Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

What's going on with my computer?!


  • Please log in to reply

#1
BuddyMG

BuddyMG

    Member

  • Member
  • PipPip
  • 54 posts

A question if you have a moment - My computer is running quite slowing and I'm having trouble loading webpages. Is the trouble apparent from my OTL report? Do I have good malware security? I guess I had more than one question. Thank you! Here is OTL:

 

OTL logfile created on: 2/2/2015 5:07:08 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 47.77% Memory free
7.93 Gb Paging File | 5.20 Gb Available in Paging File | 65.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 420.32 Gb Free Space | 46.38% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/02 17:04:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.exe
PRC - [2015/01/26 14:06:46 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/26 11:31:24 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/01/24 15:45:55 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
PRC - [2014/11/16 14:06:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/05/20 14:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009/07/29 11:44:20 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2009/07/16 09:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/26 11:31:23 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2015/01/24 15:45:54 | 016,844,976 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
MOD - [2014/11/16 14:06:17 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2009/07/16 09:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2007/12/31 10:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/18 15:09:42 | 000,713,568 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/16 14:06:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/16 14:06:04 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2015/01/26 11:31:23 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/24 15:45:55 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/13 14:58:00 | 000,176,624 | ---- | M] (Coupons.com Inc.) [Auto | Running] -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe -- (CouponPrinterService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/02/02 16:59:45 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 14:44:51 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/16 14:06:20 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/16 14:06:20 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/16 14:06:20 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/11/16 14:06:20 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/16 14:06:20 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/16 14:06:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/16 14:06:20 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/16 14:06:04 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2014/07/10 13:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/20 14:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 13:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 18:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 12:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 17:17:30 | 000,011,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spio.sys -- (SuperIO)
DRV:64bit: - [2009/05/22 06:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/08/14 05:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 05:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-atty
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Amazon.com,eBay,Twitter,Wikipedia (en),DuckDuckGo"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.1.0.170
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.15.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/27 08:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/26 11:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/26 11:31:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 02:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/26 11:31:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/26 11:31:20 | 000,000,000 | ---D | M]
 
[2011/03/10 17:35:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2015/01/29 08:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\extensions
[2015/01/29 08:30:48 | 000,947,844 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\extensions\[email protected]
[2014/10/17 10:37:08 | 001,443,602 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\extensions\[email protected]
[2015/01/14 12:48:17 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/26 11:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/01/26 11:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2015/01/26 11:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 11:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/01/27 08:47:31 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/04 09:51:25 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib\4.3_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk\2.0.6_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.17_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/10 10:07:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [pronto] "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8A8C631-CC71-4F8E-9A12-1418D9D34BD9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/01 20:55:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Photos of Mike for website
[2015/01/31 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/01/31 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/01/31 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/01/31 18:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/01/31 18:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2015/01/31 15:20:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple
[2015/01/31 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Characters for the Eating Place
[2015/01/27 08:48:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple Computer
[2015/01/26 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Adobe
[2015/01/26 11:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/18 09:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2015/01/14 08:28:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2015/01/14 08:28:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2015/01/14 08:28:15 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2015/01/14 08:28:12 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2015/01/14 08:28:11 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2015/01/14 08:28:08 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2015/01/14 08:28:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2015/01/14 08:28:07 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2015/01/03 23:10:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Sides
[2011/03/16 16:03:58 | 041,742,792 | ---- | C] (Adobe Systems, Inc                                          ) -- C:\Program Files\Adobe_Contribute_4_Win.exe
[2011/03/15 18:33:26 | 003,357,488 | ---- | C] (Philipp Winterberg) -- C:\Program Files\InstallFreeRARExtractFrog.exe
[2011/03/10 22:18:11 | 002,182,784 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup.exe
[2011/03/10 22:18:00 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1153_upgrade.exe
[2011/03/10 22:18:00 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1136_upgrade.exe
[2011/03/10 22:18:00 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_40_cnet.exe
[2011/03/10 18:35:42 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup304.exe
[2011/03/10 18:35:25 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/02 16:59:45 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/02 16:52:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/02/02 16:50:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/02 15:21:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/02/02 13:05:14 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/02/02 11:50:01 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/02 07:53:56 | 000,026,192 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/02 07:53:56 | 000,026,192 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/02 07:53:00 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/02/02 07:53:00 | 000,662,400 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/02/02 07:53:00 | 000,122,268 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/02/02 07:46:49 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2015/02/02 07:45:28 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/01 19:41:14 | 000,376,363 | ---- | M] () -- C:\Users\Mike\Documents\Casting Breakdown TEP_Gary.pdf
[2015/02/01 13:42:41 | 000,022,652 | ---- | M] () -- C:\Users\Mike\Documents\The Eating Place Draft 12-2 (WHITE PAGES).pdf
[2015/01/31 23:24:05 | 000,168,341 | ---- | M] () -- C:\Users\Mike\Documents\TEP_CALLSHEET_TEST_DAY_2.pdf
[2015/01/31 18:06:43 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/01/28 15:28:42 | 000,184,569 | ---- | M] () -- C:\Users\Mike\Documents\iphone demo.pdf
[2015/01/28 15:28:39 | 000,197,169 | ---- | M] () -- C:\Users\Mike\Documents\macbook_demo.pdf
[2015/01/28 15:28:38 | 000,165,492 | ---- | M] () -- C:\Users\Mike\Documents\ipad_demo.pdf
[2015/01/28 12:26:04 | 000,134,709 | ---- | M] () -- C:\Users\Mike\Documents\Modern Family Pilot.pdf
[2015/01/27 23:45:41 | 000,046,341 | ---- | M] () -- C:\Users\Mike\Documents\THE EATING PLACE_CAST CALENDAR.pdf
[2015/01/27 15:29:34 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/01/26 14:21:30 | 000,002,044 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2015/01/24 15:45:55 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/01/24 15:45:55 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/20 22:49:07 | 002,056,561 | ---- | M] () -- C:\Users\Mike\Documents\Lynchburg College Application.pdf
[2015/01/18 15:25:42 | 003,007,651 | ---- | M] () -- C:\Users\Mike\Documents\S Storey Transcripts.pdf
[2015/01/18 15:25:08 | 003,003,385 | ---- | M] () -- C:\Users\Mike\Documents\Scan0002.pdf
[2015/01/18 15:21:41 | 003,000,144 | ---- | M] () -- C:\Users\Mike\Documents\Scan0001.pdf
[2015/01/17 16:42:11 | 000,036,303 | ---- | M] () -- C:\Users\Mike\Documents\NEQ7.jpg
[2015/01/17 16:31:48 | 000,018,465 | ---- | M] () -- C:\Users\Mike\Documents\Class Policies 11-1-07.pdf
[2015/01/17 16:31:43 | 000,013,924 | ---- | M] () -- C:\Users\Mike\Documents\Student info sheet.pdf
[2015/01/15 12:52:39 | 000,825,440 | ---- | M] () -- C:\Users\Mike\Documents\Evil LA Parking Ticket.jpg
[2015/01/08 17:10:24 | 000,073,908 | ---- | M] () -- C:\Users\Mike\Documents\10294489_742504985843924_24008678968778780_n.jpg
[2015/01/06 16:51:56 | 000,078,906 | ---- | M] () -- C:\Users\Mike\Documents\10897951_10153964827202588_6755652033892300808_n.jpg
[2015/01/05 12:39:47 | 000,072,287 | ---- | M] () -- C:\Users\Mike\Documents\1907887_10152791010873908_411453202973656570_n.jpg
[2015/01/04 14:27:44 | 000,202,648 | ---- | M] () -- C:\Users\Mike\Documents\10857843_10152904811333118_6924049128700740278_n.png
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/01 19:41:11 | 000,376,363 | ---- | C] () -- C:\Users\Mike\Documents\Casting Breakdown TEP_Gary.pdf
[2015/02/01 13:42:39 | 000,022,652 | ---- | C] () -- C:\Users\Mike\Documents\The Eating Place Draft 12-2 (WHITE PAGES).pdf
[2015/01/31 23:24:02 | 000,168,341 | ---- | C] () -- C:\Users\Mike\Documents\TEP_CALLSHEET_TEST_DAY_2.pdf
[2015/01/31 18:06:43 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/01/28 15:28:40 | 000,184,569 | ---- | C] () -- C:\Users\Mike\Documents\iphone demo.pdf
[2015/01/28 15:28:36 | 000,165,492 | ---- | C] () -- C:\Users\Mike\Documents\ipad_demo.pdf
[2015/01/28 15:28:31 | 000,197,169 | ---- | C] () -- C:\Users\Mike\Documents\macbook_demo.pdf
[2015/01/28 12:26:01 | 000,134,709 | ---- | C] () -- C:\Users\Mike\Documents\Modern Family Pilot.pdf
[2015/01/27 23:45:38 | 000,046,341 | ---- | C] () -- C:\Users\Mike\Documents\THE EATING PLACE_CAST CALENDAR.pdf
[2015/01/20 22:49:07 | 002,056,561 | ---- | C] () -- C:\Users\Mike\Documents\Lynchburg College Application.pdf
[2015/01/18 15:25:42 | 003,007,651 | ---- | C] () -- C:\Users\Mike\Documents\S Storey Transcripts.pdf
[2015/01/18 15:25:07 | 003,003,385 | ---- | C] () -- C:\Users\Mike\Documents\Scan0002.pdf
[2015/01/18 15:21:40 | 003,000,144 | ---- | C] () -- C:\Users\Mike\Documents\Scan0001.pdf
[2015/01/17 16:42:11 | 000,036,303 | ---- | C] () -- C:\Users\Mike\Documents\NEQ7.jpg
[2015/01/17 16:31:46 | 000,018,465 | ---- | C] () -- C:\Users\Mike\Documents\Class Policies 11-1-07.pdf
[2015/01/17 16:31:41 | 000,013,924 | ---- | C] () -- C:\Users\Mike\Documents\Student info sheet.pdf
[2015/01/15 12:50:58 | 000,825,440 | ---- | C] () -- C:\Users\Mike\Documents\Evil LA Parking Ticket.jpg
[2015/01/08 17:10:24 | 000,073,908 | ---- | C] () -- C:\Users\Mike\Documents\10294489_742504985843924_24008678968778780_n.jpg
[2015/01/06 16:51:56 | 000,078,906 | ---- | C] () -- C:\Users\Mike\Documents\10897951_10153964827202588_6755652033892300808_n.jpg
[2015/01/05 17:00:58 | 000,202,648 | ---- | C] () -- C:\Users\Mike\Documents\10857843_10152904811333118_6924049128700740278_n.png
[2015/01/05 17:00:58 | 000,017,703 | ---- | C] () -- C:\Users\Mike\Documents\97d675cf-6364-4c57-be41-7d23af85d0c2-large.jpeg
[2015/01/05 17:00:58 | 000,004,516 | ---- | C] () -- C:\Users\Mike\Documents\10385470_10153316192654156_8917264129419590586_n.jpg
[2015/01/05 12:39:47 | 000,072,287 | ---- | C] () -- C:\Users\Mike\Documents\1907887_10152791010873908_411453202973656570_n.jpg
[2012/01/16 14:27:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/09/06 14:34:02 | 000,004,096 | -H-- | C] () -- C:\Users\Mike\AppData\Local\keyfile3.drm
[2011/04/13 10:36:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/12 11:37:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2011/03/10 21:45:18 | 000,339,257 | ---- | C] () -- C:\Program Files\CleanUp452.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Nothing obvious in the log.  Let's check for the usual slowness causes.

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Ron
 

  • 0

#3
BuddyMG

BuddyMG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Thank you for the help - I've attached everything you asked for (I think!)

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Uninstall Bonjour.  It's not working and you don't need it.  You probably will get a new version next time you upgrade any Apple software.= hopefully the new version will work better.

 

Also uninstall AdAware.  Avast is the better anti-virus and you only want one.  (Two anti-viruses will fight each other and slow you down)

 

Also uninstall Coupon Printer.  It's not working correctly.  You can reinstall it later.  Probably a newer version will work.

 

Your Windows Search is really in bad shape.  Try the fix here:

 

http://techtrix.hubp...-7-Search-Index

 

 

Let's see if that helped:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application
 
Also create another process Explorer log as before.
 
Some notes on Avast:
Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
 
They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.
 
If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.  Look for the Basic option.
 
 
Tonight or tomorrow night let's let Avast run a boot time scan.
 
How to do a boot-time scan while you sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then on Scan for Viruses (wait for a minute or two for the page to change) Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
 

  • 0

#5
BuddyMG

BuddyMG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Here's what I have: I've attached both VEW files and the System Idel Process. My Windows Search is slow (sometimes it takes minutes to open a folder in Explorer) yet when I tried the fixes nothing was found. Also, the BootScan found one thing and moved it to chest. I've included a screenshot.

 

That's all I've got - I appreciate your help, thank you!

Attached Thumbnails

  • screenshot.jpg

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
    Let's look at the boot log:
     

    http://www.techrepub...lp-of-msconfig/  (If you get a popup click on No Thanks I know everything)

     

     

    Once you get to Step 3 Substep 2:  Copy and paste the text from Notepad into a reply.


    • 0

    #7
    BuddyMG

    BuddyMG

      Member

    • Topic Starter
    • Member
    • PipPip
    • 54 posts

    Here are the logs you asked for (in this order - FRST, Addition, then the boot log) Thank you!

     

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
    Ran by Mike (administrator) on PC on 06-02-2015 13:00:37
    Running from C:\Users\Mike\Downloads
    Loaded Profiles: Mike (Available profiles: Mike)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\vVX3000.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    (Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
    (JME) C:\Program Files (x86)\jmesoft\hotkey.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
    HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-02-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
    HKLM-x32\...\Run: [LenovoFSC] => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
    HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
    HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Run: [pronto] => "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    URLSearchHook: HKLM-x32 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-3758289344-697551801-2976451627-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
    SearchScopes: HKU\S-1-5-21-3758289344-697551801-2976451627-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.yahoo.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3758289344-697551801-2976451627-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: Disconnect - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\Extensions\[email protected] [2014-03-27]
    FF Extension: Ghostery - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\Extensions\[email protected] [2013-08-02]
    FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-14]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26]
    FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-09]
    FF HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.yahoo.com/
    CHR StartupUrls: Default -> "https://www.yahoo.co...st&type=odc179"
    CHR DefaultSearchKeyword: Default -> www.yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ff.search.yah...d={searchTerms}
    CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
    CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-12-09]
    CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
    CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
    CHR Extension: (Avast SafePrice) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
    CHR Extension: (Disconnect Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-04-03]
    CHR Extension: (Disconnect) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-03-27]
    CHR Extension: (Skype Click to Call) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-23]
    CHR Extension: (Ghostery) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-27]
    CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
    CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-16] (Avast Software)
    R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-02-11] (Alcatel-Lucent) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
    R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-16] (Avast Software)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 13:00 - 2015-02-06 13:00 - 00020642 _____ () C:\Users\Mike\Downloads\FRST.txt
    2015-02-06 13:00 - 2015-02-06 13:00 - 00000000 ____D () C:\FRST
    2015-02-06 11:46 - 2015-02-06 11:46 - 02131968 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
    2015-02-06 11:45 - 2015-02-06 11:45 - 01123328 _____ (Farbar) C:\Users\Mike\Downloads\FRST.exe
    2015-02-05 10:56 - 2015-02-05 10:56 - 00001043 _____ () C:\Users\Mike\Downloads\VEW - application.txt
    2015-02-05 10:55 - 2015-02-05 10:55 - 00001284 _____ () C:\Users\Mike\Downloads\VEW - system.txt
    2015-02-05 09:16 - 2015-02-05 09:16 - 00000304 _____ () C:\windows\PFRO.log
    2015-02-04 13:16 - 2015-02-04 13:16 - 00009191 _____ () C:\Users\Mike\Documents\VEW - Application 020415.txt
    2015-02-04 13:15 - 2015-02-05 10:56 - 00001043 _____ () C:\VEW.txt
    2015-02-04 13:15 - 2015-02-04 13:15 - 00004162 _____ () C:\Users\Mike\Documents\VEW - system 020415.txt
    2015-02-04 13:14 - 2015-02-04 13:14 - 00061440 _____ ( ) C:\Users\Mike\Downloads\VEW.exe
    2015-02-04 13:14 - 2015-02-04 13:14 - 00042150 _____ () C:\Users\Mike\Documents\junk.txt
    2015-02-04 08:17 - 2015-02-06 01:18 - 00000280 _____ () C:\windows\setupact.log
    2015-02-04 08:17 - 2015-02-04 08:17 - 00000000 _____ () C:\windows\setuperr.log
    2015-02-03 12:42 - 2015-02-03 12:43 - 00498089 _____ () C:\Users\Mike\Documents\Speccy.txt
    2015-02-03 12:38 - 2015-02-03 12:38 - 05135288 _____ (Piriform Ltd) C:\Users\Mike\Downloads\spsetup128.exe
    2015-02-03 12:36 - 2015-02-05 11:01 - 00007785 _____ () C:\Users\Mike\Downloads\System Idle Process.txt
    2015-02-03 12:36 - 2015-02-03 12:36 - 00008256 _____ () C:\Users\Mike\Downloads\System Idle Process 020415.txt
    2015-02-03 12:29 - 2015-02-03 12:30 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mike\Downloads\procexp.exe
    2015-02-03 12:26 - 2015-02-03 12:26 - 00000000 ____D () C:\Users\Mike\Documents\WGA Pilot - January - April 2015
    2015-02-03 08:33 - 2015-02-03 10:31 - 00000000 ____D () C:\Users\Mike\AppData\Local\Apple Computer
    2015-02-02 22:15 - 2015-02-03 08:32 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
    2015-02-02 17:33 - 2015-02-02 17:33 - 00084584 _____ () C:\Users\Mike\Downloads\OTL.Txt
    2015-02-02 17:04 - 2015-02-02 17:04 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Downloads\OTL.exe
    2015-02-01 20:55 - 2015-02-06 09:29 - 00000000 ____D () C:\Users\Mike\Documents\Photos of Mike for website
    2015-01-31 18:06 - 2015-01-31 18:06 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-01-31 18:06 - 2015-01-31 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-01-31 18:05 - 2015-01-31 18:06 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-31 18:05 - 2015-01-31 18:06 - 00000000 ____D () C:\Program Files\iTunes
    2015-01-31 18:05 - 2015-01-31 18:05 - 00000000 ____D () C:\Program Files\iPod
    2015-01-31 18:05 - 2015-01-31 18:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-31 12:45 - 2015-01-31 12:45 - 00000000 ____D () C:\Users\Mike\Documents\Characters for the Eating Place
    2015-01-26 22:37 - 2015-01-26 22:38 - 05325208 _____ (Piriform Ltd) C:\Users\Mike\Downloads\ccsetup502.exe
    2015-01-26 11:31 - 2015-01-26 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-18 09:51 - 2015-01-26 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
    2015-01-14 08:28 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-14 08:28 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-14 08:28 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-01-14 08:28 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2015-01-14 08:28 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2015-01-14 08:28 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2015-01-14 08:28 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 08:28 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2015-01-14 08:28 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2015-01-14 08:28 - 2014-12-11 09:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-14 08:28 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-14 08:28 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
    2015-01-14 08:28 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 12:52 - 2013-03-19 07:52 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-02-06 12:34 - 2012-11-16 13:57 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-06 12:01 - 2011-10-25 15:31 - 01895656 _____ () C:\windows\WindowsUpdate.log
    2015-02-06 10:34 - 2012-11-16 13:57 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 09:11 - 2009-07-13 20:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 09:11 - 2009-07-13 20:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 08:29 - 2014-05-19 08:59 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-06 07:25 - 2013-08-09 10:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-02-06 01:23 - 2009-07-13 21:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-02-06 01:18 - 2011-03-14 10:39 - 00000000 ____D () C:\Users\Mike\Tracing
    2015-02-06 01:18 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-02-05 22:52 - 2013-12-06 09:23 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-05 15:41 - 2011-03-10 18:07 - 00000000 ____D () C:\Users\Mike\Mike's Stuff
    2015-02-05 10:29 - 2012-11-16 13:57 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-05 10:29 - 2012-11-16 13:57 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-04 22:04 - 2011-03-21 12:38 - 00000000 ____D () C:\Program Files (x86)\Coupons
    2015-02-04 15:52 - 2013-03-19 07:52 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 15:52 - 2012-07-02 10:49 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-02-04 15:52 - 2012-07-02 10:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-04 13:19 - 2013-10-02 17:27 - 04114944 ___SH () C:\Users\Mike\Documents\Thumbs.db
    2015-02-03 15:17 - 2011-03-12 10:48 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Skype
    2015-02-03 12:27 - 2011-03-10 18:28 - 00000000 ____D () C:\Users\Mike\Movies-TV
    2015-01-31 18:05 - 2011-03-10 18:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-30 07:53 - 2009-07-13 21:08 - 00032622 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2015-01-27 15:29 - 2011-03-10 21:53 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-01-27 15:29 - 2011-03-10 21:53 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-27 08:47 - 2012-04-26 11:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-25 16:05 - 2015-01-03 23:10 - 00000000 ____D () C:\Users\Mike\Documents\Sides
    2015-01-14 23:36 - 2013-07-14 11:24 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-14 23:35 - 2011-03-16 07:31 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2011-03-16 16:03 - 2011-03-16 16:08 - 41742792 _____ (Adobe Systems, Inc                                          ) C:\Program Files\Adobe_Contribute_4_Win.exe
    2011-03-10 18:35 - 2008-01-28 23:27 - 0050688 _____ (Atribune.org) C:\Program Files\ATF_Cleaner.exe
    2011-03-10 22:18 - 2010-10-17 14:17 - 4290744 _____ (AVG Technologies) C:\Program Files\avg_free_stb_all_2011_1136_upgrade.exe
    2011-03-10 22:18 - 2010-11-09 09:17 - 4329496 _____ (AVG Technologies) C:\Program Files\avg_free_stb_all_2011_1153_upgrade.exe
    2011-03-10 22:18 - 2009-11-18 14:25 - 0891248 _____ (AVG Technologies) C:\Program Files\avg_free_stb_all_9_40_cnet.exe
    2011-03-10 18:35 - 2011-02-24 20:33 - 3033192 _____ (Piriform Ltd) C:\Program Files\ccsetup304.exe
    2011-03-10 21:45 - 2006-08-20 15:59 - 0339257 _____ () C:\Program Files\CleanUp452.exe
    2011-03-15 18:33 - 2011-02-18 08:52 - 3357488 _____ (Philipp Winterberg) C:\Program Files\InstallFreeRARExtractFrog.exe
    2011-03-10 22:18 - 2008-09-10 13:49 - 2182784 _____ (Malwarebytes Corporation                                    ) C:\Program Files\mbam-setup.exe
    2012-06-17 11:13 - 2012-06-17 11:13 - 3993600 _____ () C:\Program Files (x86)\GUT9399.tmp
    2011-09-06 14:34 - 2011-09-06 14:34 - 0004096 ____H () C:\Users\Mike\AppData\Local\keyfile3.drm
    2011-03-12 11:37 - 2011-03-12 11:45 - 0000026 ____H () C:\ProgramData\.119889580931711767808769176
    2012-01-16 14:27 - 2012-01-16 14:27 - 0000057 _____ () C:\ProgramData\Ament.ini
    2011-04-13 10:36 - 2011-04-13 10:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2011-03-12 11:21 - 2011-12-06 14:27 - 0001518 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\Mike\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-04 10:50

    ==================== End Of Log ============================

     

    Addition

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
    Ran by Mike at 2015-02-06 13:01:09
    Running from C:\Users\Mike\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Photoshop 5.5 (HKLM-x32\...\Adobe Photoshop 5.5) (Version: 5.5 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Aiseesoft QuickTime Video Converter (HKLM-x32\...\Aiseesoft QuickTime Video Converter_is1) (Version:  - )
    Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
    AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
    att.net Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
    ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version:  - )
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
    Best Buy pc app (HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\48e4cff94f039634) (Version: 3.1.1.0 - Best Buy)
    Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
    Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
    CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Dropbox (HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    FanSpeedControl (HKLM-x32\...\InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo)
    FanSpeedControl (x32 Version: 1.00.00.13 - Lenovo) Hidden
    FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
    Final Draft 7 (HKLM-x32\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.1.19 - Final Draft, Inc.)
    Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 2.50 - Philipp Winterberg)
    Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)
    Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPOJP8600FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1311 - Lenovo)
    Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
    Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
    LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
    LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
    Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Word 2003 (HKLM-x32\...\{901B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
    Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0006 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    TweetDeck (HKLM-x32\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
    VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3758289344-697551801-2976451627-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3758289344-697551801-2976451627-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1132\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3758289344-697551801-2976451627-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3758289344-697551801-2976451627-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3758289344-697551801-2976451627-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3758289344-697551801-2976451627-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points  =========================

    11-11-2014 08:38:39 Windows Update
    12-11-2014 23:53:51 Windows Update
    16-11-2014 13:57:18 avast! antivirus system restore point
    16-11-2014 14:09:59 AA11
    18-11-2014 09:48:11 Windows Update
    19-11-2014 23:14:13 Windows Update
    25-11-2014 09:18:16 Windows Update
    29-11-2014 08:30:06 Windows Update
    02-12-2014 09:22:55 Windows Update
    09-12-2014 08:55:50 Windows Update
    11-12-2014 00:11:53 Windows Update
    13-12-2014 00:12:37 Windows Update
    16-12-2014 08:30:56 Windows Update
    18-12-2014 23:37:39 Windows Update
    19-12-2014 12:31:56 AA11
    23-12-2014 09:22:08 Windows Update
    31-12-2014 16:33:05 Windows Update
    06-01-2015 09:26:54 Windows Update
    13-01-2015 09:05:38 Windows Update
    14-01-2015 23:34:59 Windows Update
    20-01-2015 08:42:01 Windows Update
    23-01-2015 08:46:10 Windows Update
    27-01-2015 08:55:07 Windows Update
    03-02-2015 08:39:51 Windows Update
    04-02-2015 21:55:17 Removed Bonjour
    04-02-2015 21:58:08 AA11

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2013-08-10 10:07 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0355133D-C37D-4916-96E7-87213C72AF1C} - System32\Tasks\{1394EEF6-93C2-438D-8B51-98B9AFA718FD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
    Task: {07D8A619-BF49-4758-AD13-39BABCE25DAE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {0F3BD997-7ADB-4D64-BCD7-AA953FB66468} - System32\Tasks\{B5C88331-DBA3-437B-8B2A-D2BEB9E2CA59} => pcalua.exe -a "C:\Program Files\Adobe_Contribute_4_Win.exe" -d "C:\Program Files"
    Task: {215ADF98-C176-4E10-9CEF-A86AD54DD511} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
    Task: {23794914-BC16-4B69-802F-549F3F0DDA22} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {3C1325F2-D996-4E44-BE3D-101048E07FC3} - System32\Tasks\{BC47F3C9-3073-4A81-A86F-E0DEE1CA7036} => Firefox.exe http://www.skype.com...#38;LastError=2
    Task: {3DDF54DC-2126-461B-8960-EA8FB42CFBFC} - System32\Tasks\{5246D323-0341-49E6-9ACB-39ABB29CE6A2} => pcalua.exe -a C:\Users\Mike\Downloads\Adobe_Contribute_4_Win.exe -d C:\Users\Mike\Downloads
    Task: {45A58D88-B063-4C73-80FB-675C5BBE8D38} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {4F45946C-7A55-4DDB-A00F-E5DBD30D724D} - System32\Tasks\{097D5EB1-73A0-49FE-9262-4DB3F0FF9CC6} => Firefox.exe http://ui.skype.com/...?LastError=1603
    Task: {626308B3-3D32-4E35-9873-6A1449E1CE33} - System32\Tasks\AdobeAAMUpdater-1.0-PC-Mike => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-02-22] (Adobe Systems Incorporated)
    Task: {68ECE56F-5C97-4389-B4A1-77681190DB95} - System32\Tasks\{8529944B-110A-46EE-9FCF-8F1CB1A4DD11} => pcalua.exe -a "C:\Program Files\Adobe_Contribute_4_Win.exe" -d "C:\Program Files"
    Task: {8D803293-4690-430C-8189-04174775BCA5} - System32\Tasks\{EFB2A960-DE8D-4431-8AEB-8BC1BAFE5252} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {8DF7B080-1C21-4911-A660-BE7CD2F99187} - System32\Tasks\{CADCBA21-49F8-45AA-8A53-DC1B82EC95D2} => pcalua.exe -a C:\Users\Mike\Downloads\ltpb2setup.exe -d C:\Users\Mike\Downloads
    Task: {8F4E1085-1F59-4D56-B077-927EF2E17513} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
    Task: {965C5408-F129-4CAE-B92E-8BDF16F826B2} - System32\Tasks\{3EAB116B-24B6-4799-A619-4F51F8899379} => msiexec.exe /package "C:\Windows\Downloaded Installations\Adobe Contribute 4\Adobe Contribute 4.msi"
    Task: {9FD8FEE7-CA42-433A-82EF-85927CDCB5E6} - System32\Tasks\{C06A8649-140B-436A-9952-A21BBF446C21} => msiexec.exe /package "C:\Windows\Downloaded Installations\Adobe Contribute 4\Adobe Contribute 4.msi"
    Task: {A4E32105-52D0-43D0-B5A3-7FDDEF151589} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-16] (AVAST Software)
    Task: {B5D8F63C-1419-4C97-B37C-8321A479EC1A} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    Task: {B8EB83D0-B0DE-4DBB-8F24-FECDF0E8C28B} - System32\Tasks\{4A59F09D-E3A6-4D20-BC16-C44D834AA77B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
    Task: {D789E40B-0408-48A4-AD34-45D7CCEC632C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {E3CE389A-DF58-437E-B77F-6587454ACFCD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {E4FD4C3A-B2D2-43F9-8F77-55FF120504C7} - System32\Tasks\{54C7F1AD-595E-4432-8E2B-62D1FF8FA1CF} => pcalua.exe -a C:\Users\Mike\Downloads\ltpb1setup.exe -d C:\Users\Mike\Downloads
    Task: {E72B302B-F836-423E-861C-0A6A267B8F5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2015-02-05 14:48 - 2015-02-05 14:48 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2010-12-28 18:12 - 2009-07-16 09:20 - 00032768 _____ () C:\Program Files (x86)\jmesoft\Keyhook.dll
    2010-12-28 18:12 - 2007-12-31 10:27 - 00007168 _____ () C:\Program Files (x86)\jmesoft\VistaVolume.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-01-26 11:31 - 2015-01-26 11:31 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2015-02-04 15:52 - 2015-02-04 15:52 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3758289344-697551801-2976451627-500 - Administrator - Disabled)
    Guest (S-1-5-21-3758289344-697551801-2976451627-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3758289344-697551801-2976451627-1005 - Limited - Enabled)
    Mike (S-1-5-21-3758289344-697551801-2976451627-1001 - Administrator - Enabled) => C:\Users\Mike

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/05/2015 10:49:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: msnmsgr.exe, version: 14.0.8089.726, time stamp: 0x4a6ce533
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0xc28
    Faulting application start time: 0xmsnmsgr.exe0
    Faulting application path: msnmsgr.exe1
    Faulting module path: msnmsgr.exe2
    Report Id: msnmsgr.exe3


    System errors:
    =============
    Error: (02/06/2015 01:18:39 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error: (02/05/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Type with the following error:
    %%5


    Microsoft Office Sessions:
    =========================
    Error: (02/05/2015 10:49:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: msnmsgr.exe14.0.8089.7264a6ce533unknown0.0.0.000000000c000000500000000c2801d041746eaaf459C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeunknownb8f64eba-ad67-11e4-a726-4437e61eb9ad


    CodeIntegrity Errors:
    ===================================
      Date: 2014-09-13 12:13:26.200
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:13:25.672
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:13:10.334
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:13:09.801
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:12:00.330
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:11:59.806
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:34.506
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:34.210
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:33.929
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:33.648
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
    Percentage of memory in use: 52%
    Total physical RAM: 4061.18 MB
    Available physical RAM: 1924.45 MB
    Total Pagefile: 8120.54 MB
    Available Pagefile: 5523.89 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:906.34 GB) (Free:402.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5E0DFF55)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

    ==================== End Of Log ============================

     

    ntbtlog

     

     Service Pack 1 2  6 2015 13:12:15.375
    Loaded driver \SystemRoot\system32\ntoskrnl.exe
    Loaded driver \SystemRoot\system32\hal.dll
    Loaded driver \SystemRoot\system32\kdcom.dll
    Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
    Loaded driver \SystemRoot\system32\PSHED.dll
    Loaded driver \SystemRoot\system32\CLFS.SYS
    Loaded driver \SystemRoot\system32\CI.dll
    Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
    Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
    Loaded driver \SystemRoot\system32\drivers\ACPI.sys
    Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
    Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
    Loaded driver \SystemRoot\system32\drivers\pci.sys
    Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
    Loaded driver \SystemRoot\System32\drivers\partmgr.sys
    Loaded driver \SystemRoot\system32\drivers\volmgr.sys
    Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
    Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
    Loaded driver \SystemRoot\system32\drivers\atapi.sys
    Loaded driver \SystemRoot\system32\drivers\ataport.SYS
    Loaded driver \SystemRoot\system32\drivers\msahci.sys
    Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
    Loaded driver \SystemRoot\system32\drivers\amdxata.sys
    Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
    Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
    Loaded driver \SystemRoot\system32\DRIVERS\MpFilter.sys
    Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
    Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
    Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
    Loaded driver \SystemRoot\System32\Drivers\cng.sys
    Loaded driver \SystemRoot\System32\drivers\pcw.sys
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
    Loaded driver \SystemRoot\system32\drivers\ndis.sys
    Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
    Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
    Loaded driver \SystemRoot\System32\drivers\tcpip.sys
    Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
    Loaded driver \SystemRoot\system32\drivers\volsnap.sys
    Loaded driver \SystemRoot\System32\Drivers\spldr.sys
    Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
    Loaded driver \SystemRoot\System32\Drivers\mup.sys
    Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
    Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
    Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    Loaded driver \SystemRoot\System32\Drivers\aswVmm.sys
    Loaded driver \SystemRoot\System32\Drivers\aswRvrt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\system32\drivers\aswSnx.sys
    Loaded driver \SystemRoot\system32\drivers\aswSP.sys
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
    Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
    Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
    Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
    Loaded driver \SystemRoot\system32\drivers\afd.sys
    Loaded driver \SystemRoot\system32\drivers\aswRdr2.sys
    Loaded driver \SystemRoot\system32\drivers\ws2ifsl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
    Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
    Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
    Loaded driver \SystemRoot\system32\drivers\termdd.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
    Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
    Loaded driver \SystemRoot\system32\drivers\mssmbios.sys
    Loaded driver \SystemRoot\System32\drivers\discache.sys
    Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
    Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
    Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
    Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
    Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\igdkmd64.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\system32\drivers\HDAudBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\Rt64win7.sys
    Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
    Loaded driver \SystemRoot\system32\drivers\i8042prt.sys
    Loaded driver \SystemRoot\system32\drivers\kbdclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    Loaded driver \SystemRoot\system32\drivers\CompositeBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
    Loaded driver \SystemRoot\system32\drivers\mouclass.sys
    Loaded driver \SystemRoot\system32\drivers\swenum.sys
    Loaded driver \SystemRoot\system32\DRIVERS\spio.sys
    Loaded driver \SystemRoot\system32\drivers\umbus.sys
    Did not load driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
    Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Loaded driver \SystemRoot\system32\drivers\RTKVHD64.sys
    Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
    Loaded driver \SystemRoot\system32\drivers\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\VX3000.sys
    Loaded driver \SystemRoot\system32\drivers\usbaudio.sys
    Loaded driver \SystemRoot\System32\Drivers\RtsUStor.sys
    Loaded driver \SystemRoot\system32\drivers\usbscan.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
    Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    Loaded driver \SystemRoot\system32\drivers\luafv.sys
    Loaded driver \SystemRoot\system32\drivers\aswMonFlt.sys
    Loaded driver \SystemRoot\system32\drivers\aswStm.sys
    Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
    Loaded driver \SystemRoot\system32\drivers\HTTP.sys
    Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
    Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    Loaded driver \SystemRoot\system32\drivers\aswHwid.sys
    Loaded driver \SystemRoot\system32\drivers\peauth.sys
    Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
    Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
    Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
    Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\WUDFRd.sys
     


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 51
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    Uninstall:
    Windows Live Essentials 
     
    It's causing errors.  If you don't use it then do not reinstall it.
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

    Your boot log looks good.  I'm thinking the FRST will help some.  Let me know if it's better.

     

     


    • 0

    #9
    BuddyMG

    BuddyMG

      Member

    • Topic Starter
    • Member
    • PipPip
    • 54 posts

    Fix log, FRST, and Addition (in that order) Thank you!

     

    Fix Log

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
    Ran by Mike at 2015-02-06 14:34:00 Run:1
    Running from C:\Users\Mike\Downloads
    Loaded Profiles: Mike (Available profiles: Mike)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    URLSearchHook: HKLM-x32 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    HO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26]
    FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    Task: {07D8A619-BF49-4758-AD13-39BABCE25DAE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {8D803293-4690-430C-8189-04174775BCA5} - System32\Tasks\{EFB2A960-DE8D-4431-8AEB-8BC1BAFE5252} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {B5D8F63C-1419-4C97-B37C-8321A479EC1A} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    Task: {965C5408-F129-4CAE-B92E-8BDF16F826B2} - System32\Tasks\{3EAB116B-24B6-4799-A619-4F51F8899379} => msiexec.exe /package "C:\Windows\Downloaded Installations\Adobe Contribute 4\Adobe Contribute 4.msi"
    Task: {9FD8FEE7-CA42-433A-82EF-85927CDCB5E6} - System32\Tasks\{C06A8649-140B-436A-9952-A21BBF446C21} => msiexec.exe /package "C:\Windows\Downloaded Installations\Adobe Contribute 4\Adobe Contribute 4.msi"
    Task: {68ECE56F-5C97-4389-B4A1-77681190DB95} - System32\Tasks\{8529944B-110A-46EE-9FCF-8F1CB1A4DD11} => pcalua.exe -a "C:\Program Files\Adobe_Contribute_4_Win.exe" -d "C:\Program Files"
    Task: {3DDF54DC-2126-461B-8960-EA8FB42CFBFC} - System32\Tasks\{5246D323-0341-49E6-9ACB-39ABB29CE6A2} => pcalua.exe -a C:\Users\Mike\Downloads\Adobe_Contribute_4_Win.exe -d C:\Users\Mike\Downloads
    Task: {0F3BD997-7ADB-4D64-BCD7-AA953FB66468} - System32\Tasks\{B5C88331-DBA3-437B-8B2A-D2BEB9E2CA59} => pcalua.exe -a "C:\Program Files\Adobe_Contribute_4_Win.exe" -d "C:\Program Files"
    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-3758289344-697551801-2976451627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File => Error: No automatic fix found for this entry.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
    "HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.
    HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} => Moved successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} => value deleted successfully.
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value deleted successfully.
    C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => Moved successfully.
    catchme => Service deleted successfully.
    MREMP50a64 => Service deleted successfully.
    MREMPR5 => Service deleted successfully.
    MRENDIS5 => Service deleted successfully.
    MRESP50a64 => Service deleted successfully.
    RtsUIR => Service deleted successfully.
    USBCCID => Service deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07D8A619-BF49-4758-AD13-39BABCE25DAE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07D8A619-BF49-4758-AD13-39BABCE25DAE}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D803293-4690-430C-8189-04174775BCA5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D803293-4690-430C-8189-04174775BCA5}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{EFB2A960-DE8D-4431-8AEB-8BC1BAFE5252} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EFB2A960-DE8D-4431-8AEB-8BC1BAFE5252}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5D8F63C-1419-4C97-B37C-8321A479EC1A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D8F63C-1419-4C97-B37C-8321A479EC1A}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{965C5408-F129-4CAE-B92E-8BDF16F826B2}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{965C5408-F129-4CAE-B92E-8BDF16F826B2}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{3EAB116B-24B6-4799-A619-4F51F8899379} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3EAB116B-24B6-4799-A619-4F51F8899379}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FD8FEE7-CA42-433A-82EF-85927CDCB5E6}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FD8FEE7-CA42-433A-82EF-85927CDCB5E6}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{C06A8649-140B-436A-9952-A21BBF446C21} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C06A8649-140B-436A-9952-A21BBF446C21}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68ECE56F-5C97-4389-B4A1-77681190DB95}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68ECE56F-5C97-4389-B4A1-77681190DB95}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{8529944B-110A-46EE-9FCF-8F1CB1A4DD11} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8529944B-110A-46EE-9FCF-8F1CB1A4DD11}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DDF54DC-2126-461B-8960-EA8FB42CFBFC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DDF54DC-2126-461B-8960-EA8FB42CFBFC}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{5246D323-0341-49E6-9ACB-39ABB29CE6A2} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5246D323-0341-49E6-9ACB-39ABB29CE6A2}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F3BD997-7ADB-4D64-BCD7-AA953FB66468}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F3BD997-7ADB-4D64-BCD7-AA953FB66468}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{B5C88331-DBA3-437B-8B2A-D2BEB9E2CA59} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B5C88331-DBA3-437B-8B2A-D2BEB9E2CA59}" => Key deleted successfully.

    ==== End of Fixlog 14:34:01 ====

     

    FRST

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
    Ran by Mike (administrator) on PC on 06-02-2015 14:35:47
    Running from C:\Users\Mike\Downloads
    Loaded Profiles: Mike (Available profiles: Mike)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\vVX3000.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
    (JME) C:\Program Files (x86)\jmesoft\hotkey.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
    HKLM\...\Run: [VX3000] => C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-02-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
    HKLM-x32\...\Run: [LenovoFSC] => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
    HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
    HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Run: [pronto] => "C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe"
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    SearchScopes: HKU\S-1-5-21-3758289344-697551801-2976451627-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
    SearchScopes: HKU\S-1-5-21-3758289344-697551801-2976451627-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-atty
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.yahoo.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3758289344-697551801-2976451627-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: Disconnect - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\Extensions\[email protected] [2014-03-27]
    FF Extension: Ghostery - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\Extensions\[email protected] [2013-08-02]
    FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\b1wjgrv7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-14]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-09]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.yahoo.com/
    CHR StartupUrls: Default -> "https://www.yahoo.co...st&type=odc179"
    CHR DefaultSearchKeyword: Default -> www.yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ff.search.yah...d={searchTerms}
    CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
    CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-12-09]
    CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
    CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
    CHR Extension: (Avast SafePrice) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
    CHR Extension: (Disconnect Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-04-03]
    CHR Extension: (Disconnect) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-03-27]
    CHR Extension: (Skype Click to Call) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-23]
    CHR Extension: (Ghostery) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-27]
    CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
    CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-16] (Avast Software)
    R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-02-11] (Alcatel-Lucent) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
    R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-16] (Avast Software)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 13:09 - 2015-02-06 13:09 - 00000000 ____D () C:\windows\pss
    2015-02-06 13:01 - 2015-02-06 13:01 - 00028082 _____ () C:\Users\Mike\Downloads\Addition.txt
    2015-02-06 13:00 - 2015-02-06 14:36 - 00018186 _____ () C:\Users\Mike\Downloads\FRST.txt
    2015-02-06 13:00 - 2015-02-06 14:35 - 00000000 ____D () C:\FRST
    2015-02-06 11:46 - 2015-02-06 11:46 - 02131968 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
    2015-02-06 11:45 - 2015-02-06 11:45 - 01123328 _____ (Farbar) C:\Users\Mike\Downloads\FRST.exe
    2015-02-05 10:56 - 2015-02-05 10:56 - 00001043 _____ () C:\Users\Mike\Downloads\VEW - application.txt
    2015-02-05 10:55 - 2015-02-05 10:55 - 00001284 _____ () C:\Users\Mike\Downloads\VEW - system.txt
    2015-02-04 13:16 - 2015-02-04 13:16 - 00009191 _____ () C:\Users\Mike\Documents\VEW - Application 020415.txt
    2015-02-04 13:15 - 2015-02-05 10:56 - 00001043 _____ () C:\VEW.txt
    2015-02-04 13:15 - 2015-02-04 13:15 - 00004162 _____ () C:\Users\Mike\Documents\VEW - system 020415.txt
    2015-02-04 13:14 - 2015-02-04 13:14 - 00061440 _____ ( ) C:\Users\Mike\Downloads\VEW.exe
    2015-02-04 13:14 - 2015-02-04 13:14 - 00042150 _____ () C:\Users\Mike\Documents\junk.txt
    2015-02-03 12:42 - 2015-02-03 12:43 - 00498089 _____ () C:\Users\Mike\Documents\Speccy.txt
    2015-02-03 12:38 - 2015-02-03 12:38 - 05135288 _____ (Piriform Ltd) C:\Users\Mike\Downloads\spsetup128.exe
    2015-02-03 12:36 - 2015-02-05 11:01 - 00007785 _____ () C:\Users\Mike\Downloads\System Idle Process.txt
    2015-02-03 12:36 - 2015-02-03 12:36 - 00008256 _____ () C:\Users\Mike\Downloads\System Idle Process 020415.txt
    2015-02-03 12:29 - 2015-02-03 12:30 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mike\Downloads\procexp.exe
    2015-02-03 12:26 - 2015-02-03 12:26 - 00000000 ____D () C:\Users\Mike\Documents\WGA Pilot - January - April 2015
    2015-02-03 08:33 - 2015-02-03 10:31 - 00000000 ____D () C:\Users\Mike\AppData\Local\Apple Computer
    2015-02-02 22:15 - 2015-02-03 08:32 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
    2015-02-02 17:33 - 2015-02-02 17:33 - 00084584 _____ () C:\Users\Mike\Downloads\OTL.Txt
    2015-02-02 17:04 - 2015-02-02 17:04 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Downloads\OTL.exe
    2015-02-01 20:55 - 2015-02-06 09:29 - 00000000 ____D () C:\Users\Mike\Documents\Photos of Mike for website
    2015-01-31 18:06 - 2015-01-31 18:06 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-01-31 18:06 - 2015-01-31 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-01-31 18:05 - 2015-01-31 18:06 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-31 18:05 - 2015-01-31 18:06 - 00000000 ____D () C:\Program Files\iTunes
    2015-01-31 18:05 - 2015-01-31 18:05 - 00000000 ____D () C:\Program Files\iPod
    2015-01-31 18:05 - 2015-01-31 18:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-31 12:45 - 2015-01-31 12:45 - 00000000 ____D () C:\Users\Mike\Documents\Characters for the Eating Place
    2015-01-26 22:37 - 2015-01-26 22:38 - 05325208 _____ (Piriform Ltd) C:\Users\Mike\Downloads\ccsetup502.exe
    2015-01-26 11:31 - 2015-01-26 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-18 09:51 - 2015-01-26 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
    2015-01-14 08:28 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-14 08:28 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-14 08:28 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-01-14 08:28 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2015-01-14 08:28 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2015-01-14 08:28 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2015-01-14 08:28 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 08:28 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2015-01-14 08:28 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2015-01-14 08:28 - 2014-12-11 09:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-14 08:28 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-14 08:28 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
    2015-01-14 08:28 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-06 14:34 - 2012-11-16 13:57 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-06 14:31 - 2010-12-28 19:04 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2015-02-06 14:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-02-06 14:06 - 2011-03-14 10:39 - 00000000 ____D () C:\Users\Mike\Tracing
    2015-02-06 13:52 - 2013-03-19 07:52 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-02-06 13:20 - 2009-07-13 20:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 13:20 - 2009-07-13 20:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-06 13:17 - 2009-07-13 21:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-02-06 13:16 - 2011-10-25 15:31 - 01903965 ____N () C:\windows\WindowsUpdate.log
    2015-02-06 13:12 - 2012-11-16 13:57 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 13:12 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-02-06 08:29 - 2014-05-19 08:59 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-06 07:25 - 2013-08-09 10:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2015-02-05 22:52 - 2013-12-06 09:23 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-05 15:41 - 2011-03-10 18:07 - 00000000 ____D () C:\Users\Mike\Mike's Stuff
    2015-02-05 10:29 - 2012-11-16 13:57 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-05 10:29 - 2012-11-16 13:57 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-04 22:04 - 2011-03-21 12:38 - 00000000 ____D () C:\Program Files (x86)\Coupons
    2015-02-04 15:52 - 2013-03-19 07:52 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 15:52 - 2012-07-02 10:49 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-02-04 15:52 - 2012-07-02 10:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-04 13:19 - 2013-10-02 17:27 - 04114944 ___SH () C:\Users\Mike\Documents\Thumbs.db
    2015-02-03 15:17 - 2011-03-12 10:48 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Skype
    2015-02-03 12:27 - 2011-03-10 18:28 - 00000000 ____D () C:\Users\Mike\Movies-TV
    2015-01-31 18:05 - 2011-03-10 18:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-30 07:53 - 2009-07-13 21:08 - 00032622 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2015-01-27 15:29 - 2011-03-10 21:53 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-01-27 15:29 - 2011-03-10 21:53 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-27 08:47 - 2012-04-26 11:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-25 16:05 - 2015-01-03 23:10 - 00000000 ____D () C:\Users\Mike\Documents\Sides
    2015-01-14 23:36 - 2013-07-14 11:24 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-14 23:35 - 2011-03-16 07:31 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2011-03-16 16:03 - 2011-03-16 16:08 - 41742792 _____ (Adobe Systems, Inc                                          ) C:\Program Files\Adobe_Contribute_4_Win.exe
    2011-03-10 18:35 - 2008-01-28 23:27 - 0050688 _____ (Atribune.org) C:\Program Files\ATF_Cleaner.exe
    2011-03-10 22:18 - 2010-10-17 14:17 - 4290744 _____ (AVG Technologies) C:\Program Files\avg_free_stb_all_2011_1136_upgrade.exe
    2011-03-10 22:18 - 2010-11-09 09:17 - 4329496 _____ (AVG Technologies) C:\Program Files\avg_free_stb_all_2011_1153_upgrade.exe
    2011-03-10 22:18 - 2009-11-18 14:25 - 0891248 _____ (AVG Technologies) C:\Program Files\avg_free_stb_all_9_40_cnet.exe
    2011-03-10 18:35 - 2011-02-24 20:33 - 3033192 _____ (Piriform Ltd) C:\Program Files\ccsetup304.exe
    2011-03-10 21:45 - 2006-08-20 15:59 - 0339257 _____ () C:\Program Files\CleanUp452.exe
    2011-03-15 18:33 - 2011-02-18 08:52 - 3357488 _____ (Philipp Winterberg) C:\Program Files\InstallFreeRARExtractFrog.exe
    2011-03-10 22:18 - 2008-09-10 13:49 - 2182784 _____ (Malwarebytes Corporation                                    ) C:\Program Files\mbam-setup.exe
    2012-06-17 11:13 - 2012-06-17 11:13 - 3993600 _____ () C:\Program Files (x86)\GUT9399.tmp
    2011-09-06 14:34 - 2011-09-06 14:34 - 0004096 ____H () C:\Users\Mike\AppData\Local\keyfile3.drm
    2011-03-12 11:37 - 2011-03-12 11:45 - 0000026 ____H () C:\ProgramData\.119889580931711767808769176
    2012-01-16 14:27 - 2012-01-16 14:27 - 0000057 _____ () C:\ProgramData\Ament.ini
    2011-04-13 10:36 - 2011-04-13 10:36 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2011-03-12 11:21 - 2011-12-06 14:27 - 0001518 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-04 10:50

    ==================== End Of Log ============================

     

     

    Addition

     

    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2015-02-05 14:48 - 2015-02-05 14:48 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2010-12-28 18:12 - 2009-07-16 09:20 - 00032768 _____ () C:\Program Files (x86)\jmesoft\Keyhook.dll
    2010-12-28 18:12 - 2007-12-31 10:27 - 00007168 _____ () C:\Program Files (x86)\jmesoft\VistaVolume.dll
    2014-11-16 14:06 - 2014-11-16 14:06 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-01-26 11:31 - 2015-01-26 11:31 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2015-02-04 15:52 - 2015-02-04 15:52 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3758289344-697551801-2976451627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3758289344-697551801-2976451627-500 - Administrator - Disabled)
    Guest (S-1-5-21-3758289344-697551801-2976451627-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3758289344-697551801-2976451627-1005 - Limited - Enabled)
    Mike (S-1-5-21-3758289344-697551801-2976451627-1001 - Administrator - Enabled) => C:\Users\Mike

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/05/2015 10:49:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: msnmsgr.exe, version: 14.0.8089.726, time stamp: 0x4a6ce533
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0xc28
    Faulting application start time: 0xmsnmsgr.exe0
    Faulting application path: msnmsgr.exe1
    Faulting module path: msnmsgr.exe2
    Report Id: msnmsgr.exe3


    System errors:
    =============
    Error: (02/06/2015 01:13:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error: (02/06/2015 01:18:39 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error: (02/05/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Type with the following error:
    %%5


    Microsoft Office Sessions:
    =========================
    Error: (02/05/2015 10:49:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: msnmsgr.exe14.0.8089.7264a6ce533unknown0.0.0.000000000c000000500000000c2801d041746eaaf459C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeunknownb8f64eba-ad67-11e4-a726-4437e61eb9ad


    CodeIntegrity Errors:
    ===================================
      Date: 2014-09-13 12:13:26.200
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:13:25.672
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:13:10.334
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:13:09.801
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:12:00.330
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-09-13 12:11:59.806
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:34.506
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:34.210
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:33.929
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2013-08-10 11:05:33.648
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
    Percentage of memory in use: 48%
    Total physical RAM: 4061.18 MB
    Available physical RAM: 2110.32 MB
    Total Pagefile: 8120.54 MB
    Available Pagefile: 6072.55 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:906.34 GB) (Free:399.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5E0DFF55)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

    ==================== End Of Log ============================


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    Any better?


    • 0

    #11
    BuddyMG

    BuddyMG

      Member

    • Topic Starter
    • Member
    • PipPip
    • 54 posts

    Yes, things are much better, thank you! Once in awhile webpages are still slow to load (a slow page right next to one that's loaded already) and my picture viewer is different (no idea why, it's just different now!) - otherwise, everything is great, thank you!


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP
    Go to http://www.speedtest.net/ and click on Begin Test
     
    When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v

    • 0

    #13
    BuddyMG

    BuddyMG

      Member

    • Topic Starter
    • Member
    • PipPip
    • 54 posts

    4125680156.png


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    Not exactly screaming fast.  Is that about what you are paying for?

     

    It looks like you use Firefox the most and that you have AdBlock Plus on it.  Go into Settings (3 horizontal lines icon in upper right), Add-ons, Extensions,  AdBlock Plus should have an Options button.  Click on it then on Filter Preferences.  Uncheck the Allow Some  Non-Intrusive Advertising.  Then Close.  While you are on the Extensions page, consider each extension.  Do you really need it?  If you are not sure you can Disable them then restart Firefox and see if you notice any lack.  The only one I use is AdBlock Plus but I don't play games.

     

    Download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow to boot (or after any change to extensions or version)
     
    What Photo Viewer do you use?  Fond of Picasa myself.  It's nice having everything organized.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP