TechSpot

.txt for malware removal help! farbar

By WildeAboutWords
Apr 15, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
    Ran by Clarissa (administrator) on CB-PC on 14-04-2015 23:16:09
    Running from C:\Users\Clarissa\Downloads
    Loaded Profiles: UpdatusUser & Clarissa (Available profiles: UpdatusUser & Clarissa)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe
    (BitTorrent Inc.) C:\Users\Clarissa\AppData\Roaming\uTorrent\uTorrent.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Clarissa\Downloads\FARBAR RECOVERY.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
    HKLM\...\Run: [ETDCtrl] => "%ProgramFiles%\Elantech\ETDCtrl.exe"
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-01] (CyberLink)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Google Update] => C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-21] (Google Inc.)
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [f.lux] => "C:\Users\Clarissa\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [uTorrent] => C:\Users\Clarissa\AppData\Roaming\uTorrent\uTorrent.exe [1142864 2015-02-21] (BitTorrent Inc.)
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-23] (Valve Corporation)
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\MountPoints2: {b012bac6-9026-11e1-aa55-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
    AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...=SPFA4805D9-685A-402C-8C49-AB95CE651A1E&SSPV=
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ca/
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-402C-8C49-AB95CE651A1E&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-402C-8C49-AB95CE651A1E&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {435B6687-3288-45C9-8B57-50D75EE49C54} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
    BHO: bestadblocker -> {7afa7aca-6e3f-45c5-92e0-079f2365b656} -> C:\Program Files (x86)\bestadblocker\BGuFWZ7RPB4IYd.x64.dll No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
    BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: bestadblocker -> {7afa7aca-6e3f-45c5-92e0-079f2365b656} -> C:\Program Files (x86)\bestadblocker\BGuFWZ7RPB4IYd.dll No File
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    BHO-x32: Express Find -> {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} -> C:\Program Files (x86)\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
    Tcpip\..\Interfaces\{D30D985F-7679-4A6A-9F4B-00BBE75C434D}: [NameServer] 208.67.222.222,208.67.220.220

    FireFox:
    ========
    FF ProfilePath: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default
    FF NewTab: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SPFA4805D9-685A-402C-8C49-AB95CE651A1E
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Google
    FF Homepage: google.ca
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2011991932-2341434188-910287483-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2011991932-2341434188-910287483-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF user.js: detected! => C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\user.js [2015-04-13]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-06] (Apple Inc.)
    FF SearchPlugin: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\searchplugins\bingp.xml [2013-12-26]
    FF SearchPlugin: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\searchplugins\trovi-search.xml [2014-07-17]
    FF Extension: uTorrentControl2 - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2013-12-23]
    FF Extension: Media Hint - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\mediahint@jetpack.xpi [2013-04-19]
    FF Extension: Express Find - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{7ab3cbb3-34f1-440b-b048-404cfae819c0}.xpi [2015-04-13]
    FF Extension: Adblock Plus - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-22]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-28]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> https://www.google.ca/
    CHR StartupUrls: Default -> "hxxp://www.bing.com/", "hxxp://www.google.ca/"
    CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CHR Profile: C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
    CHR Extension: (YouTube) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-21]
    CHR Extension: (Adblock Plus) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-23]
    CHR Extension: (Google Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-21]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
    CHR Extension: (Google Wallet) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-21]
    CHR Extension: (uTorrentControl2) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-08-21]
    CHR Extension: (Gmail) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-21]
    CHR Profile: C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Ask Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-04-14]
    CHR Extension: (Google Slides) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
    CHR Extension: (Google Docs) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
    CHR Extension: (Google Drive) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
    CHR Extension: (YouTube) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
    CHR Extension: (Google Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
    CHR Extension: (Google Sheets) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-14]
    CHR Extension: (Google Wallet) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-04-14]
    CHR Extension: (Show Apps in new tab) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip [2015-04-14]
    CHR Extension: (uTorrentControl2) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2015-04-14]
    CHR Extension: (Gmail) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
    CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Clarissa\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-08]
    CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Clarissa\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Clarissa\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
    StartMenuInternet: Google Chrome.HFTPOAJB32K5U4UDDXWYSITFXU - C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-05-31] (Symantec Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [File not signed]
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-03-24] (IDRIX)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 23:16 - 2015-04-14 23:17 - 00028538 _____ () C:\Users\Clarissa\Downloads\FRST.txt
    2015-04-14 23:16 - 2015-04-14 23:16 - 00000000 ____D () C:\FRST
    2015-04-14 23:15 - 2015-04-14 23:15 - 02096640 _____ (Farbar) C:\Users\Clarissa\Downloads\FARBAR RECOVERY.exe
    2015-04-14 22:59 - 2015-04-14 22:59 - 00000000 ___RD () C:\Users\Clarissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-04-14 22:53 - 2012-03-12 10:24 - 02212656 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
    2015-04-14 22:44 - 2015-04-14 22:58 - 00000000 ____D () C:\ProgramData\{dffaaf0d-e292-bfe9-dffa-aaf0de29bc37}
    2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\ProgramData\9871179244914948475
    2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\Program Files (x86)\SaLePellus
    2015-04-14 22:43 - 2015-04-14 22:43 - 00000000 ____D () C:\ProgramData\lncoagnbedillamfnnlmcamekgacmidn
    2015-04-14 22:42 - 2015-04-14 22:44 - 00002211 _____ () C:\Users\Clarissa\Desktop\Everytime.lnk
    2015-04-14 22:41 - 2015-04-14 22:41 - 00000000 ____D () C:\ProgramData\{4b84a23a-5316-5cb7-4b84-4a23a53188e9}
    2015-04-13 20:21 - 2015-04-13 20:21 - 00000000 ____D () C:\Users\Clarissa\Downloads\Powerpoint 2010 version
    2015-04-13 20:08 - 2015-04-13 20:19 - 682329324 _____ () C:\Users\Clarissa\Downloads\Powerpoint 2010 version.rar
    2015-04-13 20:05 - 2015-04-13 20:05 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\PowerISO
    2015-04-13 19:47 - 2015-04-13 19:47 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\WinRAR
    2015-04-13 19:46 - 2015-04-13 19:46 - 01941744 _____ () C:\Users\Clarissa\Downloads\winrar-x64-521.exe
    2015-04-13 19:46 - 2015-04-13 19:46 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\OpenCandy
    2015-04-13 19:45 - 2015-04-13 19:45 - 02814520 _____ (Power Software Ltd) C:\Users\Clarissa\Downloads\PowerISO6-x64.exe
    2015-04-07 19:21 - 2015-04-07 19:22 - 00000000 ___SD () C:\windows\system32\GWX
    2015-04-07 19:21 - 2015-04-07 19:21 - 00000000 ___SD () C:\windows\SysWOW64\GWX
    2015-03-24 14:56 - 2015-03-24 15:02 - 00000000 ____D () C:\Users\Clarissa\My Volume
    2015-03-24 14:53 - 2015-03-24 14:57 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\VeraCrypt
    2015-03-24 14:52 - 2015-03-24 14:52 - 00192344 _____ (IDRIX) C:\windows\system32\Drivers\veracrypt.sys
    2015-03-24 14:52 - 2015-03-24 14:52 - 00000847 _____ () C:\Users\Public\Desktop\VeraCrypt.lnk
    2015-03-24 14:52 - 2015-03-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
    2015-03-24 14:52 - 2015-03-24 14:52 - 00000000 ____D () C:\Program Files\VeraCrypt
    2015-03-24 14:51 - 2015-03-24 14:51 - 07670608 _____ (IDRIX) C:\Users\Clarissa\Downloads\VeraCrypt Setup 1.0f-1.exe
    2015-03-24 14:46 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-03-24 14:46 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-03-24 14:46 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-03-24 14:46 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-03-24 14:46 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-03-24 14:46 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2015-03-24 14:46 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-03-24 14:46 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-03-21 15:55 - 2015-03-21 15:55 - 02226530 _____ () C:\Users\Clarissa\Downloads\AC002236-Badwal- first final ( ama ).WMA
    2015-03-21 15:36 - 2015-03-21 15:36 - 02538738 _____ () C:\Users\Clarissa\Downloads\AC002293- Cheng first final ( ama).WMA
    2015-03-21 15:13 - 2015-03-21 15:13 - 02619792 _____ () C:\Users\Clarissa\Downloads\AC002253- Bithow0 first final ( ama ).WMA
    2015-03-21 14:27 - 2015-03-21 14:27 - 03049078 _____ () C:\Users\Clarissa\Downloads\AC002282- Bates first final (AMA)).WMA
    2015-03-21 13:41 - 2015-03-21 13:41 - 02778898 _____ () C:\Users\Clarissa\Downloads\AC002276- Bentazal- first and final ( AMA).WMA
    2015-03-21 13:11 - 2015-03-21 13:11 - 02214522 _____ () C:\Users\Clarissa\Downloads\AC002310- Baker - first and final ( ama).WMA

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-14 23:15 - 2012-08-06 16:55 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\uTorrent
    2015-04-14 23:11 - 2012-07-27 16:19 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\Skype
    2015-04-14 23:08 - 2009-07-13 21:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-14 23:08 - 2009-07-13 21:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-14 23:04 - 2012-04-27 12:25 - 01581425 _____ () C:\windows\WindowsUpdate.log
    2015-04-14 23:00 - 2014-07-08 21:22 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-14 23:00 - 2012-04-26 20:29 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2015-04-14 22:59 - 2014-07-08 21:24 - 00000000 ___RD () C:\Users\Clarissa\Google Drive
    2015-04-14 22:58 - 2015-02-11 21:40 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-04-14 22:57 - 2010-11-20 20:47 - 00669048 _____ () C:\windows\PFRO.log
    2015-04-14 22:57 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-04-14 22:57 - 2009-07-13 21:51 - 00167697 _____ () C:\windows\setupact.log
    2015-04-14 22:53 - 2013-12-29 19:19 - 00000000 ____D () C:\Users\Clarissa\AppData\Local\FluxSoftware
    2015-04-14 22:53 - 2012-07-27 15:21 - 00000000 ____D () C:\Program Files\Elantech
    2015-04-14 22:39 - 2012-08-21 16:32 - 00002376 _____ () C:\Users\Clarissa\Desktop\Google Chrome.lnk
    2015-04-14 22:32 - 2012-07-28 22:39 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-04-14 21:50 - 2014-07-08 21:22 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-14 18:32 - 2012-07-28 22:39 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-04-14 18:32 - 2012-07-28 22:39 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-14 18:32 - 2012-07-28 22:39 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-14 18:26 - 2012-08-21 16:29 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2011991932-2341434188-910287483-1001Core.job
    2015-04-14 18:26 - 2012-04-26 20:29 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2015-04-13 20:07 - 2014-02-18 00:59 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\dvdcss
    2015-04-13 20:07 - 2013-03-29 21:44 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\vlc
    2015-04-12 17:20 - 2009-07-13 22:13 - 00783376 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-04-03 02:32 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Clarissa\Documents\Personal Projects
    2015-04-02 18:48 - 2012-11-01 14:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-04-02 18:48 - 2012-07-27 15:22 - 00000000 ____D () C:\ProgramData\Skype
    2015-03-26 22:24 - 2014-12-11 00:53 - 00000000 ____D () C:\windows\system32\appraiser
    2015-03-26 22:24 - 2014-05-06 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-03-24 14:56 - 2012-07-27 15:16 - 00000000 ____D () C:\Users\Clarissa
    2015-03-21 13:40 - 2014-03-27 14:11 - 00000000 ____D () C:\Users\Clarissa\Documents\Diana Insurance

    ==================== Files in the root of some directories =======

    2015-04-14 22:46 - 2015-04-14 22:51 - 0011668 _____ () C:\Users\Clarissa\AppData\Local\Temp-log.txt
    2012-04-26 21:46 - 2012-04-26 21:47 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2012-04-26 21:41 - 2012-04-26 21:42 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
    2012-04-26 21:44 - 2012-04-26 21:44 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2012-04-26 21:42 - 2012-04-26 21:44 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    2012-04-26 21:45 - 2012-04-26 21:46 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

    Some content of TEMP:
    ====================
    C:\Users\Clarissa\AppData\Local\Temp\5260.exe
    C:\Users\Clarissa\AppData\Local\Temp\tf00294823.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-10 19:13

    ==================== End Of Log ============================
     
  2. WildeAboutWords

    WildeAboutWords TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015
    Ran by Clarissa at 2015-04-14 23:18:53
    Running from C:\Users\Clarissa\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    µTorrent (HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
    Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
    Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
    CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
    CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
    Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.)
    Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
    Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.10.7 - Samsung Electronics Co., Ltd.)
    Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.20 - Samsung Electronics Co., Ltd.)
    ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
    Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
    Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    HIT (HKLM-x32\...\Steam App 336670) (Version: - Shifty Chair Games)
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LIMBO Demo (HKLM-x32\...\Steam App 48010) (Version: - Playdead)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    MixPad (HKLM-x32\...\MixPad) (Version: 3.54 - NCH Software)
    Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    NVIDIA Graphics Driver 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.01 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
    Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)
    Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.4 - Samsung)
    Shotty - Tiny but impressive screenshot utility (HKLM\...\2e730c18-03e8-4d1d-8fc2-0ee3ea04a765) (Version: 2.0.2.216 - Thomas Baumann)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
    User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - )
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-1 - IDRIX)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.74 - NCH Software)
    VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software)
    Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2011991932-2341434188-910287483-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2011991932-2341434188-910287483-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2011991932-2341434188-910287483-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2011991932-2341434188-910287483-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2011991932-2341434188-910287483-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2011991932-2341434188-910287483-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2011991932-2341434188-910287483-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    21-03-2015 21:27:00 Windows Update
    24-03-2015 14:52:11 VeraCrypt installation
    24-03-2015 23:44:14 Windows Update
    25-03-2015 03:00:12 Windows Update
    29-03-2015 20:36:29 Windows Update
    02-04-2015 19:04:21 Windows Update
    07-04-2015 19:21:02 Windows Modules Installer
    07-04-2015 19:40:17 Windows Update
    12-04-2015 17:36:14 Windows Update
    13-04-2015 19:46:30 Uniblue PC Mechanic installation

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {15B8556D-260D-4D95-A2C9-420DB52975E3} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-03-12] (Samsung Electronics Co., Ltd.)
    Task: {1B0D1179-C70C-4ABF-B574-DFC44C205B42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
    Task: {1BA38730-E0F0-44B0-9643-6E2280F7EBF5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
    Task: {23693616-1C4F-496C-9914-44241996DBDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {2B893C0A-FC25-4958-A213-5C1BE64B889B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
    Task: {2C23CFFE-3C1A-4BF9-99D4-5BCE7F9994E9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {38FA2F79-67E3-44AB-8087-507FBEDC4E99} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-02-27] (Samsung)
    Task: {3BD4B43A-3C0D-4D69-9C6A-58C58452A5D9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
    Task: {4E12A4C3-9E1E-4900-94C3-EE86F60F5296} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
    Task: {585DDC19-71EE-4B24-B2B8-8028633ED788} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {6D812538-2739-40C1-A1AD-3EC126BBC9DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2011991932-2341434188-910287483-1001Core => C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
    Task: {9224604F-7CE3-4EA5-9F29-B27CA93784E5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {94B748E1-E48B-49DC-B8C6-9C667FC45BCB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {C6FEA143-B509-40E6-A516-96980341A906} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-27] (SEC)
    Task: {C9956BD0-0C9A-474D-9DD5-2FF3AEB6828E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
    Task: {D5FDBBD6-B617-4C53-AE11-B2A6D272B1F6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {D6DA7167-262C-4E8D-A8C8-B02409379E7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2011991932-2341434188-910287483-1001UA => C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2011991932-2341434188-910287483-1001Core.job => C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2011991932-2341434188-910287483-1001UA.job => C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-04-26 20:29 - 2012-02-07 19:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2012-04-26 21:44 - 2009-12-01 00:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2012-02-14 19:22 - 2012-01-05 02:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2011-07-28 16:08 - 2011-07-28 16:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2015-01-20 23:35 - 2015-01-20 23:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2015-02-11 21:44 - 2015-03-09 23:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-02-11 21:44 - 2014-12-01 17:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-02-11 21:44 - 2014-12-01 17:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-02-11 21:44 - 2014-12-01 17:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-02-11 21:44 - 2015-03-23 21:22 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-02-11 21:43 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-02-11 21:43 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-02-11 21:43 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-02-11 21:43 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-02-11 21:43 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-02-11 21:43 - 2015-03-23 21:22 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2011-07-28 16:09 - 2011-07-28 16:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2009-11-01 22:20 - 2009-11-01 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2009-11-01 22:23 - 2009-11-01 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2015-04-14 22:58 - 2015-04-14 22:58 - 00098816 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32api.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00110080 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\pywintypes27.dll
    2015-04-14 22:58 - 2015-04-14 22:58 - 00364544 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\pythoncom27.dll
    2015-04-14 22:58 - 2015-04-14 22:58 - 00045568 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\_socket.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 01161216 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\_ssl.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00320512 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32com.shell.shell.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00713216 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\_hashlib.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 01175040 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._core_.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00805888 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._gdi_.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00811008 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._windows_.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 01062400 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._controls_.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00735232 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._misc_.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00682496 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\pysqlite2._sqlite.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00128512 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\_elementtree.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00127488 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\pyexpat.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00087552 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\_ctypes.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00119808 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32file.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00108544 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32security.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00007168 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\hashobjs_ext.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00167936 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32gui.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00018432 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32event.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00038912 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32inet.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00011264 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32crypt.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00070656 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._html2.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00027136 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\_multiprocessing.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00020480 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\_yappi.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00035840 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32process.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00686080 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\unicodedata.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00122368 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._wizard.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00024064 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32pipe.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00010240 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\select.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00025600 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32pdh.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00525640 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\windows._lib_cacheinvalidation.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00017408 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32profile.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00022528 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\win32ts.pyd
    2015-04-14 22:58 - 2015-04-14 22:58 - 00078336 _____ () C:\Users\Clarissa\AppData\Local\Temp\_MEI34682\wx._animate.pyd
    2012-04-26 20:48 - 2012-02-07 19:00 - 00755280 _____ () C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll
    2015-02-11 21:43 - 2015-02-24 18:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2012-04-26 20:46 - 2011-09-08 03:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
    2012-04-26 20:28 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-04-03 20:15 - 2015-03-30 14:07 - 01174856 _____ () C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
    2015-04-03 20:15 - 2015-03-30 14:07 - 00080200 _____ () C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll
    2015-04-03 20:15 - 2015-03-30 14:07 - 09279304 _____ () C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll
    2015-04-03 20:15 - 2015-03-30 14:07 - 14974280 _____ () C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Clarissa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 208.67.222.222 - 208.67.220.220

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2011991932-2341434188-910287483-500 - Administrator - Disabled)
    Clarissa (S-1-5-21-2011991932-2341434188-910287483-1001 - Administrator - Enabled) => C:\Users\Clarissa
    Guest (S-1-5-21-2011991932-2341434188-910287483-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2011991932-2341434188-910287483-1003 - Limited - Enabled)
    UpdatusUser (S-1-5-21-2011991932-2341434188-910287483-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/14/2015 11:04:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: CB-PC)
    Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

    Google Chrome

    Error: (04/14/2015 11:04:21 PM) (Source: MsiInstaller) (EventID: 10005) (User: CB-PC)
    Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

    Google Chrome

    Error: (04/14/2015 11:00:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2015 10:49:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/13/2015 10:30:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/10/2015 06:55:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/10/2015 02:14:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2075

    Error: (04/10/2015 02:14:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2075

    Error: (04/10/2015 02:14:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/10/2015 02:14:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1076


    System errors:
    =============
    Error: (04/14/2015 11:07:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    %%5

    Error: (04/14/2015 11:02:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Search Protect Service service failed to start due to the following error:
    %%2

    Error: (04/14/2015 10:57:39 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:56:31 PM on ‎14/‎04/‎2015 was unexpected.

    Error: (04/14/2015 10:54:44 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

    Error: (04/14/2015 10:50:45 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

    Error: (04/14/2015 10:48:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (04/14/2015 10:48:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (04/14/2015 10:48:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (04/14/2015 10:48:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (04/14/2015 10:48:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (04/14/2015 11:04:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: CB-PC)
    Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

    Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (04/14/2015 11:04:21 PM) (Source: MsiInstaller) (EventID: 10005) (User: CB-PC)
    Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

    Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (04/14/2015 11:00:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2015 10:49:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/13/2015 10:30:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/10/2015 06:55:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/10/2015 02:14:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2075

    Error: (04/10/2015 02:14:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2075

    Error: (04/10/2015 02:14:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/10/2015 02:14:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1076


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
    Percentage of memory in use: 42%
    Total physical RAM: 5923.54 MB
    Available physical RAM: 3428.67 MB
    Total Pagefile: 11845.27 MB
    Available Pagefile: 8647.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:443.43 GB) (Free:200.53 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: E29FED72)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=443.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=22.2 GB) - (Type=27)

    ==================== End Of Log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please do NOT create multiple topics regarding same computer.
    This time I merged both topics.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...