Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by l at 2014-12-28 11:29:34
Running from C:\Users\l\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
==================== Restore Points =========================
16-12-2014 21:38:23 Windows Update
20-12-2014 12:40:31 Tweaking.com - Windows Repair
25-12-2014 19:17:34 Installed Fitbit Connect
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 23:26 - 2014-12-25 11:32 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01D1AEA2-D3E6-4F83-89FB-179CA941DD49} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2074D266-16EF-443D-A537-7A04FA26D2C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5285A5FC-9C0B-4B05-80AA-C7B537CDDB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {7232C45B-0F67-4FC3-B0AC-ED65D5414393} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {784C093C-5ABC-43A6-B057-D2206F601A9E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {A981E902-DD74-4A81-8E7D-2A8244462A56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {ABF63472-5283-4426-9A52-ED29E942ED06} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {CDDD90BD-9075-4B36-A9CB-74B048D77D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {D1329C4C-E6B3-4C12-86AB-E55904951995} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {DEA98902-9691-4764-AE5C-C7987CD0003C} - System32\Tasks\HPCeeScheduleForl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2014-05-04 15:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2014-11-19 13:56 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-28 04:12 - 2014-12-28 04:12 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122800\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
2013-03-22 11:06 - 2013-03-22 11:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-07-17 11:27 - 2013-01-23 17:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2014-11-22 19:44 - 2014-11-22 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-17 11:33 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2497467096-1107912187-4260812050-500 - Administrator - Disabled)
Guest (S-1-5-21-2497467096-1107912187-4260812050-501 - Limited - Disabled)
l (S-1-5-21-2497467096-1107912187-4260812050-1001 - Administrator - Enabled) => C:\Users\l
==================== Faulty Device Manager Devices =============
Name: Garmin USB GPS
Description: Garmin USB GPS
Class Guid: {a12a4c5a-e1a3-4151-9927-7f724ca5dc92}
Manufacturer: Garmin
Service: grmnusb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/28/2014 11:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x009efb28
Faulting process id: 0x14a4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
Error: (12/28/2014 09:48:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (12/28/2014 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (12/28/2014 03:00:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (12/28/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0xa24
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5
Error: (12/28/2014 01:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0x155c
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5
Error: (12/27/2014 08:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x4024
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (12/27/2014 08:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a7a4
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x46e4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (12/27/2014 08:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x6524
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (12/27/2014 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109e4e
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000005
Fault offset: 0x000617b0
Faulting process id: 0x170c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
System errors:
=============
Error: (12/27/2014 09:29:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (12/27/2014 07:46:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (12/27/2014 07:46:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (12/27/2014 04:53:38 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%19
Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069
Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (12/27/2014 04:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%109
Error: (12/27/2014 04:52:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (12/27/2014 04:52:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (12/28/2014 11:28:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2aunknown0.0.0.000000000c0000005009efb2814a401d022b4dc93d185C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown012e5071-8eb7-11e4-bec6-0c84dc3bd976
Error: (12/28/2014 09:48:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (12/28/2014 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe
Error: (12/28/2014 03:00:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (12/28/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1ea2401d0227ca9bff203C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllf5893267-8e6f-11e4-bec6-0c84dc3bd976
Error: (12/28/2014 01:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e155c01d0226d5f27cfaaC:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllc9b70069-8e60-11e4-bec6-0c84dc3bd976
Error: (12/27/2014 08:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0402401d022499727e429C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld568f9c1-8e3c-11e4-bec5-0c84dc3bd976
Error: (12/27/2014 08:43:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.171835010a7a4ntdll.dll6.2.9200.1704653b485c4c0000005000617b046e401d0224812aa4545C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll52bbf790-8e3b-11e4-bec5-0c84dc3bd976
Error: (12/27/2014 08:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0652401d02246acbe3674C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlledc5ad37-8e39-11e4-bec5-0c84dc3bd976
Error: (12/27/2014 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1718350109e4entdll.dll6.2.9200.1704653b485c4c0000005000617b0170c01d022469a5a2cf4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld898a9ae-8e39-11e4-bec5-0c84dc3bd976
CodeIntegrity Errors:
===================================
Date: 2014-07-02 16:03:45.621
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-07-02 16:03:45.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-05-17 08:12:37.871
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-05-17 08:12:37.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-30 16:32:03.045
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 17%
Total physical RAM: 12207.45 MB
Available physical RAM: 10055.18 MB
Total Pagefile: 12607.45 MB
Available Pagefile: 10483.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1843.23 GB) (Free:1789.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)
Partition: GPT Partition Type.
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by l (administrator) on PURPLE on 28-12-2014 11:29:15
Running from C:\Users\l\Desktop
Loaded Profile: l (Available profiles: l)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\windows\System32\dasHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\windows\System32\printfilterpipelinesvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-20] (SUPERAntiSpyware)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\SysWow64\urlmon.dll (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513}: [NameServer] 208.67.220.220,208.67.222.222
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]
Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: Default -> "https://www.yahoo.co...t&type=avastbcl"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo...&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
CHR Profile: C:\Users\l\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-26] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-28 11:29 - 2014-12-28 11:29 - 00018753 _____ () C:\Users\l\Desktop\FRST.txt
2014-12-27 21:03 - 2014-12-27 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-27 21:02 - 2014-12-27 21:14 - 00000000 ____D () C:\Users\l\Desktop\mbar
2014-12-27 21:01 - 2014-12-27 21:01 - 16448208 _____ (Malwarebytes Corp.) C:\Users\l\Downloads\mbar-1.08.2.1001.exe
2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (5).txt
2014-12-27 16:51 - 2014-12-27 16:51 - 00000163 _____ () C:\Users\l\Downloads\Fixlist (4).txt
2014-12-26 21:07 - 2014-12-26 21:08 - 11906416 _____ (OPSWAT, Inc.) C:\Users\l\Desktop\AppRemover.exe
2014-12-26 09:25 - 2014-12-26 09:25 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-12-26 09:24 - 2014-12-26 20:56 - 00000000 ___HD () C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
2014-12-25 19:18 - 2014-12-25 22:04 - 00000000 ____D () C:\ProgramData\FitbitConnect
2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-25 19:18 - 2014-12-25 19:18 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2014-12-25 19:16 - 2014-12-25 19:17 - 32688488 _____ (Fitbit Inc.) C:\Users\l\Downloads\FitbitConnect_Win_20141107_2.0.0.6512.exe
2014-12-25 11:37 - 2014-12-25 11:37 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist.txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (3).txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (2).txt
2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (1).txt
2014-12-21 12:19 - 2014-12-21 12:19 - 02173952 _____ () C:\Users\l\Downloads\AdwCleaner.exe
2014-12-21 08:56 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\l\Documents\e-Sword
2014-12-21 08:49 - 2014-12-21 08:49 - 00000000 ____D () C:\windows\Minidump
2014-12-20 12:26 - 2014-12-27 22:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 12:26 - 2014-12-27 21:02 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-20 12:13 - 2014-12-20 12:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-20 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-20 12:11 - 2014-12-20 12:13 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-20 12:10 - 2014-12-28 11:29 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
2014-12-20 12:01 - 2014-12-20 12:03 - 00024064 ___SH () C:\Users\l\Documents\Thumbs.db
2014-12-16 21:02 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-12-16 21:02 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-12-16 20:26 - 2014-12-16 20:26 - 00000198 _____ () C:\Users\l\Desktop\Arthritis of the Shoulder-OrthoInfo - AAOS.url
2014-12-14 18:12 - 2014-12-16 20:16 - 00000635 _____ () C:\Users\l\Desktop\calculator online -.website
2014-12-14 17:24 - 2014-12-14 22:07 - 00026624 _____ () C:\Users\l\Desktop\mileage.xls
2014-12-11 13:22 - 2014-09-20 15:30 - 02412784 _____ () C:\Users\l\Documents\Cooking and Eating for One Person.pptx
2014-12-11 13:19 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2014-12-11 13:19 - 2014-12-11 13:19 - 00001912 _____ () C:\Users\Public\Desktop\e-Sword.lnk
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\l\AppData\Local\Downloaded Installations
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Program Files (x86)\e-Sword
2014-12-11 06:55 - 2014-12-12 00:32 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 06:47 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-10 06:47 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-10 06:47 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 03:24 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 03:24 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 03:24 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 03:24 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 03:24 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 03:24 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-10 03:24 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 03:24 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 03:24 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-10 03:24 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-10 03:24 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-10 03:24 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-10 03:24 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 03:23 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 03:23 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-07 17:12 - 2014-12-14 17:05 - 00000000 ____D () C:\Users\l\Desktop\stuff
2014-12-06 10:06 - 2014-12-06 10:06 - 08539604 _____ () C:\Users\l\Documents\Nutrition Focused Physical Exam-FINAL.pptx
2014-12-06 10:05 - 2014-12-06 10:05 - 01685515 _____ () C:\Users\l\Documents\Health Care System and Malnutrition.pptx
2014-12-02 19:32 - 2014-12-27 22:45 - 00000000 ___RD () C:\Users\l\iCloudDrive
2014-12-02 19:32 - 2014-12-21 14:28 - 00000000 ____D () C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\Documents\Outlook Files
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Inc
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-28 11:29 - 2014-06-30 07:22 - 00000000 ____D () C:\FRST
2014-12-28 11:29 - 2014-06-30 07:21 - 02123264 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-12-28 11:29 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
2014-12-28 11:02 - 2014-04-19 09:14 - 01103116 _____ () C:\windows\WindowsUpdate.log
2014-12-28 11:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-28 10:32 - 2014-04-27 08:23 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 08:37 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\VirtualStore
2014-12-28 06:45 - 2014-07-03 14:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-27 22:56 - 2014-11-12 22:15 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple
2014-12-27 22:54 - 2014-04-19 09:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
2014-12-27 22:45 - 2014-04-27 08:23 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 22:45 - 2013-07-17 11:49 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-12-27 22:15 - 2012-07-26 01:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-27 22:13 - 2013-03-22 11:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
2014-12-27 22:10 - 2013-07-17 11:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-12-27 22:10 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-27 21:29 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-27 16:54 - 2014-04-27 08:41 - 00371200 ___SH () C:\Users\l\Desktop\Thumbs.db
2014-12-27 16:53 - 2012-08-10 17:49 - 00407584 _____ () C:\windows\PFRO.log
2014-12-26 20:56 - 2014-07-28 08:16 - 00000330 _____ () C:\windows\Tasks\HPCeeScheduleForl.job
2014-12-26 09:25 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-25 14:34 - 2014-07-28 08:16 - 00003136 _____ () C:\windows\System32\Tasks\HPCeeScheduleForl
2014-12-25 14:34 - 2014-04-19 09:13 - 00000000 ____D () C:\Users\l
2014-12-23 04:13 - 2014-04-20 16:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-21 14:33 - 2014-04-30 15:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-21 14:32 - 2014-04-30 15:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-21 12:25 - 2014-06-11 10:00 - 00000000 ____D () C:\AdwCleaner
2014-12-21 08:49 - 2014-04-19 10:47 - 00124196 ____N () C:\windows\Minidump\122114-25453-01.dmp
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Users\l\AppData\Roaming\Malwarebytes
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-20 12:10 - 2014-07-11 18:42 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-17 16:32 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Roaming\Apple Computer
2014-12-16 21:38 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-14 17:13 - 2012-07-26 01:21 - 00818283 _____ () C:\windows\setupact.log
2014-12-12 22:11 - 2012-08-10 18:49 - 00000000 ____D () C:\windows\Panther
2014-12-12 19:32 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
2014-12-12 11:32 - 2014-04-30 15:40 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 07:00 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-12 00:32 - 2014-11-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-12 00:32 - 2014-11-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-12 00:32 - 2014-11-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-12 00:32 - 2014-11-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-12 00:32 - 2014-10-28 15:16 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-12-12 00:32 - 2014-07-12 10:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 00:32 - 2014-07-06 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 00:32 - 2014-07-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-12 00:32 - 2014-04-30 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-12 00:32 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-12 00:32 - 2014-04-19 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-12 00:32 - 2013-07-17 11:45 - 00000000 ____D () C:\windows\en
2014-12-12 00:32 - 2013-07-17 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-12 00:32 - 2013-07-17 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-12 00:32 - 2013-07-17 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-12 00:32 - 2013-07-17 11:27 - 00000000 ____D () C:\Program Files\Intel
2014-12-12 00:32 - 2013-07-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-12 00:32 - 2012-08-10 17:52 - 00000000 ____D () C:\ProgramData\PRICache
2014-12-12 00:32 - 2012-07-26 02:18 - 00000000 ____D () C:\windows\DigitalLocker
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files (x86)\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\spool
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\Recovery
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\NDF
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\Help
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AppCompat
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\system32\WCN
2014-12-12 00:32 - 2012-07-25 23:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
2014-12-12 00:15 - 2014-09-10 19:10 - 00000000 __SHD () C:\Recovery
2014-12-11 22:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-11 22:02 - 2012-07-26 02:13 - 00006020 _____ () C:\windows\DtcInstall.log
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagwrn.xml
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagerr.xml
2014-12-11 21:44 - 2012-08-10 17:56 - 00013398 _____ () C:\windows\iis.log
2014-12-11 21:43 - 2014-09-03 09:49 - 00003145 _____ () C:\windows\comsetup.log
2014-12-11 21:43 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
2014-12-11 15:45 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-11 14:59 - 2014-10-16 16:24 - 00437360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-11 07:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
2014-12-11 07:03 - 2014-06-10 07:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 06:55 - 2012-07-26 02:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-10 06:49 - 2014-04-20 17:10 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 06:47 - 2014-04-20 17:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-02 19:31 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Computer
2014-11-29 17:05 - 2014-11-04 12:01 - 00000000 ____D () C:\Users\l\AppData\Local\Windows Live
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-20 03:00
==================== End Of Log ============================