Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Blocked from internet, popups, redirects [Solved]


  • This topic is locked This topic is locked
35 replies to this topic

#16 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 26 December 2014 - 09:04 PM

I have removed Norton so many times I could scream.  I do not understand how it keeps getting on here.  MBAM just picked up more yuck. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/26/2014
Scan Time: 8:47:17 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.01
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: l

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340705
Time Elapsed: 5 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\CLSID\{A9F56A45-9E88-4BA0-8B81-F7130C2C2C16}, Quarantined, [8449b6b10f6d39fd02ce35c6f50ceb15],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.FakeMS, C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\keymgr.dll, Delete-on-Reboot, [8449b6b10f6d39fd02ce35c6f50ceb15],

Physical Sectors: 0
(No malicious items detected)

(end)


    Advertisements

Register to Remove


#17 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 26 December 2014 - 09:13 PM

app remover doesn't work anything like your directions on my machine.  My only option is to check the agree to terms button and run.  The only app it says I have is malwarebytes. 



#18 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 December 2014 - 05:38 AM

Looking over your log again it looks like Norton is gone, just the toolbar is leftover

 

Attaching a new fixlist that will remove that toolbar, download it to the same directory as FRST , then open FRST and click on Fix

 

Post the Fixlog and let me know how your system is behaving now ??

 

 

Attached Files



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#19 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 27 December 2014 - 04:50 PM

I can't download anything from IE.  that started when all this other stuff did.  Computer is running ok, but I get frequent messages that avast is blocking bad files.  that also started when the other problems did. 



#20 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 27 December 2014 - 05:00 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014
Ran by l at 2014-12-27 16:52:26 Run:5
Running from C:\Users\l\Desktop
Loaded Profile: l (Available profiles: l)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
EmptyTemp: => Removed 779.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:52:46 ====



#21 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 December 2014 - 05:02 PM

We crossed post



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#22 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 December 2014 - 05:05 PM

Please download Malwarebytes Anti-Rootkit from Here
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #23 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 27 December 2014 - 09:16 PM

    No cleanup needed, nothing found.  Unfortunately I'm starting to be blocked from internet on both IE and Chrome and I'm getting a screen that has a button to diagnose the problem pretending to to HP.  The spelling errors in the directions give them away, not that I would press that button anyway.  I had to restart the computer to access the internet. 



    #24 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 28 December 2014 - 07:06 AM

    When your up and running run this free online virus scanner from ESET

     

     
    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan
     
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
     
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
  • scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as
  • ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #25 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 28 December 2014 - 09:26 AM

    NO threats, I don't get it. 


      Advertisements

    Register to Remove


    #26 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 28 December 2014 - 09:30 AM

    Run a new scan with FRST, .checkmark additions and let me take another look



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #27 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 28 December 2014 - 11:34 AM

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
    Ran by l at 2014-12-28 11:29:34
    Running from C:\Users\l\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
    Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
    Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
    Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File

    ==================== Restore Points  =========================

    16-12-2014 21:38:23 Windows Update
    20-12-2014 12:40:31 Tweaking.com - Windows Repair
    25-12-2014 19:17:34 Installed Fitbit Connect

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 23:26 - 2014-12-25 11:32 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {01D1AEA2-D3E6-4F83-89FB-179CA941DD49} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {2074D266-16EF-443D-A537-7A04FA26D2C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {5285A5FC-9C0B-4B05-80AA-C7B537CDDB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
    Task: {7232C45B-0F67-4FC3-B0AC-ED65D5414393} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
    Task: {784C093C-5ABC-43A6-B057-D2206F601A9E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
    Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
    Task: {A981E902-DD74-4A81-8E7D-2A8244462A56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
    Task: {ABF63472-5283-4426-9A52-ED29E942ED06} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
    Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
    Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
    Task: {CDDD90BD-9075-4B36-A9CB-74B048D77D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
    Task: {D1329C4C-E6B3-4C12-86AB-E55904951995} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
    Task: {DEA98902-9691-4764-AE5C-C7987CD0003C} - System32\Tasks\HPCeeScheduleForl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\HPCeeScheduleForl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-05-04 15:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
    2014-11-19 13:56 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-28 04:12 - 2014-12-28 04:12 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122800\algo.dll
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
    2013-03-22 11:06 - 2013-03-22 11:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
    2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
    2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
    2013-07-17 11:27 - 2013-01-23 17:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
    2014-11-22 19:44 - 2014-11-22 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-07-17 11:33 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2497467096-1107912187-4260812050-500 - Administrator - Disabled)
    Guest (S-1-5-21-2497467096-1107912187-4260812050-501 - Limited - Disabled)
    l (S-1-5-21-2497467096-1107912187-4260812050-1001 - Administrator - Enabled) => C:\Users\l

    ==================== Faulty Device Manager Devices =============

    Name: Garmin USB GPS
    Description: Garmin USB GPS
    Class Guid: {a12a4c5a-e1a3-4151-9927-7f724ca5dc92}
    Manufacturer: Garmin
    Service: grmnusb
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/28/2014 11:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x009efb28
    Faulting process id: 0x14a4
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (12/28/2014 09:48:26 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8

    Error: (12/28/2014 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

    Error: (12/28/2014 03:00:45 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (12/28/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
    Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
    Exception code: 0xc0000005
    Fault offset: 0x0000000000025a1e
    Faulting process id: 0xa24
    Faulting application start time: 0xrundll32.exe_aepdu.dll0
    Faulting application path: rundll32.exe_aepdu.dll1
    Faulting module path: rundll32.exe_aepdu.dll2
    Report Id: rundll32.exe_aepdu.dll3
    Faulting package full name: rundll32.exe_aepdu.dll4
    Faulting package-relative application ID: rundll32.exe_aepdu.dll5

    Error: (12/28/2014 01:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
    Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
    Exception code: 0xc0000005
    Fault offset: 0x0000000000025a1e
    Faulting process id: 0x155c
    Faulting application start time: 0xrundll32.exe_aepdu.dll0
    Faulting application path: rundll32.exe_aepdu.dll1
    Faulting module path: rundll32.exe_aepdu.dll2
    Report Id: rundll32.exe_aepdu.dll3
    Faulting package full name: rundll32.exe_aepdu.dll4
    Faulting package-relative application ID: rundll32.exe_aepdu.dll5

    Error: (12/27/2014 08:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x000617b0
    Faulting process id: 0x4024
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (12/27/2014 08:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a7a4
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x000617b0
    Faulting process id: 0x46e4
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (12/27/2014 08:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x000617b0
    Faulting process id: 0x6524
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (12/27/2014 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x000617b0
    Faulting process id: 0x170c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    System errors:
    =============
    Error: (12/27/2014 09:29:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Error: (12/27/2014 07:46:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (12/27/2014 07:46:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (12/27/2014 04:53:38 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Assistant Service service failed to start due to the following error:
    %%19

    Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Print Spooler service failed to start due to the following error:
    %%1069

    Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
    %%50

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Apple Mobile Device service failed to start due to the following error:
    %%109

    Error: (12/27/2014 04:52:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (12/27/2014 04:52:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Microsoft Office Sessions:
    =========================
    Error: (12/28/2014 11:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE10.0.9200.17183546ebc2aunknown0.0.0.000000000c0000005009efb2814a401d022b4dc93d185C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown012e5071-8eb7-11e4-bec6-0c84dc3bd976

    Error: (12/28/2014 09:48:26 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8

    Error: (12/28/2014 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

    Error: (12/28/2014 03:00:45 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

    Error: (12/28/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1ea2401d0227ca9bff203C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllf5893267-8e6f-11e4-bec6-0c84dc3bd976

    Error: (12/28/2014 01:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e155c01d0226d5f27cfaaC:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllc9b70069-8e60-11e4-bec6-0c84dc3bd976

    Error: (12/27/2014 08:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0402401d022499727e429C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld568f9c1-8e3c-11e4-bec5-0c84dc3bd976

    Error: (12/27/2014 08:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe10.0.9200.171835010a7a4ntdll.dll6.2.9200.1704653b485c4c0000005000617b046e401d0224812aa4545C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll52bbf790-8e3b-11e4-bec5-0c84dc3bd976

    Error: (12/27/2014 08:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0652401d02246acbe3674C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlledc5ad37-8e39-11e4-bec5-0c84dc3bd976

    Error: (12/27/2014 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0170c01d022469a5a2cf4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld898a9ae-8e39-11e4-bec5-0c84dc3bd976

    CodeIntegrity Errors:
    ===================================
      Date: 2014-07-02 16:03:45.621
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-07-02 16:03:45.590
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-17 08:12:37.871
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-17 08:12:37.840
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-04-30 16:32:03.045
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
    Percentage of memory in use: 17%
    Total physical RAM: 12207.45 MB
    Available physical RAM: 10055.18 MB
    Total Pagefile: 12607.45 MB
    Available Pagefile: 10483.56 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1843.23 GB) (Free:1789.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
    Ran by l (administrator) on PURPLE on 28-12-2014 11:29:15
    Running from C:\Users\l\Desktop
    Loaded Profile: l (Available profiles: l)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\windows\System32\dasHost.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\windows\System32\printfilterpipelinesvc.exe
    (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\windows\System32\hkcmd.exe
    (Intel Corporation) C:\windows\System32\igfxpers.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
    HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-20] (SUPERAntiSpyware)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
    Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
    Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\SysWow64\urlmon.dll (Microsoft Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725}: [NameServer] 208.67.220.220,208.67.222.222
    Tcpip\..\Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513}: [NameServer] 208.67.220.220,208.67.222.222

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.yahoo.co...t&type=avastbcl
    CHR StartupUrls: Default -> "https://www.yahoo.co...t&type=avastbcl"
    CHR DefaultSearchKeyword: Default -> www.yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo...&p={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
    CHR Profile: C:\Users\l\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
    CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
    CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
    CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
    CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
    CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-26] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
    R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
    R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
    U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
    R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
    U4 BthAvrcpTg; No ImagePath
    U4 BthHFEnum; No ImagePath
    U4 bthhfhid; No ImagePath
    R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
    R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-28 11:29 - 2014-12-28 11:29 - 00018753 _____ () C:\Users\l\Desktop\FRST.txt
    2014-12-27 21:03 - 2014-12-27 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-27 21:02 - 2014-12-27 21:14 - 00000000 ____D () C:\Users\l\Desktop\mbar
    2014-12-27 21:01 - 2014-12-27 21:01 - 16448208 _____ (Malwarebytes Corp.) C:\Users\l\Downloads\mbar-1.08.2.1001.exe
    2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (5).txt
    2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (4).txt
    2014-12-26 21:07 - 2014-12-26 21:08 - 11906416 _____ (OPSWAT, Inc.) C:\Users\l\Desktop\AppRemover.exe
    2014-12-26 09:25 - 2014-12-26 09:25 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2014-12-26 09:24 - 2014-12-26 20:56 - 00000000 ___HD () C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
    2014-12-25 19:18 - 2014-12-25 22:04 - 00000000 ____D () C:\ProgramData\FitbitConnect
    2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
    2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
    2014-12-25 19:16 - 2014-12-25 19:17 - 32688488 _____ (Fitbit Inc.) C:\Users\l\Downloads\FitbitConnect_Win_20141107_2.0.0.6512.exe
    2014-12-25 11:37 - 2014-12-25 11:37 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist.txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (3).txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (2).txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (1).txt
    2014-12-21 12:19 - 2014-12-21 12:19 - 02173952 _____ () C:\Users\l\Downloads\AdwCleaner.exe
    2014-12-21 08:56 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\l\Documents\e-Sword
    2014-12-21 08:49 - 2014-12-21 08:49 - 00000000 ____D () C:\windows\Minidump
    2014-12-20 12:26 - 2014-12-27 22:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-20 12:26 - 2014-12-27 21:02 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-20 12:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-12-20 12:13 - 2014-12-20 12:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-20 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-12-20 12:11 - 2014-12-20 12:13 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2014-12-20 12:10 - 2014-12-28 11:29 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
    2014-12-20 12:01 - 2014-12-20 12:03 - 00024064 ___SH () C:\Users\l\Documents\Thumbs.db
    2014-12-16 21:02 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
    2014-12-16 21:02 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
    2014-12-16 20:26 - 2014-12-16 20:26 - 00000198 _____ () C:\Users\l\Desktop\Arthritis of the Shoulder-OrthoInfo - AAOS.url
    2014-12-14 18:12 - 2014-12-16 20:16 - 00000635 _____ () C:\Users\l\Desktop\calculator online -.website
    2014-12-14 17:24 - 2014-12-14 22:07 - 00026624 _____ () C:\Users\l\Desktop\mileage.xls
    2014-12-11 13:22 - 2014-09-20 15:30 - 02412784 _____ () C:\Users\l\Documents\Cooking and Eating for One Person.pptx
    2014-12-11 13:19 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
    2014-12-11 13:19 - 2014-12-11 13:19 - 00001912 _____ () C:\Users\Public\Desktop\e-Sword.lnk
    2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\l\AppData\Local\Downloaded Installations
    2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Program Files (x86)\e-Sword
    2014-12-11 06:55 - 2014-12-12 00:32 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-10 06:47 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
    2014-12-10 06:47 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
    2014-12-10 06:47 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
    2014-12-10 06:47 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
    2014-12-10 06:47 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-10 03:24 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-10 03:24 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-10 03:24 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-10 03:24 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-10 03:24 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2014-12-10 03:24 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-12-10 03:24 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-10 03:24 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-10 03:24 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-12-10 03:24 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-12-10 03:24 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-12-10 03:24 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
    2014-12-10 03:24 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-10 03:24 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 03:24 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-12-10 03:24 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-12-10 03:24 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
    2014-12-10 03:24 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
    2014-12-10 03:24 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
    2014-12-10 03:24 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
    2014-12-10 03:24 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
    2014-12-10 03:23 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-12-10 03:23 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2014-12-07 17:12 - 2014-12-14 17:05 - 00000000 ____D () C:\Users\l\Desktop\stuff
    2014-12-06 10:06 - 2014-12-06 10:06 - 08539604 _____ () C:\Users\l\Documents\Nutrition Focused Physical Exam-FINAL.pptx
    2014-12-06 10:05 - 2014-12-06 10:05 - 01685515 _____ () C:\Users\l\Documents\Health Care System and Malnutrition.pptx
    2014-12-02 19:32 - 2014-12-27 22:45 - 00000000 ___RD () C:\Users\l\iCloudDrive
    2014-12-02 19:32 - 2014-12-21 14:28 - 00000000 ____D () C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod
    2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\Documents\Outlook Files
    2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Inc

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-28 11:29 - 2014-06-30 07:22 - 00000000 ____D () C:\FRST
    2014-12-28 11:29 - 2014-06-30 07:21 - 02123264 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
    2014-12-28 11:29 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
    2014-12-28 11:02 - 2014-04-19 09:14 - 01103116 _____ () C:\windows\WindowsUpdate.log
    2014-12-28 11:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
    2014-12-28 10:32 - 2014-04-27 08:23 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-28 08:37 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\VirtualStore
    2014-12-28 06:45 - 2014-07-03 14:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-27 22:56 - 2014-11-12 22:15 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple
    2014-12-27 22:54 - 2014-04-19 09:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
    2014-12-27 22:45 - 2014-04-27 08:23 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-27 22:45 - 2013-07-17 11:49 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
    2014-12-27 22:15 - 2012-07-26 01:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-27 22:13 - 2013-03-22 11:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
    2014-12-27 22:10 - 2013-07-17 11:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
    2014-12-27 22:10 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-27 21:29 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-12-27 16:54 - 2014-04-27 08:41 - 00371200 ___SH () C:\Users\l\Desktop\Thumbs.db
    2014-12-27 16:53 - 2012-08-10 17:49 - 00407584 _____ () C:\windows\PFRO.log
    2014-12-26 20:56 - 2014-07-28 08:16 - 00000330 _____ () C:\windows\Tasks\HPCeeScheduleForl.job
    2014-12-26 09:25 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\migwiz
    2014-12-25 14:34 - 2014-07-28 08:16 - 00003136 _____ () C:\windows\System32\Tasks\HPCeeScheduleForl
    2014-12-25 14:34 - 2014-04-19 09:13 - 00000000 ____D () C:\Users\l
    2014-12-23 04:13 - 2014-04-20 16:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-12-21 14:33 - 2014-04-30 15:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
    2014-12-21 14:32 - 2014-04-30 15:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-12-21 12:25 - 2014-06-11 10:00 - 00000000 ____D () C:\AdwCleaner
    2014-12-21 08:49 - 2014-04-19 10:47 - 00124196 ____N () C:\windows\Minidump\122114-25453-01.dmp
    2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Users\l\AppData\Roaming\Malwarebytes
    2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-12-20 12:10 - 2014-07-11 18:42 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2014-12-17 16:32 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Roaming\Apple Computer
    2014-12-16 21:38 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
    2014-12-14 17:13 - 2012-07-26 01:21 - 00818283 _____ () C:\windows\setupact.log
    2014-12-12 22:11 - 2012-08-10 18:49 - 00000000 ____D () C:\windows\Panther
    2014-12-12 19:32 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
    2014-12-12 11:32 - 2014-04-30 15:40 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-12 07:00 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
    2014-12-12 00:32 - 2014-11-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-12-12 00:32 - 2014-11-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-12-12 00:32 - 2014-11-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-12-12 00:32 - 2014-11-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-12-12 00:32 - 2014-10-28 15:16 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
    2014-12-12 00:32 - 2014-07-12 10:26 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-12 00:32 - 2014-07-06 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-12 00:32 - 2014-07-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-12-12 00:32 - 2014-04-30 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-12-12 00:32 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-12-12 00:32 - 2014-04-19 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
    2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-12-12 00:32 - 2013-07-17 11:45 - 00000000 ____D () C:\windows\en
    2014-12-12 00:32 - 2013-07-17 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
    2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
    2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-12 00:32 - 2013-07-17 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2014-12-12 00:32 - 2013-07-17 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
    2014-12-12 00:32 - 2013-07-17 11:27 - 00000000 ____D () C:\Program Files\Intel
    2014-12-12 00:32 - 2013-07-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Intel
    2014-12-12 00:32 - 2012-08-10 17:52 - 00000000 ____D () C:\ProgramData\PRICache
    2014-12-12 00:32 - 2012-07-26 02:18 - 00000000 ____D () C:\windows\DigitalLocker
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files\Windows Sidebar
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files (x86)\Windows Sidebar
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\spool
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\Recovery
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\NDF
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\MUI
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\Help
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AppCompat
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\WCN
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\sysprep
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\system32\WCN
    2014-12-12 00:32 - 2012-07-25 23:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
    2014-12-12 00:15 - 2014-09-10 19:10 - 00000000 __SHD () C:\Recovery
    2014-12-11 22:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-12-11 22:02 - 2012-07-26 02:13 - 00006020 _____ () C:\windows\DtcInstall.log
    2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagwrn.xml
    2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagerr.xml
    2014-12-11 21:44 - 2012-08-10 17:56 - 00013398 _____ () C:\windows\iis.log
    2014-12-11 21:43 - 2014-09-03 09:49 - 00003145 _____ () C:\windows\comsetup.log
    2014-12-11 21:43 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
    2014-12-11 15:45 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2014-12-11 14:59 - 2014-10-16 16:24 - 00437360 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-12-11 07:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
    2014-12-11 07:03 - 2014-06-10 07:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-11 06:55 - 2012-07-26 02:12 - 00000000 ___RD () C:\windows\ToastData
    2014-12-10 06:49 - 2014-04-20 17:10 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-10 06:47 - 2014-04-20 17:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-12-02 19:31 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Computer
    2014-11-29 17:05 - 2014-11-04 12:01 - 00000000 ____D () C:\Users\l\AppData\Local\Windows Live

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-20 03:00

    ==================== End Of Log ============================



    #28 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 28 December 2014 - 12:46 PM

    On your desktop, delete any and all previous FIXLIST files

     

    I am attaching a new one because I still see Norton running as a task, save the new Fixlist file to your desktop , then open FRST and click on Fix, after it reboots post the Fixlog please

     

     

     

    Then I would like you to do this

     

    1. Turn off your computer
    2. Turn off your  router by unplugging the power cord on the back of the unit
    3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit
     
            Leave everything off for about 5 minutes, this lets it all reset 
     
    Then
     
    1. Plug in your Cable / DSL modem and wait until all the lights come back on
    2. Now do the same thing with your router
    3. Turn your computer back on and see if it made a difference

     

     

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #29 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 28 December 2014 - 07:00 PM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
    Ran by l at 2014-12-28 17:05:02 Run:6
    Running from C:\Users\l\Desktop
    Loaded Profile: l (Available profiles: l)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
    C:\Program Files (x86)\Norton Internet Security
    2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (5).txt
    2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (4).txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (3).txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (2).txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (1).txt
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93F90927-ED8B-437F-81BA-5C40E6C2E4E4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93F90927-ED8B-437F-81BA-5C40E6C2E4E4}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.
    "C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
    C:\Users\l\Downloads\Fixlist (5).txt => Moved successfully.
    C:\Users\l\Downloads\Fixlist (4).txt => Moved successfully.
    C:\Users\l\Downloads\Fixlist (3).txt => Moved successfully.
    C:\Users\l\Downloads\Fixlist (2).txt => Moved successfully.
    C:\Users\l\Downloads\Fixlist (1).txt => Moved successfully.

    =========  ipconfig /flushdns =========

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1.4 GB temporary data.

    The system needed a reboot.

    ==== End of Fixlog 17:09:50 ====



    #30 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 28 December 2014 - 07:00 PM

    IT runs okay but I still can't download any files of any kind.


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users