txt
    2016-01-28 23:37 - 2016-01-28 23:37 - 02370560 _____ (Farbar) C:\Users\Olivia\Downloads\FRST64.exe
    2016-01-28 19:09 - 2016-01-28 19:12 - 00003845 _____ C:\Users\Olivia\Desktop\JRT.txt
    2016-01-28 18:59 - 2016-01-28 18:59 - 00001739 _____ C:\Users\Olivia\Desktop\AdwCleaner[C1].txt
    2016-01-28 18:57 - 2016-01-28 18:57 - 01609032 _____ (Malwarebytes) C:\Users\Olivia\Downloads\JRT.exe
    2016-01-28 18:41 - 2016-01-28 18:43 - 00000000 ____D C:\AdwCleaner
    2016-01-28 18:35 - 2016-01-28 18:35 - 01507840 _____ C:\Users\Olivia\Downloads\AdwCleaner.exe
    2016-01-28 07:28 - 2016-01-28 07:28 - 00014848 ___SH C:\Users\Olivia\Thumbs.db
    2016-01-28 05:58 - 2016-01-28 05:58 - 00016896 ___SH C:\Users\Olivia\Documents\Thumbs.db
    2016-01-28 00:04 - 2016-01-28 01:25 - 227962634 _____ C:\Users\Olivia\Documents\Untitled_1.wmv
    2016-01-27 16:27 - 2016-01-27 16:27 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2016-01-27 16:27 - 2016-01-27 16:27 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
    2016-01-27 09:09 - 2016-01-28 18:38 - 05349189 _____ C:\Users\Olivia\Desktop\New Cas.psd
    2016-01-27 08:04 - 2016-01-27 08:55 - 10752000 _____ C:\Users\Olivia\Desktop\New Cas.sai
    2016-01-26 07:23 - 2016-01-26 07:23 - 00806912 _____ C:\Users\Olivia\Desktop\New Canvas.sai
    2016-01-25 07:07 - 2016-01-27 06:17 - 00000386 _____ C:\Users\Olivia\Desktop\GFM Campaign Money Percentages.txt
    2016-01-23 02:36 - 2016-01-24 03:43 - 00000035 _____ C:\Users\Olivia\Desktop\Givers.txt
    2016-01-15 22:04 - 2016-01-27 06:17 - 00005144 _____ C:\Users\Olivia\Desktop\gofundme discription.txt
    2016-01-12 05:12 - 2016-01-12 06:20 - 00000110 ____H C:\Users\Olivia\Desktop\.~lock.Solstice Moon.odt#
    2016-01-06 17:44 - 2016-01-08 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-01-04 23:29 - 2016-01-04 23:51 - 49786679 _____ C:\Users\Olivia\Downloads\MCEdit.v1.5.0.0.Win.64bit.exe
    2016-01-01 17:38 - 2016-01-01 18:33 - 04468736 _____ C:\Users\Olivia\Desktop\silas.sai
    2015-12-29 00:20 - 2015-12-29 00:20 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-12-29 00:20 - 2015-12-29 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-28 23:39 - 2012-08-04 01:47 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Skype
    2016-01-28 23:38 - 2013-09-15 22:01 - 00000000 ____D C:\FRST
    2016-01-28 23:23 - 2015-03-02 22:53 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1147979992-2349924293-2197084131-1000UA.job
    2016-01-28 23:19 - 2012-12-28 00:19 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2016-01-28 23:17 - 2012-06-06 11:36 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-28 21:23 - 2015-03-02 22:53 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1147979992-2349924293-2197084131-1000Core.job
    2016-01-28 19:03 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-01-28 19:03 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-01-28 18:53 - 2009-07-14 00:13 - 00797760 _____ C:\windows\system32\PerfStringBackup.INI
    2016-01-28 18:53 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
    2016-01-28 18:48 - 2012-06-06 10:38 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2016-01-28 18:47 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-01-28 18:39 - 2014-06-27 19:20 - 00000000 ____D C:\Users\Olivia\Documents\Adobe Premiere Elements Auto-Save
    2016-01-28 18:38 - 2015-11-10 16:59 - 00000000 ____D C:\Users\Olivia\Desktop\Sai 1.1.0 2nd
    2016-01-28 14:33 - 2012-06-06 10:38 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2016-01-28 07:58 - 2015-02-22 19:18 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-28 07:28 - 2012-07-18 19:54 - 00000000 ____D C:\Users\Olivia
    2016-01-27 20:37 - 2012-07-18 21:02 - 00000000 ____D C:\Users\Olivia\AppData\Local\Skyrim
    2016-01-27 16:28 - 2013-09-08 18:25 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
    2016-01-27 16:28 - 2013-07-16 23:22 - 00464256 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
    2016-01-27 16:28 - 2013-07-16 23:21 - 01065208 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2016-01-27 16:28 - 2013-07-16 23:21 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
    2016-01-27 16:27 - 2015-08-14 08:13 - 00155304 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2016-01-27 16:27 - 2015-08-14 08:13 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
    2016-01-27 16:27 - 2013-07-16 23:21 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
    2016-01-27 16:27 - 2013-07-16 23:21 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2016-01-27 16:27 - 2013-07-16 23:21 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
    2016-01-27 01:34 - 2012-07-26 23:58 - 00000000 ____D C:\Users\Olivia\AppData\Local\CrashDumps
    2016-01-26 18:08 - 2013-02-26 04:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-01-25 19:48 - 2015-10-15 22:50 - 00000000 ____D C:\Users\Olivia\AppData\Local\join.me
    2016-01-20 00:19 - 2012-12-28 00:19 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2016-01-20 00:19 - 2012-04-25 20:04 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2016-01-20 00:19 - 2012-04-25 20:04 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-01-17 03:54 - 2015-04-30 23:05 - 00000000 ____D C:\FeralHeart
    2016-01-16 23:14 - 2012-08-04 01:47 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-14 20:11 - 2013-09-27 20:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2016-01-14 16:26 - 2014-11-01 17:00 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Spotify
    2016-01-14 15:11 - 2014-11-01 17:00 - 00000000 ____D C:\Users\Olivia\AppData\Local\Spotify
    2016-01-12 22:27 - 2014-12-31 20:27 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2016-01-12 22:10 - 2015-10-15 22:55 - 00000990 _____ C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
    2016-01-12 22:10 - 2015-10-15 22:55 - 00000982 _____ C:\Users\Olivia\Desktop\join.me.lnk
    2016-01-12 06:20 - 2015-12-19 20:26 - 00020962 _____ C:\Users\Olivia\Desktop\Solstice Moon.odt
    2016-01-08 17:11 - 2013-10-01 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-07 07:53 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
    2016-01-06 20:18 - 2014-12-06 04:16 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\.minecraft
    2016-01-06 18:51 - 2015-12-09 15:28 - 00000283 _____ C:\Users\Olivia\Desktop\MINECRAFT HOMES.txt
    2016-01-05 17:56 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
    2016-01-01 01:21 - 2009-07-13 23:45 - 00334016 _____ C:\windows\system32\FNTCACHE.DAT
    2016-01-01 01:18 - 2015-04-04 02:01 - 00000000 ___SD C:\windows\SysWOW64\GWX
    2016-01-01 01:18 - 2015-04-04 02:01 - 00000000 ___SD C:\windows\system32\GWX
    2016-01-01 01:12 - 2013-03-14 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-01-01 01:11 - 2013-03-14 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-01-01 01:11 - 2013-03-14 02:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-29 00:20 - 2014-03-27 18:06 - 00000000 ____D C:\Users\Olivia\AppData\Local\Skype
    2015-12-29 00:20 - 2012-08-04 01:47 - 00000000 ____D C:\ProgramData\Skype
    2015-12-29 00:20 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Common Files

    ==================== Files in the root of some directories =======

    2014-10-01 03:23 - 2014-10-01 03:23 - 0000096 _____ () C:\Users\Olivia\AppData\Roaming\version2.xml
    2013-06-14 00:57 - 2015-03-09 00:46 - 0030208 _____ () C:\Users\Olivia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-10-12 03:14 - 2013-10-12 03:14 - 0000094 _____ () C:\Users\Olivia\AppData\Local\fusioncache.dat
    2014-02-24 01:09 - 2014-02-24 01:09 - 0000857 _____ () C:\Users\Olivia\AppData\Local\recently-used.xbel
    2015-03-02 23:13 - 2015-03-02 23:13 - 0005061 _____ () C:\ProgramData\nolecicr.ofg

    Some files in TEMP:
    ====================
    C:\Users\Olivia\AppData\Local\Temp\ayz7lqr9.dll
    C:\Users\Olivia\AppData\Local\Temp\bdfilters.dll
    C:\Users\Olivia\AppData\Local\Temp\GameCapture.exe
    C:\Users\Olivia\AppData\Local\Temp\lowproc.exe
    C:\Users\Olivia\AppData\Local\Temp\Quarantine.exe
    C:\Users\Olivia\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Olivia\AppData\Local\Temp\sqlite3.dll
    C:\Users\Olivia\AppData\Local\Temp\stubhelper.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-07 07:43

    ==================== End of FRST.txt ============================

     

    ADDITION.TXT --------------------------

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
    Ran by Olivia (2016-01-28 23:39:12)
    Running from C:\Users\Olivia\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2012-07-19 00:54:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1147979992-2349924293-2197084131-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1147979992-2349924293-2197084131-1028 - Limited - Enabled)
    Guest (S-1-5-21-1147979992-2349924293-2197084131-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1147979992-2349924293-2197084131-1168 - Limited - Enabled)
    Olivia (S-1-5-21-1147979992-2349924293-2197084131-1000 - Administrator - Enabled) => C:\Users\Olivia

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
    Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 7.0 Templates (HKLM-x32\...\PremElem70Templates) (Version: 7.0.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
    ArtRage Studio (HKLM-x32\...\{71C0F2FA-8AA8-482C-96E4-A8124F2DC84D}) (Version: 3.5.4 - Ambient Design)
    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
    Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
    Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
    Autodesk SketchBook Express 2011 sp2 (HKLM-x32\...\{EB87378B-E64A-4D27-8AB6-0786BAB3AC84}) (Version: 5.20.0000 - Autodesk)
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
    Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
    Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
    Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.3.757 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
    Corel Painter Essentials 4 (HKLM-x32\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version:  - Corel Corporation)
    Corel Painter Essentials 4 (x32 Version: 4.2 - Corel Corporation) Hidden
    CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
    FeralHeart version 1.13 (HKLM-x32\...\{EAD29228-1A50-4178-B1EA-E1D83FC691F0}_is1) (Version: 1.13 - Kovuworks)
    GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
    Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.01 - Hyperionics Technology LLC)
    Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
    Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    Java SE Development Kit 7 Update 79 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
    join.me (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\JoinMe) (Version: 2.11.0.1717 - LogMeIn, Inc.)
    JTablet (HKLM-x32\...\JTablet) (Version:  - )
    Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Last Moon 0.3 (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Last Moon) (Version: 0.3 - Last Moon)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Movavi Game Capture 4 (HKLM-x32\...\Movavi Game Capture 4) (Version: 4.3.3 - MOVAVI)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6581 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29006 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    SmartSound Quicktracks for Premiere Elements (HKLM-x32\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
    SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
    Spotify (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    SRS Premium Sound Control Panel (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.1100 - SRS Labs, Inc.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.7 - Synaptics Incorporated)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.0.0.0 - Zenimax Online Studios)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
    The Lord of the Rings Online™ v03.08.00.8029 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8029 - Turbine, Inc.)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
    Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.3.0 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0022.640207 - TOSHIBA Corporation)
    TOSHIBA VIDEO PLAYER (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 5.0.0.22-A - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
    TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
    Unity (HKLM-x32\...\Unity) (Version: 5.1.2f1 - Unity Technologies ApS)
    Unity Web Player (HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\...\UnityWebPlayer) (Version: 5.1.2f1 - Unity Technologies ApS)
    Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {06755DD9-9A98-4461-A23D-5D15E093BEAC} - System32\Tasks\{666AAAFE-E1E5-4E8B-BB57-DC93BC5BC5B0} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe
    Task: {15D65F48-E748-41B2-B32E-C73F46C4537E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {1B6ECEDC-EC35-4B14-B3A7-82861481AC43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
    Task: {213100A5-F5A6-4BB5-AE72-59BF1CF02C3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1147979992-2349924293-2197084131-1000Core => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)
    Task: {2722654F-19F5-4F58-AB17-59D96E03D30D} - System32\Tasks\{19075FE3-FDF4-4E90-A3D7-7426310C48B4} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
    Task: {379ECFE5-2CB2-4273-ABCB-AA0ABFACFA12} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1147979992-2349924293-2197084131-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
    Task: {39556666-E434-425E-8710-1476959D0059} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1147979992-2349924293-2197084131-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
    Task: {437293C8-C8FC-4EF2-9AE0-9E4A7A1370C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1147979992-2349924293-2197084131-1000UA => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)
    Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {650F810B-2585-49FA-91B2-91CF50298093} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {7020A2E1-D391-4DC8-BFB1-A68B8A7513F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {7DC9D8E9-4F73-4364-BDBF-DCFE73E744A1} - System32\Tasks\{A6A2231A-E4F1-469C-A60C-DA08CAE56EBD} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe
    Task: {807CC3E7-8FEC-4316-9C4B-1E61A010F29E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {87CEBCD6-9295-43F3-BE91-28203AC21791} - System32\Tasks\{AA2F28B4-1054-4D73-A549-E43896BA165A} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
    Task: {A02E2493-2F06-4C08-86F0-719D828F567F} - System32\Tasks\{7B9C76CF-8986-48DB-9746-0AD5942C994B} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
    Task: {A1143871-0848-44E4-A178-0DE5FF151D6C} - System32\Tasks\{633FB87B-102F-487C-935E-548ECD20A3E3} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
    Task: {A46CBB4C-5347-4A7F-92A7-6A6D91F589D6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-19] (AVAST Software)
    Task: {A59A975B-2F26-4F7E-BE68-D632A4EDCB3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-27] (AVAST Software)
    Task: {B3BD013D-6779-4AE3-9601-0DBA64A42EAE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
    Task: {B66E581E-FC42-44B1-8E56-15B918659EED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {B7D4369D-C39A-4D7E-8FBC-CD4797C89EFA} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
    Task: {CE082D40-6ABE-409D-B9B4-C58D00F1242E} - System32\Tasks\{DF7F82CD-1AC8-472A-958C-CD41B3BE1130} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsProgressBar
    Task: {D027C516-2577-4313-9D2D-D9886F8D10C8} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    Task: {D02E00BD-A1CF-48F2-975D-08A97E805E91} - System32\Tasks\{20458206-3846-4981-A082-08E2006E7268} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
    Task: {D14DFA03-EC7A-4B4E-BB91-4BBB2CFA7FBA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {D88D7296-1FAF-496F-A4CC-E65034E52343} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
    Task: {E3FAB584-1B20-46D2-8343-2E1EDF6583CA} - System32\Tasks\{11910D26-1D24-424D-8BDB-603662A25BD9} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe
    Task: {E7C0B068-A9E0-4F1B-A997-D2B54AE92B53} - System32\Tasks\{7115E37A-9A13-4644-8C83-27472F37097B} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1147979992-2349924293-2197084131-1000Core.job => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1147979992-2349924293-2197084131-1000UA.job => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1147979992-2349924293-2197084131-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2012-06-06 10:38 - 2012-01-20 13:45 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2013-08-05 01:15 - 2013-08-05 01:15 - 00070712 _____ () C:\windows\system32\bdmpega64.acm
    2016-01-27 16:27 - 2016-01-27 16:27 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-01-27 16:27 - 2016-01-27 16:27 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-01-28 14:35 - 2016-01-28 14:35 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012802\algo.dll
    2016-01-27 16:27 - 2016-01-27 16:27 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-01-27 16:27 - 2016-01-27 16:27 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2012-06-06 10:37 - 2012-01-20 13:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-06-14 17:54 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts

    127.0.0.1       localhost
    ::1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1147979992-2349924293-2197084131-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{971F6983-B909-4ADE-8612-9D041DE5DA86}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{F1CE4318-729F-4E40-97AF-3BD51A1FAB88}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{E13E3734-A384-420E-9531-61E6C649A6B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B91E866A-1CE1-4D68-BE39-AD66183D5D41}] => (Allow) C:\Users\Olivia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{62741823-E9CF-4069-9BFD-0251DB5132A1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{4397C659-CAC7-4A39-8788-0A716BD81292}] => (Allow) LPort=2869
    FirewallRules: [{4405E6B3-2042-4732-9E19-9B10F1D528C9}] => (Allow) LPort=1900
    FirewallRules: [{28230BD9-5CAF-48FF-9F8B-AA6AC0B7D1C3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{639E8DFD-EF7B-4A49-9B6C-6785B1D92CB7}] => (Allow) C:\Program Files (x86)\Creflo Dollar Ministries Toolbar\TroubleShooter.exe
    FirewallRules: [{1BD3BD0D-60C2-4749-B22F-BE77505A033F}] => (Allow) C:\Program Files (x86)\Creflo Dollar Ministries Toolbar\TroubleShooter.exe
    FirewallRules: [{2F198404-80D0-4E32-BAD2-68DA8939BFB7}] => (Allow) C:\Program Files (x86)\Creflo Dollar Ministries Toolbar\ToolbarUpdate.exe
    FirewallRules: [{16379EEA-B6FB-4565-8163-112CB282F5C8}] => (Allow) C:\Program Files (x86)\Creflo Dollar Ministries Toolbar\ToolbarUpdate.exe
    FirewallRules: [{7ABE2F42-AFD4-4488-9B90-ADEE6A90D430}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{22C1E403-EA8A-4520-ABD7-E9EF25FCC406}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [TCP Query User{64C69000-BB59-41FA-AE58-526B1B1B7A63}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
    FirewallRules: [UDP Query User{99237E82-56F2-4698-8657-BA503F248D7E}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
    FirewallRules: [{7030CE7C-C895-41DF-83B0-E58EFAC3BFE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{1657004B-ADC2-4742-8DC3-850B53AF3F51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{5D8EF707-6173-41D3-89FC-772E9E4792C6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{01AE6C30-26B3-4251-A6D5-D876753EB2D8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [TCP Query User{9A0E214F-AB18-4DFA-B154-D69B333026EF}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
    FirewallRules: [UDP Query User{49F7717A-6DC2-4813-9A27-AF282CF6F5F8}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
    FirewallRules: [{5BB13BDB-0A03-44E2-8CBC-29437212F6EC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{99B47AA0-372D-49DF-BE99-B9FFF9047923}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{E3947990-DE6C-48D4-A816-4141AF7164B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{4EA35424-B3DD-4609-8F41-2CC49394D402}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{38E7D235-4E7B-4549-B7DE-160B36F10933}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{77C26EB3-E55A-41B6-A4E0-FB9507245AD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{B175771F-6679-479E-A5B4-12B5C0B86706}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{7C393B89-D271-4608-B62A-6480A474E0A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [TCP Query User{35AD3331-4C11-495E-A2EA-A6B2539950D0}C:\users\olivia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\olivia\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{D7F4AF56-1944-4854-A7B6-ED621E7EA170}C:\users\olivia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\olivia\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{F986A9D9-B1A0-4C71-A497-36A23D2705A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{D1CCC1FD-0B09-402D-8C06-1FDFF867D5AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{771D4D10-B941-4652-B562-9625F276F0EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DAA6B7F1-0A1B-426F-A1E9-F9899BE6F8F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{6D749DAD-22EB-4DDA-9E0A-3B1B31F9E706}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
    FirewallRules: [UDP Query User{16EA2F6E-3D64-4800-A035-F33201F3B77C}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
    FirewallRules: [{816B6EEA-F69D-4EE8-BE1C-4EF356CB2F2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1E46AACC-3213-450E-8C2E-D01EB44B733F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{15E64F1D-338E-4BC6-ADF9-5135BAFC60AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6E27DEE9-7E75-465C-8E41-F8F3D10DA8A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{944ABD03-E03E-49B8-89F7-362A531ADB08}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{E9DB4AE7-B780-4829-94BF-788ACDFE6B7D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{5A7A30C0-9792-4422-A010-1CCFA26CE872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{257111EB-2AEF-426D-880F-2C4A542C1E98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{9FF5150F-A3A5-48C1-A7F8-87B9BDD27D13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{57986D12-EA76-414B-919D-CF9014F025A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [TCP Query User{334B3FF1-7695-4C1E-8011-8A457ABE4249}C:\users\olivia\appdata\local\temp\7zipsfx.000\aria2c.exe] => (Block) C:\users\olivia\appdata\local\temp\7zipsfx.000\aria2c.exe
    FirewallRules: [UDP Query User{365DA4BC-D7A0-4BB8-8875-94A42AD7288D}C:\users\olivia\appdata\local\temp\7zipsfx.000\aria2c.exe] => (Block) C:\users\olivia\appdata\local\temp\7zipsfx.000\aria2c.exe
    FirewallRules: [{C60EB211-A450-49E0-8E29-171309AC7517}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
    FirewallRules: [{A50E2004-6976-4388-A44E-F6D363E43A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
    FirewallRules: [{8A43F366-4A76-490D-9A80-06709BD58E4B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{34CFCDB7-2D3A-4AE0-82CD-BFE48743081B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [TCP Query User{E70ED345-CC4B-44CB-A7BA-5405BF77354D}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
    FirewallRules: [UDP Query User{69159097-53F3-4E0E-8AA2-36DFBA1CDF20}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
    FirewallRules: [{209C0BAD-2F97-4FFD-9258-24038F3F0709}] => (Block) C:\program files\unity\editor\unity.exe
    FirewallRules: [{1F03E441-6F4B-4151-81C4-3837048B717D}] => (Block) C:\program files\unity\editor\unity.exe
    FirewallRules: [TCP Query User{BC6E646E-8753-42E9-8A59-1ACE4BFE6EC4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{A8694105-8FCF-4E41-9670-6DEB692298B8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{A5C0A557-18A0-4668-B34D-D9AB0AE95326}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{921A5931-9A4B-4B2D-BB99-27710C3C955D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{00E22A09-2A48-44BB-9A86-5A17C138A8B9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{93B18215-B37B-4F7C-BF76-FFFB6694FAED}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{B6765149-457E-4209-972E-ECB3CD15CE1F}] => (Allow) C:\Users\Olivia\AppData\Roaming\Spotify\spotify.exe
    FirewallRules: [{CCF1AD6D-B878-40F4-8323-F04E079C980F}] => (Allow) C:\Users\Olivia\AppData\Roaming\Spotify\spotify.exe
    FirewallRules: [{CE1B892A-F417-4A34-84AB-45B07FA8C5DF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{47C94187-4048-4C1E-9E60-473D9AEF593D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    ==================== Restore Points =========================

    28-01-2016 07:45:54 Revo Uninstaller's restore point - YTD Video Downloader 5.1.1
    28-01-2016 18:58:53 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: avast! Firewall NDIS Filter Miniport
    Description: avast! Firewall NDIS Filter Miniport
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: ALWIL Software
    Service: aswNdis
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: avast! Firewall NDIS Filter Miniport
    Description: avast! Firewall NDIS Filter Miniport
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: ALWIL Software
    Service: aswNdis
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: avast! Firewall NDIS Filter Miniport
    Description: avast! Firewall NDIS Filter Miniport
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: ALWIL Software
    Service: aswNdis
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/28/2016 06:57:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

    Error: (01/28/2016 06:54:09 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhost (3860) WebCacheLocal: An attempt to open the file "C:\Users\Olivia\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/28/2016 06:53:59 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhost (3860) WebCacheLocal: Database recovery/restore failed with unexpected error -510.

    Error: (01/28/2016 06:53:59 PM) (Source: ESENT) (EventID: 439) (User: )
    Description: taskhost (3860) WebCacheLocal: Unable to write a shadowed header for file C:\Users\Olivia\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

    Error: (01/28/2016 06:53:59 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhost (3860) WebCacheLocal: An attempt to open the file "C:\Users\Olivia\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/28/2016 06:53:39 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhost (3860) WebCacheLocal: An attempt to open the file "C:\Users\Olivia\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/28/2016 06:53:28 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: taskhost (3860) WebCacheLocal: Database recovery/restore failed with unexpected error -510.

    Error: (01/28/2016 06:53:28 PM) (Source: ESENT) (EventID: 439) (User: )
    Description: taskhost (3860) WebCacheLocal: Unable to write a shadowed header for file C:\Users\Olivia\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

    Error: (01/28/2016 06:53:28 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhost (3860) WebCacheLocal: An attempt to open the file "C:\Users\Olivia\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/28/2016 06:53:15 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhost (3860) WebCacheLocal: An attempt to open the file "C:\Users\Olivia\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


    System errors:
    =============
    Error: (01/28/2016 09:37:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 10. The internal error state is 10.

    Error: (01/28/2016 07:00:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TOSHIBA HDD Protection service terminated unexpectedly.  It has done this 1 time(s).

    Error: (01/28/2016 06:53:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (01/28/2016 06:51:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (01/28/2016 06:47:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VBoxAsw Support Driver service failed to start due to the following error:
    %%3

    Error: (01/28/2016 06:45:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Modules Installer service failed to start due to the following error:
    %%1069

    Error: (01/28/2016 06:45:49 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The TrustedInstaller service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
    %%50

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (01/28/2016 06:45:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\windows\System32\IWMSSvc.dll

    Error: (01/28/2016 06:45:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\windows\System32\IWMSSvc.dll

    Error: (01/28/2016 06:45:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\windows\System32\IWMSSvc.dll


    CodeIntegrity:
    ===================================
      Date: 2013-09-26 20:05:33.942
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-09-23 00:35:28.329
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-09-22 22:41:32.696
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-09-22 22:37:10.947
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-09-22 22:30:53.647
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-09-22 22:01:55.957
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-09-22 22:01:55.836
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-09-22 21:43:22.490
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-09-21 22:22:03.284
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-09-21 21:44:17.979
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
    Percentage of memory in use: 50%
    Total physical RAM: 6063.3 MB
    Available physical RAM: 2974.27 MB
    Total Virtual: 12124.81 MB
    Available Virtual: 8947.07 MB

    ==================== Drives ================================

    Drive c: (TI106411W0E) (Fixed) (Total:682.74 GB) (Free:134.95 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 9FEAA357)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=682.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.4 GB) - (Type=17)

    ==================== End of Addition.txt ============================

     

     

     

     

    The problem APPEARS to have disappeared completely. I have no problems ^-^


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    [attachment=80160:fixlist.txt]
     
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
    In either event do the next steps:
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
     
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
     

     


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP