WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Blocked from internet, popups, redirects [Solved]

Started by wilma1313 , Dec 21 2014 09:25 AM

This topic is locked

35 replies to this topic

#16 wilma1313

Silver Member

Authentic Member
386 posts

Posted 26 December 2014 - 09:04 PM

I have removed Norton so many times I could scream. I do not understand how it keeps getting on here. MBAM just picked up more yuck.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/26/2014
Scan Time: 8:47:17 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.01
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: l

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340705
Time Elapsed: 5 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\CLSID\{A9F56A45-9E88-4BA0-8B81-F7130C2C2C16}, Quarantined, [8449b6b10f6d39fd02ce35c6f50ceb15],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.FakeMS, C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}\keymgr.dll, Delete-on-Reboot, [8449b6b10f6d39fd02ce35c6f50ceb15],

Physical Sectors: 0
(No malicious items detected)

(end)

Advertisements

Register to Remove

#17 wilma1313

Silver Member

Authentic Member
386 posts

Posted 26 December 2014 - 09:13 PM

app remover doesn't work anything like your directions on my machine. My only option is to check the agree to terms button and run. The only app it says I have is malwarebytes.

#18 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 December 2014 - 05:38 AM

Looking over your log again it looks like Norton is gone, just the toolbar is leftover

Attaching a new fixlist that will remove that toolbar, download it to the same directory as FRST , then open FRST and click on Fix

Post the Fixlog and let me know how your system is behaving now ??

Attached Files

Fixlist.txt 163bytes 179 downloads

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#19 wilma1313

Silver Member

Authentic Member
386 posts

Posted 27 December 2014 - 04:50 PM

I can't download anything from IE. that started when all this other stuff did. Computer is running ok, but I get frequent messages that avast is blocking bad files. that also started when the other problems did.

#20 wilma1313

Silver Member

Authentic Member
386 posts

Posted 27 December 2014 - 05:00 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014
Ran by l at 2014-12-27 16:52:26 Run:5
Running from C:\Users\l\Desktop
Loaded Profile: l (Available profiles: l)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
EmptyTemp: => Removed 779.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:52:46 ====

#21 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 December 2014 - 05:02 PM

We crossed post

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#22 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 December 2014 - 05:05 PM

Please download Malwarebytes Anti-Rootkit from Here

Unzip the contents to a folder in a convenient location.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#23 wilma1313

Silver Member

Authentic Member
386 posts

Posted 27 December 2014 - 09:16 PM

No cleanup needed, nothing found. Unfortunately I'm starting to be blocked from internet on both IE and Chrome and I'm getting a screen that has a button to diagnose the problem pretending to to HP. The spelling errors in the directions give them away, not that I would press that button anyway. I had to restart the computer to access the internet.

#24 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 December 2014 - 07:06 AM

When your up and running run this free online virus scanner from ESET

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

Click the

button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on

to download the ESET Smart Installer. Save it to your desktop.

Double click on the

icon on your desktop.

Check

Click the

button.

Accept any security warnings from your browser.

Check

Make sure that the option "Remove found threats" is Unchecked

Push the Start button.

ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Push

, and save the file to your desktop using a unique name, such as

ESETScan. Include the contents of this report in your next reply.

Push the

button.

Push

Please make sure you include the following items in your next post:

The log that was produced after running ESET Online Scanner.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#25 wilma1313

Silver Member

Authentic Member
386 posts

Posted 28 December 2014 - 09:26 AM

NO threats, I don't get it.

Advertisements

Register to Remove

#26 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 December 2014 - 09:30 AM

Run a new scan with FRST, .checkmark additions and let me take another look

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#27 wilma1313

Silver Member

Authentic Member
386 posts

Posted 28 December 2014 - 11:34 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by l at 2014-12-28 11:29:34
Running from C:\Users\l\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File

==================== Restore Points =========================

16-12-2014 21:38:23 Windows Update
20-12-2014 12:40:31 Tweaking.com - Windows Repair
25-12-2014 19:17:34 Installed Fitbit Connect

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 23:26 - 2014-12-25 11:32 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D1AEA2-D3E6-4F83-89FB-179CA941DD49} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2074D266-16EF-443D-A537-7A04FA26D2C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5285A5FC-9C0B-4B05-80AA-C7B537CDDB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {7232C45B-0F67-4FC3-B0AC-ED65D5414393} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {784C093C-5ABC-43A6-B057-D2206F601A9E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {A981E902-DD74-4A81-8E7D-2A8244462A56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {ABF63472-5283-4426-9A52-ED29E942ED06} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {CDDD90BD-9075-4B36-A9CB-74B048D77D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {D1329C4C-E6B3-4C12-86AB-E55904951995} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {DEA98902-9691-4764-AE5C-C7987CD0003C} - System32\Tasks\HPCeeScheduleForl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-05-04 15:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2014-11-19 13:56 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-28 04:12 - 2014-12-28 04:12 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122800\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
2013-03-22 11:06 - 2013-03-22 11:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-07-17 11:27 - 2013-01-23 17:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2014-11-22 19:44 - 2014-11-22 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-17 11:33 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2497467096-1107912187-4260812050-500 - Administrator - Disabled)
Guest (S-1-5-21-2497467096-1107912187-4260812050-501 - Limited - Disabled)
l (S-1-5-21-2497467096-1107912187-4260812050-1001 - Administrator - Enabled) => C:\Users\l

==================== Faulty Device Manager Devices =============

Name: Garmin USB GPS
Description: Garmin USB GPS
Class Guid: {a12a4c5a-e1a3-4151-9927-7f724ca5dc92}
Manufacturer: Garmin
Service: grmnusb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 11:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x009efb28
Faulting process id: 0x14a4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/28/2014 09:48:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (12/28/2014 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (12/28/2014 03:00:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (12/28/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0xa24
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (12/28/2014 01:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0x155c
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (12/27/2014 08:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x4024
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (12/27/2014 08:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a7a4
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x46e4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (12/27/2014 08:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x6524
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (12/27/2014 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x170c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (12/27/2014 09:29:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/27/2014 07:46:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (12/27/2014 04:53:38 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%19

Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%109

Error: (12/27/2014 04:52:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/27/2014 04:52:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (12/28/2014 11:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2aunknown0.0.0.000000000c0000005009efb2814a401d022b4dc93d185C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown012e5071-8eb7-11e4-bec6-0c84dc3bd976

Error: (12/28/2014 09:48:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (12/28/2014 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (12/28/2014 03:00:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/28/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1ea2401d0227ca9bff203C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllf5893267-8e6f-11e4-bec6-0c84dc3bd976

Error: (12/28/2014 01:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e155c01d0226d5f27cfaaC:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllc9b70069-8e60-11e4-bec6-0c84dc3bd976

Error: (12/27/2014 08:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0402401d022499727e429C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld568f9c1-8e3c-11e4-bec5-0c84dc3bd976

Error: (12/27/2014 08:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.171835010a7a4ntdll.dll6.2.9200.1704653b485c4c0000005000617b046e401d0224812aa4545C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll52bbf790-8e3b-11e4-bec5-0c84dc3bd976

Error: (12/27/2014 08:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0652401d02246acbe3674C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlledc5ad37-8e39-11e4-bec5-0c84dc3bd976

Error: (12/27/2014 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0170c01d022469a5a2cf4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld898a9ae-8e39-11e4-bec5-0c84dc3bd976

CodeIntegrity Errors:
===================================
Date: 2014-07-02 16:03:45.621
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-02 16:03:45.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-17 08:12:37.871
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-17 08:12:37.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-30 16:32:03.045
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 17%
Total physical RAM: 12207.45 MB
Available physical RAM: 10055.18 MB
Total Pagefile: 12607.45 MB
Available Pagefile: 10483.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1843.23 GB) (Free:1789.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by l (administrator) on PURPLE on 28-12-2014 11:29:15
Running from C:\Users\l\Desktop
Loaded Profile: l (Available profiles: l)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\windows\System32\dasHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\windows\System32\printfilterpipelinesvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-20] (SUPERAntiSpyware)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\SysWow64\urlmon.dll (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513}: [NameServer] 208.67.220.220,208.67.222.222

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: Default -> "https://www.yahoo.co...t&type=avastbcl"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo...&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
CHR Profile: C:\Users\l\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-26] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 11:29 - 2014-12-28 11:29 - 00018753 _____ () C:\Users\l\Desktop\FRST.txt
2014-12-27 21:03 - 2014-12-27 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-27 21:02 - 2014-12-27 21:14 - 00000000 ____D () C:\Users\l\Desktop\mbar
2014-12-27 21:01 - 2014-12-27 21:01 - 16448208 _____ (Malwarebytes Corp.) C:\Users\l\Downloads\mbar-1.08.2.1001.exe
2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (5).txt
2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (4).txt
2014-12-26 21:07 - 2014-12-26 21:08 - 11906416 _____ (OPSWAT, Inc.) C:\Users\l\Desktop\AppRemover.exe
2014-12-26 09:25 - 2014-12-26 09:25 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-12-26 09:24 - 2014-12-26 20:56 - 00000000 ___HD () C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
2014-12-25 19:18 - 2014-12-25 22:04 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2014-12-25 19:16 - 2014-12-25 19:17 - 32688488 _____ (Fitbit Inc.) C:\Users\l\Downloads\FitbitConnect_Win_20141107_2.0.0.6512.exe
2014-12-25 11:37 - 2014-12-25 11:37 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist.txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (3).txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (2).txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (1).txt
2014-12-21 12:19 - 2014-12-21 12:19 - 02173952 _____ () C:\Users\l\Downloads\AdwCleaner.exe
2014-12-21 08:56 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\l\Documents\e-Sword
2014-12-21 08:49 - 2014-12-21 08:49 - 00000000 ____D () C:\windows\Minidump
2014-12-20 12:26 - 2014-12-27 22:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 12:26 - 2014-12-27 21:02 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-20 12:13 - 2014-12-20 12:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-20 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-20 12:11 - 2014-12-20 12:13 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-20 12:10 - 2014-12-28 11:29 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
2014-12-20 12:01 - 2014-12-20 12:03 - 00024064 ___SH () C:\Users\l\Documents\Thumbs.db
2014-12-16 21:02 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-12-16 21:02 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-12-16 20:26 - 2014-12-16 20:26 - 00000198 _____ () C:\Users\l\Desktop\Arthritis of the Shoulder-OrthoInfo - AAOS.url
2014-12-14 18:12 - 2014-12-16 20:16 - 00000635 _____ () C:\Users\l\Desktop\calculator online -.website
2014-12-14 17:24 - 2014-12-14 22:07 - 00026624 _____ () C:\Users\l\Desktop\mileage.xls
2014-12-11 13:22 - 2014-09-20 15:30 - 02412784 _____ () C:\Users\l\Documents\Cooking and Eating for One Person.pptx
2014-12-11 13:19 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2014-12-11 13:19 - 2014-12-11 13:19 - 00001912 _____ () C:\Users\Public\Desktop\e-Sword.lnk
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\l\AppData\Local\Downloaded Installations
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Program Files (x86)\e-Sword
2014-12-11 06:55 - 2014-12-12 00:32 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 06:47 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-10 06:47 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-10 06:47 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 03:24 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 03:24 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 03:24 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 03:24 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 03:24 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 03:24 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-10 03:24 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 03:24 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 03:24 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-10 03:24 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-10 03:24 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-10 03:24 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-10 03:24 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 03:23 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 03:23 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-07 17:12 - 2014-12-14 17:05 - 00000000 ____D () C:\Users\l\Desktop\stuff
2014-12-06 10:06 - 2014-12-06 10:06 - 08539604 _____ () C:\Users\l\Documents\Nutrition Focused Physical Exam-FINAL.pptx
2014-12-06 10:05 - 2014-12-06 10:05 - 01685515 _____ () C:\Users\l\Documents\Health Care System and Malnutrition.pptx
2014-12-02 19:32 - 2014-12-27 22:45 - 00000000 ___RD () C:\Users\l\iCloudDrive
2014-12-02 19:32 - 2014-12-21 14:28 - 00000000 ____D () C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\Documents\Outlook Files
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Inc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 11:29 - 2014-06-30 07:22 - 00000000 ____D () C:\FRST
2014-12-28 11:29 - 2014-06-30 07:21 - 02123264 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-12-28 11:29 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
2014-12-28 11:02 - 2014-04-19 09:14 - 01103116 _____ () C:\windows\WindowsUpdate.log
2014-12-28 11:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-28 10:32 - 2014-04-27 08:23 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 08:37 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\VirtualStore
2014-12-28 06:45 - 2014-07-03 14:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-27 22:56 - 2014-11-12 22:15 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple
2014-12-27 22:54 - 2014-04-19 09:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
2014-12-27 22:45 - 2014-04-27 08:23 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 22:45 - 2013-07-17 11:49 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-12-27 22:15 - 2012-07-26 01:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-27 22:13 - 2013-03-22 11:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
2014-12-27 22:10 - 2013-07-17 11:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-12-27 22:10 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-27 21:29 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-27 16:54 - 2014-04-27 08:41 - 00371200 ___SH () C:\Users\l\Desktop\Thumbs.db
2014-12-27 16:53 - 2012-08-10 17:49 - 00407584 _____ () C:\windows\PFRO.log
2014-12-26 20:56 - 2014-07-28 08:16 - 00000330 _____ () C:\windows\Tasks\HPCeeScheduleForl.job
2014-12-26 09:25 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-25 14:34 - 2014-07-28 08:16 - 00003136 _____ () C:\windows\System32\Tasks\HPCeeScheduleForl
2014-12-25 14:34 - 2014-04-19 09:13 - 00000000 ____D () C:\Users\l
2014-12-23 04:13 - 2014-04-20 16:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-21 14:33 - 2014-04-30 15:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-21 14:32 - 2014-04-30 15:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-21 12:25 - 2014-06-11 10:00 - 00000000 ____D () C:\AdwCleaner
2014-12-21 08:49 - 2014-04-19 10:47 - 00124196 ____N () C:\windows\Minidump\122114-25453-01.dmp
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Users\l\AppData\Roaming\Malwarebytes
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-20 12:10 - 2014-07-11 18:42 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-17 16:32 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Roaming\Apple Computer
2014-12-16 21:38 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-14 17:13 - 2012-07-26 01:21 - 00818283 _____ () C:\windows\setupact.log
2014-12-12 22:11 - 2012-08-10 18:49 - 00000000 ____D () C:\windows\Panther
2014-12-12 19:32 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
2014-12-12 11:32 - 2014-04-30 15:40 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 07:00 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-12 00:32 - 2014-11-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-12 00:32 - 2014-11-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-12 00:32 - 2014-11-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-12 00:32 - 2014-11-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-12 00:32 - 2014-10-28 15:16 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-12-12 00:32 - 2014-07-12 10:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 00:32 - 2014-07-06 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 00:32 - 2014-07-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-12 00:32 - 2014-04-30 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-12 00:32 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-12 00:32 - 2014-04-19 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-12 00:32 - 2013-07-17 11:45 - 00000000 ____D () C:\windows\en
2014-12-12 00:32 - 2013-07-17 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-12 00:32 - 2013-07-17 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-12 00:32 - 2013-07-17 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-12 00:32 - 2013-07-17 11:27 - 00000000 ____D () C:\Program Files\Intel
2014-12-12 00:32 - 2013-07-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-12 00:32 - 2012-08-10 17:52 - 00000000 ____D () C:\ProgramData\PRICache
2014-12-12 00:32 - 2012-07-26 02:18 - 00000000 ____D () C:\windows\DigitalLocker
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files (x86)\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\spool
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\Recovery
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\NDF
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\Help
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AppCompat
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\system32\WCN
2014-12-12 00:32 - 2012-07-25 23:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
2014-12-12 00:15 - 2014-09-10 19:10 - 00000000 __SHD () C:\Recovery
2014-12-11 22:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-11 22:02 - 2012-07-26 02:13 - 00006020 _____ () C:\windows\DtcInstall.log
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagwrn.xml
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagerr.xml
2014-12-11 21:44 - 2012-08-10 17:56 - 00013398 _____ () C:\windows\iis.log
2014-12-11 21:43 - 2014-09-03 09:49 - 00003145 _____ () C:\windows\comsetup.log
2014-12-11 21:43 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
2014-12-11 15:45 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-11 14:59 - 2014-10-16 16:24 - 00437360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-11 07:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
2014-12-11 07:03 - 2014-06-10 07:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 06:55 - 2012-07-26 02:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-10 06:49 - 2014-04-20 17:10 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 06:47 - 2014-04-20 17:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-02 19:31 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Computer
2014-11-29 17:05 - 2014-11-04 12:01 - 00000000 ____D () C:\Users\l\AppData\Local\Windows Live

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-20 03:00

==================== End Of Log ============================

#28 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 December 2014 - 12:46 PM

On your desktop, delete any and all previous FIXLIST files

I am attaching a new one because I still see Norton running as a task, save the new Fixlist file to your desktop , then open FRST and click on Fix, after it reboots post the Fixlog please

Then I would like you to do this

1. Turn off your computer

2. Turn off your router by unplugging the power cord on the back of the unit

3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit

Leave everything off for about 5 minutes, this lets it all reset

Then

1. Plug in your Cable / DSL modem and wait until all the lights come back on

2. Now do the same thing with your router

3. Turn your computer back on and see if it made a difference

Attached Files

Fixlist.txt 757bytes 176 downloads

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#29 wilma1313

Silver Member

Authentic Member
386 posts

Posted 28 December 2014 - 07:00 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by l at 2014-12-28 17:05:02 Run:6
Running from C:\Users\l\Desktop
Loaded Profile: l (Available profiles: l)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
C:\Program Files (x86)\Norton Internet Security
2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (5).txt
2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (4).txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (3).txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (2).txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (1).txt
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93F90927-ED8B-437F-81BA-5C40E6C2E4E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93F90927-ED8B-437F-81BA-5C40E6C2E4E4}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
C:\Users\l\Downloads\Fixlist (5).txt => Moved successfully.
C:\Users\l\Downloads\Fixlist (4).txt => Moved successfully.
C:\Users\l\Downloads\Fixlist (3).txt => Moved successfully.
C:\Users\l\Downloads\Fixlist (2).txt => Moved successfully.
C:\Users\l\Downloads\Fixlist (1).txt => Moved successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 17:09:50 ====

#30 wilma1313

Silver Member

Authentic Member
386 posts

Posted 28 December 2014 - 07:00 PM

IT runs okay but I still can't download any files of any kind.

Body Background

skin color theme

Blocked from internet, popups, redirects [Solved]

#16 wilma1313

Advertisements

Register to Remove

#17 wilma1313

#18 ken545

Attached Files

#19 wilma1313

#20 wilma1313

#21 ken545

#22 ken545

#23 wilma1313

#24 ken545

#25 wilma1313

Advertisements

Register to Remove

#26 ken545

#27 wilma1313

#28 ken545

Attached Files

#29 wilma1313

#30 wilma1313

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Blocked from internet, popups, redirects [Solved]

#16 wilma1313

Advertisements Register to Remove

#17 wilma1313

#18 ken545

Attached Files

#19 wilma1313

#20 wilma1313

#21 ken545

#22 ken545

#23 wilma1313

#24 ken545

#25 wilma1313

Advertisements Register to Remove

#26 ken545

#27 wilma1313

#28 ken545

Attached Files

#29 wilma1313

#30 wilma1313

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove