- Oct 1, 2014
- 3
The file upload doesn't seem to like me so I copied and pasted the FRST and Addition. I would be forever indebted if you could help me fix this problem before it drives me insane
Thanks!
Mandy
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-09-2014
Ran by Amanda (administrator) on MANDY on 01-10-2014 06:45:39
Running from C:\Users\Amanda\Desktop
Loaded Profile: Amanda (Available profiles: Amanda)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-09-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2269063864-3542647717-1489514493-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-2269063864-3542647717-1489514493-1001\...\MountPoints2: {4f94c2ad-4ecd-11e2-be71-806e6f6e6963} - "D:\Setup.exe"
HKU\S-1-5-21-2269063864-3542647717-1489514493-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - {30884B74-D4E7-4663-804F-16C6E88DD586} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {30884B74-D4E7-4663-804F-16C6E88DD586} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - {30884B74-D4E7-4663-804F-16C6E88DD586} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR Profile: C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-25]
CHR Extension: (Google Search) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-25]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-04-17]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2014-04-05]
CHR Extension: (Google Wallet) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (TabCloud) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2014-01-01]
CHR Extension: (No Name) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohejkgbgjendbpmelpmkopicjgoiccdk [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-30] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-02-11] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-11] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2014-02-11] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-01 05:30 - 2014-10-01 05:30 - 00003204 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-10-01 05:29 - 2014-10-01 05:29 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 23:04 - 2014-09-30 23:04 - 00000000 ____D () C:\ProgramData\Avg_Update_0914avt
2014-09-30 22:43 - 2014-09-30 22:43 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\AVG2015
2014-09-30 22:42 - 2014-09-30 22:42 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-30 22:42 - 2014-09-30 22:42 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\TuneUp Software
2014-09-30 22:42 - 2014-09-30 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-30 22:33 - 2014-10-01 05:19 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-30 22:33 - 2014-09-30 22:33 - 00000000 ___HD () C:\$AVG
2014-09-30 22:32 - 2014-09-30 22:32 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-30 22:29 - 2014-10-01 04:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-30 22:29 - 2014-09-30 23:05 - 00000000 ____D () C:\Users\Amanda\AppData\Local\Avg2015
2014-09-30 22:29 - 2014-09-30 22:29 - 00000000 ____D () C:\Users\Amanda\AppData\Local\MFAData
2014-09-30 22:28 - 2014-09-30 22:28 - 04578024 _____ (AVG Technologies) C:\Users\Amanda\Desktop\avg_avct_stb_all_2015_5315_welcomecmp.exe
2014-09-30 21:55 - 2014-09-30 21:55 - 00497569 _____ (Thisisu) C:\Users\Amanda\Desktop\JRT.exe
2014-09-30 21:47 - 2014-10-01 05:19 - 00000000 ____D () C:\AdwCleaner
2014-09-30 21:40 - 2014-10-01 06:46 - 00019690 _____ () C:\Users\Amanda\Desktop\FRST.txt
2014-09-30 21:40 - 2014-10-01 06:45 - 00000000 ____D () C:\FRST
2014-09-30 21:40 - 2014-09-30 21:41 - 00031709 _____ () C:\Users\Amanda\Desktop\Addition.txt
2014-09-30 21:39 - 2014-09-30 21:39 - 02108928 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2014-09-30 21:31 - 2014-09-30 21:31 - 01100288 _____ (Farbar) C:\Users\Amanda\Desktop\FRST.exe
2014-09-30 21:24 - 2014-09-30 21:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Desktop\rkill (1).exe
2014-09-30 21:13 - 2014-09-30 22:22 - 00001932 _____ () C:\windows\PFRO.log
2014-09-30 20:54 - 2014-10-01 06:26 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-30 20:54 - 2014-09-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-30 20:54 - 2014-09-30 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-30 20:54 - 2014-09-30 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-30 20:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-30 20:54 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-30 20:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-30 20:52 - 2014-09-30 20:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amanda\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-30 20:40 - 2014-09-30 20:40 - 02064880 _____ (Trend Micro Inc.) C:\Users\Amanda\Desktop\HousecallLauncher (1).exe
2014-09-30 20:32 - 2014-09-30 20:35 - 01286967 _____ (Trend Micro Inc.) C:\Users\Amanda\Desktop\HousecallLauncher64.exe
2014-09-30 10:14 - 2014-09-30 10:14 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\RealNetworks
2014-09-30 10:12 - 2014-09-30 10:12 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-09-30 10:12 - 2014-09-30 10:12 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-09-30 10:11 - 2014-09-30 10:11 - 00278600 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2014-09-30 10:11 - 2014-09-30 10:11 - 00201800 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2014-09-30 10:10 - 2014-09-30 10:10 - 00505416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2014-09-30 10:10 - 2014-09-30 10:10 - 00353864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-09-26 13:36 - 2014-09-26 13:36 - 00000094 ____H () C:\Users\Amanda\Desktop\.~lock.BILLS current.ods#
2014-09-24 16:23 - 2014-09-30 22:44 - 00763048 _____ () C:\windows\WindowsUpdate.log
2014-09-13 18:19 - 2014-09-14 22:15 - 00000000 ____D () C:\Users\Amanda\Documents\Canister Claim
2014-09-11 01:02 - 2014-09-11 01:02 - 00004162 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-11 01:02 - 2014-09-11 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-11 01:02 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-11 01:02 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-11 01:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-11 01:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-11 00:57 - 2014-09-11 00:57 - 00918440 _____ (Oracle Corporation) C:\Users\Amanda\Downloads\chromeinstall-7u67.exe
2014-09-10 22:34 - 2014-09-10 22:34 - 00056842 _____ () C:\Users\Amanda\Downloads\bicycle girl.zip
2014-09-01 10:33 - 2014-09-01 10:33 - 00018127 _____ () C:\Users\Amanda\Documents\Morgan Schedule.ods
2014-09-01 10:21 - 2014-09-01 10:21 - 00018321 _____ () C:\Users\Amanda\Documents\Chloe schedule.ods
2014-09-01 09:55 - 2014-09-01 09:55 - 00009872 _____ () C:\Users\Amanda\Desktop\schedule.cab
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-01 06:46 - 2013-03-16 11:22 - 00000000 ____D () C:\Users\Amanda\AppData\Local\CrashDumps
2014-10-01 06:45 - 2013-09-01 06:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 06:17 - 2012-12-25 17:14 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 06:02 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-01 05:29 - 2012-12-25 17:14 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 04:45 - 2013-10-23 23:22 - 00000000 ____D () C:\Users\Amanda\Documents\Calibre Library
2014-09-30 23:56 - 2012-12-25 17:12 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 23:04 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-09-30 22:42 - 2012-07-26 04:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-09-30 22:29 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-30 22:22 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-30 21:29 - 2013-05-22 20:07 - 00001986 _____ () C:\Users\Amanda\Desktop\Rkill.txt
2014-09-30 21:12 - 2012-07-26 01:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-09-30 21:11 - 2013-09-01 06:21 - 00000000 ____D () C:\Users\Amanda\AppData\Local\CRE
2014-09-30 20:51 - 2013-07-10 01:57 - 01820269 _____ () C:\Users\Amanda\AppData\Local\census.cache
2014-09-30 20:51 - 2013-07-10 01:56 - 00158645 _____ () C:\Users\Amanda\AppData\Local\ars.cache
2014-09-30 19:59 - 2013-09-01 22:58 - 00003358 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 19:59 - 2013-09-01 22:58 - 00003226 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 19:16 - 2013-09-01 05:59 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\Real
2014-09-30 18:41 - 2014-03-24 07:49 - 00000000 ____D () C:\windows\Minidump
2014-09-30 17:30 - 2013-09-01 06:02 - 00003378 _____ () C:\windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 13:17 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-09-30 10:12 - 2013-09-01 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-30 10:12 - 2013-09-01 05:59 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-30 10:11 - 2013-09-01 05:58 - 00000000 ____D () C:\ProgramData\Real
2014-09-30 08:39 - 2014-07-26 21:05 - 00000000 ____D () C:\Users\Amanda\Desktop\candle rings
2014-09-28 15:11 - 2013-03-10 01:08 - 00000000 ____D () C:\Users\Amanda\Desktop\fanfic
2014-09-24 16:34 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-24 04:10 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-09-23 22:52 - 2013-03-15 21:40 - 00000000 ____D () C:\Users\Amanda\Desktop\my antiques
2014-09-20 18:42 - 2014-04-06 23:40 - 00000000 ____D () C:\Users\Amanda\AppData\Local\Windows Live
2014-09-19 13:43 - 2012-09-03 21:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 23:58 - 2013-09-30 04:26 - 00000000 ____D () C:\Users\Amanda\Desktop\books for girls
2014-09-15 15:00 - 2013-04-27 10:58 - 00027888 _____ () C:\Users\Amanda\Desktop\BILLS current.ods
2014-09-13 23:38 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-09-11 01:03 - 2014-06-06 08:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-11 01:02 - 2013-08-25 12:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-10 22:34 - 2013-10-23 09:32 - 00000000 ___RD () C:\Users\Amanda\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-09-09 13:45 - 2013-09-01 06:05 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 10:21 - 2013-03-08 19:22 - 00000000 ____D () C:\ProgramData\CanonIJPLM
Some content of TEMP:
====================
C:\Users\Amanda\AppData\Local\Temp\lowproc.exe
C:\Users\Amanda\AppData\Local\Temp\Quarantine.exe
C:\Users\Amanda\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-24 04:04
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2014
Ran by Amanda at 2014-10-01 06:47:53
Running from C:\Users\Amanda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FanFictionDownloader version 0.8.7 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.7 - Raimond Eisele)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TEAM MANAGER Lite 7.0 (HKLM-x32\...\{64B8EBD2-ABF1-4336-9A60-389170CFDCF9}) (Version: 1.00.0002 - The Active Network)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.8.7 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
11-09-2014 05:01:45 Installed Java 7 Update 67
20-09-2014 17:45:13 Scheduled Checkpoint
29-09-2014 10:26:47 Scheduled Checkpoint
01-10-2014 02:32:17 Installed AVG 2015
01-10-2014 02:33:00 Installed AVG 2015
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C122870-C618-43FD-950B-B8DC66FA6BCE} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BFAAD92-35E9-47A6-AD27-8D32FDBFC637} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {5E26B280-90B7-4549-A1D9-941E89198436} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)
Task: {6EAAF274-E4D6-4554-A070-8FA123E568B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {735EB1DC-EFF9-4A90-9DC0-6805BD405E5F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {968880EA-33D9-4DE3-BF6E-D412E266B654} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9A73B9AA-B449-4120-B837-1CD51C0CF653} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C190FD99-5F7C-4DDF-AA92-1EF910A3F526} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CF1A778A-EEEC-4B5D-8555-0D50D59E602A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)
Task: {D671EFD1-F6E6-4976-9B06-6E5FDA9955B5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED204373-E481-4F70-8427-4265D0F77974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)
Task: {F1E0A5DF-D311-4C58-AADD-A4C8A7ACEBE2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {F1EE8138-5E37-4713-AF3E-F634661068DC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-08-06 09:36 - 2012-08-06 09:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-09-06 01:28 - 2013-09-06 01:28 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\45a2a6affd886f3d074ccb60b2d4e6b4\Windows.UI.ni.dll
2013-09-06 01:29 - 2013-09-06 01:29 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fb1bcfa315ba09bafeac2c6494fdb6ab\Windows.Data.ni.dll
2013-09-06 01:28 - 2013-09-06 01:28 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\c11294bb4741622a253c38ccc968a54e\Windows.Foundation.ni.dll
2014-09-30 10:10 - 2014-09-30 10:10 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2012-10-20 10:11 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-24 18:20 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 18:20 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 18:20 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:20 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 18:20 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 18:20 - 2014-09-23 00:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
========================= Accounts: ==========================
Administrator (S-1-5-21-2269063864-3542647717-1489514493-500 - Administrator - Disabled)
Amanda (S-1-5-21-2269063864-3542647717-1489514493-1001 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2269063864-3542647717-1489514493-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/01/2014 06:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc00000fd
Fault offset: 0x0004366a
Faulting process id: 0x1780
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:45:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/01/2014 06:44:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2b38
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:44:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x3d6c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:42:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/01/2014 06:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2b88
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618fd
Faulting process id: 0x1114
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:40:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2158
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x3b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:38:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x4fd4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
System errors:
=============
Error: (10/01/2014 06:47:54 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:47:23 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:46:51 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:46:18 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:45:46 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:45:14 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:44:43 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:44:10 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:43:39 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:43:06 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Microsoft Office Sessions:
=========================
Error: (10/01/2014 06:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec00000fd0004366a178001cfdd64d0482507C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll261c5df2-4958-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:45:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}\recordingmanager.exe
Error: (10/01/2014 06:44:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d02b3801cfdd64ae6a850fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllecf682b1-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:44:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d03d6c01cfdd64aa8e86e4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllea027a4f-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:42:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}\recordingmanager.exe
Error: (10/01/2014 06:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d02b8801cfdd64435ffe50C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll85935d7e-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618fd111401cfdd643b32dd1bC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll7a2ca58a-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:40:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0215801cfdd641df78c05C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll5c5551b8-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d03b001cfdd6418757849C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll56bb43c3-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:38:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d04fd401cfdd63e51c52a7C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll23ae92ed-4957-11e4-beab-20689dec1a3f
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 6028.21 MB
Available physical RAM: 3651.13 MB
Total Pagefile: 12428.21 MB
Available Pagefile: 9096.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (TI10653400C) (Fixed) (Total:586 GB) (Free:524.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Thanks!
Mandy
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-09-2014
Ran by Amanda (administrator) on MANDY on 01-10-2014 06:45:39
Running from C:\Users\Amanda\Desktop
Loaded Profile: Amanda (Available profiles: Amanda)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-09-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2269063864-3542647717-1489514493-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-2269063864-3542647717-1489514493-1001\...\MountPoints2: {4f94c2ad-4ecd-11e2-be71-806e6f6e6963} - "D:\Setup.exe"
HKU\S-1-5-21-2269063864-3542647717-1489514493-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - {30884B74-D4E7-4663-804F-16C6E88DD586} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {30884B74-D4E7-4663-804F-16C6E88DD586} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - {30884B74-D4E7-4663-804F-16C6E88DD586} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR Profile: C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-25]
CHR Extension: (Google Search) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-25]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-04-17]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2014-04-05]
CHR Extension: (Google Wallet) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (TabCloud) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2014-01-01]
CHR Extension: (No Name) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohejkgbgjendbpmelpmkopicjgoiccdk [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-30] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-02-11] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-11] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2014-02-11] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-01 05:30 - 2014-10-01 05:30 - 00003204 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-10-01 05:29 - 2014-10-01 05:29 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 23:04 - 2014-09-30 23:04 - 00000000 ____D () C:\ProgramData\Avg_Update_0914avt
2014-09-30 22:43 - 2014-09-30 22:43 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\AVG2015
2014-09-30 22:42 - 2014-09-30 22:42 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-30 22:42 - 2014-09-30 22:42 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\TuneUp Software
2014-09-30 22:42 - 2014-09-30 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-30 22:33 - 2014-10-01 05:19 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-30 22:33 - 2014-09-30 22:33 - 00000000 ___HD () C:\$AVG
2014-09-30 22:32 - 2014-09-30 22:32 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-30 22:29 - 2014-10-01 04:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-30 22:29 - 2014-09-30 23:05 - 00000000 ____D () C:\Users\Amanda\AppData\Local\Avg2015
2014-09-30 22:29 - 2014-09-30 22:29 - 00000000 ____D () C:\Users\Amanda\AppData\Local\MFAData
2014-09-30 22:28 - 2014-09-30 22:28 - 04578024 _____ (AVG Technologies) C:\Users\Amanda\Desktop\avg_avct_stb_all_2015_5315_welcomecmp.exe
2014-09-30 21:55 - 2014-09-30 21:55 - 00497569 _____ (Thisisu) C:\Users\Amanda\Desktop\JRT.exe
2014-09-30 21:47 - 2014-10-01 05:19 - 00000000 ____D () C:\AdwCleaner
2014-09-30 21:40 - 2014-10-01 06:46 - 00019690 _____ () C:\Users\Amanda\Desktop\FRST.txt
2014-09-30 21:40 - 2014-10-01 06:45 - 00000000 ____D () C:\FRST
2014-09-30 21:40 - 2014-09-30 21:41 - 00031709 _____ () C:\Users\Amanda\Desktop\Addition.txt
2014-09-30 21:39 - 2014-09-30 21:39 - 02108928 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2014-09-30 21:31 - 2014-09-30 21:31 - 01100288 _____ (Farbar) C:\Users\Amanda\Desktop\FRST.exe
2014-09-30 21:24 - 2014-09-30 21:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Desktop\rkill (1).exe
2014-09-30 21:13 - 2014-09-30 22:22 - 00001932 _____ () C:\windows\PFRO.log
2014-09-30 20:54 - 2014-10-01 06:26 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-30 20:54 - 2014-09-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-30 20:54 - 2014-09-30 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-30 20:54 - 2014-09-30 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-30 20:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-30 20:54 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-30 20:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-30 20:52 - 2014-09-30 20:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amanda\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-30 20:40 - 2014-09-30 20:40 - 02064880 _____ (Trend Micro Inc.) C:\Users\Amanda\Desktop\HousecallLauncher (1).exe
2014-09-30 20:32 - 2014-09-30 20:35 - 01286967 _____ (Trend Micro Inc.) C:\Users\Amanda\Desktop\HousecallLauncher64.exe
2014-09-30 10:14 - 2014-09-30 10:14 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\RealNetworks
2014-09-30 10:12 - 2014-09-30 10:12 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-09-30 10:12 - 2014-09-30 10:12 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-09-30 10:11 - 2014-09-30 10:11 - 00278600 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2014-09-30 10:11 - 2014-09-30 10:11 - 00201800 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2014-09-30 10:10 - 2014-09-30 10:10 - 00505416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2014-09-30 10:10 - 2014-09-30 10:10 - 00353864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-09-26 13:36 - 2014-09-26 13:36 - 00000094 ____H () C:\Users\Amanda\Desktop\.~lock.BILLS current.ods#
2014-09-24 16:23 - 2014-09-30 22:44 - 00763048 _____ () C:\windows\WindowsUpdate.log
2014-09-13 18:19 - 2014-09-14 22:15 - 00000000 ____D () C:\Users\Amanda\Documents\Canister Claim
2014-09-11 01:02 - 2014-09-11 01:02 - 00004162 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-11 01:02 - 2014-09-11 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-11 01:02 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-11 01:02 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-11 01:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-11 01:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-11 00:57 - 2014-09-11 00:57 - 00918440 _____ (Oracle Corporation) C:\Users\Amanda\Downloads\chromeinstall-7u67.exe
2014-09-10 22:34 - 2014-09-10 22:34 - 00056842 _____ () C:\Users\Amanda\Downloads\bicycle girl.zip
2014-09-01 10:33 - 2014-09-01 10:33 - 00018127 _____ () C:\Users\Amanda\Documents\Morgan Schedule.ods
2014-09-01 10:21 - 2014-09-01 10:21 - 00018321 _____ () C:\Users\Amanda\Documents\Chloe schedule.ods
2014-09-01 09:55 - 2014-09-01 09:55 - 00009872 _____ () C:\Users\Amanda\Desktop\schedule.cab
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-01 06:46 - 2013-03-16 11:22 - 00000000 ____D () C:\Users\Amanda\AppData\Local\CrashDumps
2014-10-01 06:45 - 2013-09-01 06:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 06:17 - 2012-12-25 17:14 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 06:02 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-01 05:29 - 2012-12-25 17:14 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 04:45 - 2013-10-23 23:22 - 00000000 ____D () C:\Users\Amanda\Documents\Calibre Library
2014-09-30 23:56 - 2012-12-25 17:12 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 23:04 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-09-30 22:42 - 2012-07-26 04:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-09-30 22:29 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-30 22:22 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-30 21:29 - 2013-05-22 20:07 - 00001986 _____ () C:\Users\Amanda\Desktop\Rkill.txt
2014-09-30 21:12 - 2012-07-26 01:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-09-30 21:11 - 2013-09-01 06:21 - 00000000 ____D () C:\Users\Amanda\AppData\Local\CRE
2014-09-30 20:51 - 2013-07-10 01:57 - 01820269 _____ () C:\Users\Amanda\AppData\Local\census.cache
2014-09-30 20:51 - 2013-07-10 01:56 - 00158645 _____ () C:\Users\Amanda\AppData\Local\ars.cache
2014-09-30 19:59 - 2013-09-01 22:58 - 00003358 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 19:59 - 2013-09-01 22:58 - 00003226 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 19:16 - 2013-09-01 05:59 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\Real
2014-09-30 18:41 - 2014-03-24 07:49 - 00000000 ____D () C:\windows\Minidump
2014-09-30 17:30 - 2013-09-01 06:02 - 00003378 _____ () C:\windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001
2014-09-30 13:17 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-09-30 10:12 - 2013-09-01 05:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-30 10:12 - 2013-09-01 05:59 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-30 10:11 - 2013-09-01 05:58 - 00000000 ____D () C:\ProgramData\Real
2014-09-30 08:39 - 2014-07-26 21:05 - 00000000 ____D () C:\Users\Amanda\Desktop\candle rings
2014-09-28 15:11 - 2013-03-10 01:08 - 00000000 ____D () C:\Users\Amanda\Desktop\fanfic
2014-09-24 16:34 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-24 04:10 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-09-23 22:52 - 2013-03-15 21:40 - 00000000 ____D () C:\Users\Amanda\Desktop\my antiques
2014-09-20 18:42 - 2014-04-06 23:40 - 00000000 ____D () C:\Users\Amanda\AppData\Local\Windows Live
2014-09-19 13:43 - 2012-09-03 21:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 23:58 - 2013-09-30 04:26 - 00000000 ____D () C:\Users\Amanda\Desktop\books for girls
2014-09-15 15:00 - 2013-04-27 10:58 - 00027888 _____ () C:\Users\Amanda\Desktop\BILLS current.ods
2014-09-13 23:38 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-09-11 01:03 - 2014-06-06 08:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-11 01:02 - 2013-08-25 12:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-10 22:34 - 2013-10-23 09:32 - 00000000 ___RD () C:\Users\Amanda\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-09-09 13:45 - 2013-09-01 06:05 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-01 10:21 - 2013-03-08 19:22 - 00000000 ____D () C:\ProgramData\CanonIJPLM
Some content of TEMP:
====================
C:\Users\Amanda\AppData\Local\Temp\lowproc.exe
C:\Users\Amanda\AppData\Local\Temp\Quarantine.exe
C:\Users\Amanda\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-24 04:04
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2014
Ran by Amanda at 2014-10-01 06:47:53
Running from C:\Users\Amanda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FanFictionDownloader version 0.8.7 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.7 - Raimond Eisele)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
RealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TEAM MANAGER Lite 7.0 (HKLM-x32\...\{64B8EBD2-ABF1-4336-9A60-389170CFDCF9}) (Version: 1.00.0002 - The Active Network)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.8.7 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2269063864-3542647717-1489514493-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
11-09-2014 05:01:45 Installed Java 7 Update 67
20-09-2014 17:45:13 Scheduled Checkpoint
29-09-2014 10:26:47 Scheduled Checkpoint
01-10-2014 02:32:17 Installed AVG 2015
01-10-2014 02:33:00 Installed AVG 2015
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C122870-C618-43FD-950B-B8DC66FA6BCE} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BFAAD92-35E9-47A6-AD27-8D32FDBFC637} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {5E26B280-90B7-4549-A1D9-941E89198436} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)
Task: {6EAAF274-E4D6-4554-A070-8FA123E568B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {735EB1DC-EFF9-4A90-9DC0-6805BD405E5F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {968880EA-33D9-4DE3-BF6E-D412E266B654} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9A73B9AA-B449-4120-B837-1CD51C0CF653} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C190FD99-5F7C-4DDF-AA92-1EF910A3F526} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CF1A778A-EEEC-4B5D-8555-0D50D59E602A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)
Task: {D671EFD1-F6E6-4976-9B06-6E5FDA9955B5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED204373-E481-4F70-8427-4265D0F77974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)
Task: {F1E0A5DF-D311-4C58-AADD-A4C8A7ACEBE2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {F1EE8138-5E37-4713-AF3E-F634661068DC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2269063864-3542647717-1489514493-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-08-06 09:36 - 2012-08-06 09:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-09-06 01:28 - 2013-09-06 01:28 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\45a2a6affd886f3d074ccb60b2d4e6b4\Windows.UI.ni.dll
2013-09-06 01:29 - 2013-09-06 01:29 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fb1bcfa315ba09bafeac2c6494fdb6ab\Windows.Data.ni.dll
2013-09-06 01:28 - 2013-09-06 01:28 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\c11294bb4741622a253c38ccc968a54e\Windows.Foundation.ni.dll
2014-09-30 10:10 - 2014-09-30 10:10 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2012-10-20 10:11 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-24 18:20 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 18:20 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 18:20 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:20 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 18:20 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 18:20 - 2014-09-23 00:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
========================= Accounts: ==========================
Administrator (S-1-5-21-2269063864-3542647717-1489514493-500 - Administrator - Disabled)
Amanda (S-1-5-21-2269063864-3542647717-1489514493-1001 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2269063864-3542647717-1489514493-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/01/2014 06:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc00000fd
Fault offset: 0x0004366a
Faulting process id: 0x1780
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:45:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/01/2014 06:44:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2b38
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:44:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x3d6c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:42:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/01/2014 06:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2b88
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618fd
Faulting process id: 0x1114
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:40:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x2158
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x3b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (10/01/2014 06:38:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618d0
Faulting process id: 0x4fd4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
System errors:
=============
Error: (10/01/2014 06:47:54 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:47:23 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:46:51 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:46:18 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:45:46 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:45:14 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:44:43 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:44:10 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:43:39 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/01/2014 06:43:06 AM) (Source: DCOM) (EventID: 10010) (User: MANDY)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Microsoft Office Sessions:
=========================
Error: (10/01/2014 06:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec00000fd0004366a178001cfdd64d0482507C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll261c5df2-4958-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:45:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}\recordingmanager.exe
Error: (10/01/2014 06:44:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d02b3801cfdd64ae6a850fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllecf682b1-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:44:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d03d6c01cfdd64aa8e86e4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllea027a4f-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:42:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}\recordingmanager.exe
Error: (10/01/2014 06:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d02b8801cfdd64435ffe50C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll85935d7e-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618fd111401cfdd643b32dd1bC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll7a2ca58a-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:40:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0215801cfdd641df78c05C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll5c5551b8-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d03b001cfdd6418757849C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll56bb43c3-4957-11e4-beab-20689dec1a3f
Error: (10/01/2014 06:38:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.16578515fac6ec0000005000618d04fd401cfdd63e51c52a7C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll23ae92ed-4957-11e4-beab-20689dec1a3f
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 6028.21 MB
Available physical RAM: 3651.13 MB
Total Pagefile: 12428.21 MB
Available Pagefile: 9096.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (TI10653400C) (Fixed) (Total:586 GB) (Free:524.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================