Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slow


  • This topic is locked This topic is locked
31 replies to this topic

#1 fred4949

fred4949

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 21 January 2015 - 12:44 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Christine at 23:24:25 on 2015-01-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2988 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\system32\vssvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Google Update] "C:\Users\Christine\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HRBLOC~1.LNK - C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{08A9716F-5E17-416F-9DBD-D9FF1C68B796} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7C12747A-0CD7-4DCE-999C-73A0C3839E17} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CD0F237B-BB72-4E1F-9BE8-63966C16BCEA} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\s1bf40rm.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Users\Christine\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-19 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-19 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-3-19 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-3-19 436624]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-26 93400]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-19 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-3-19 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-22 50344]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-22 271752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-22 4012248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-26 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-26 969016]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-5 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-26 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-11 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-11 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-5 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-20 08:19:11 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C4993F1-FB84-4A2D-A9E0-0E43289A3476}\mpengine.dll
2015-01-14 07:14:12 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 07:14:11 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 07:14:10 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 07:14:10 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 07:14:10 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 07:13:49 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 07:13:19 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 07:13:19 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 07:13:18 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 07:13:18 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 07:13:18 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 07:13:17 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 07:13:17 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-12-29 05:23:45 -------- d-----w- C:\Users\Christine\AppData\Roaming\OpenOffice
2014-12-29 05:17:22 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2014-12-29 04:59:46 -------- d-----w- C:\Users\Christine\AppData\Local\StormFall
2014-12-29 04:58:57 -------- d-----w- C:\Users\Christine\AppData\Local\Sparta
.
==================== Find3M  ====================
.
2015-01-19 14:13:25 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-14 09:27:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 09:27:12 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-06 10:36:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 10:09:24 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-22 10:09:02 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-22 10:09:02 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-22 10:09:02 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-22 10:09:02 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-22 10:09:02 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-22 10:09:02 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-22 10:09:01 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 12:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 12:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 23:25:30.62 ===============
Attached File  attach.txt   6.48KB   1 downloads


BC AdBot (Login to Remove)

 


m

#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:02:00 AM

Posted 23 January 2015 - 03:35 PM

:welcome:

 

Let me more updated logs that will show more than DDS

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #3 fred4949

    fred4949
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:07:00 AM

    Posted 23 January 2015 - 09:18 PM

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-01-23 20:04:00
    -----------------------------
    20:04:00.724    OS Version: Windows x64 6.1.7601 Service Pack 1
    20:04:00.725    Number of processors: 2 586 0x170A
    20:04:00.725    ComputerName: CHRISTINE-PC  UserName: Christine
    20:04:03.259    Initialize success
    20:04:03.277    VM: initialized successfully
    20:04:03.278    VM: Intel CPU supported virtualized 
    20:04:11.711    VM: supported disk I/O ataport.SYS
    20:04:15.764    AVAST engine defs: 15012301
    20:04:26.829    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    20:04:26.831    Disk 0 Vendor: ST2000DM001-1CH164 CC24 Size: 1907729MB BusType: 3
    20:04:26.941    VM: Disk 0 MBR read successfully
    20:04:26.943    Disk 0 MBR scan
    20:04:26.945    Disk 0 Windows 7 default MBR code
    20:04:26.972    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    20:04:26.974    Disk 0 default boot code
    20:04:26.977    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1907627 MB offset 206848
    20:04:27.010    Disk 0 scanning C:\Windows\system32\drivers
    20:04:34.845    Service scanning
    20:04:50.790    Modules scanning
    20:04:50.795    Disk 0 trace - called modules:
    20:04:50.812    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
    20:04:50.816    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004624060]
    20:04:50.819    3 CLASSPNP.SYS[fffff880018b343f] -> nt!IofCallDriver -> [0xfffffa80041e6580]
    20:04:50.821    5 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80041e8060]
    20:04:51.955    AVAST engine scan C:\Windows
    20:04:54.774    AVAST engine scan C:\Windows\system32
    20:07:59.146    AVAST engine scan C:\Windows\system32\drivers
    20:08:11.265    AVAST engine scan C:\Users\Christine
    20:13:37.355    Disk 0 MBR has been saved successfully to "C:\Users\Christine\Desktop\MBR.dat"
    20:13:37.360    The log file has been saved successfully to "C:\Users\Christine\Desktop\aswMBR.txt"
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Christine (administrator) on CHRISTINE-PC on 23-01-2015 20:17:05
    Running from C:\Users\Christine\Downloads
    Loaded Profiles: Christine (Available profiles: Christine)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\Christine\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Users\Christine\Downloads\aswMBR.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Christine\Downloads\FRST64 (1).exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\...\Run: [Google Update] => C:\Users\Christine\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-27] (Google Inc.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-06] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
    ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block                            )
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\s1bf40rm.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Christine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @talk.google.com/O1DPlugin -> C:\Users\Christine\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Christine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Christine\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Image Zoom - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\s1bf40rm.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-26]
    FF Extension: NoScript - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\s1bf40rm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-26]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-19]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.foxnews.com/
    CHR Profile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Image Zoom) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmfgepgnaffojoiojoeadeofipcfndh [2014-12-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
    CHR Extension: (ImageZoomer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnaagndnllbblbgeimdkknegobbpohk [2014-12-04]
    CHR Extension: (AdBlock) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-04]
    CHR Extension: (Avast Online Security) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-03]
    CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
    R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2013-05-05] (C-Media Inc)
    S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software)
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    U3 aswMBR; \??\C:\Users\CHRIST~1\AppData\Local\Temp\aswMBR.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-23 20:15 - 2015-01-23 20:15 - 02126848 _____ (Farbar) C:\Users\Christine\Downloads\FRST64 (1).exe
    2015-01-23 20:13 - 2015-01-23 20:13 - 00002072 _____ () C:\Users\Christine\Desktop\aswMBR.txt
    2015-01-23 20:13 - 2015-01-23 20:13 - 00000512 _____ () C:\Users\Christine\Desktop\MBR.dat
    2015-01-23 20:03 - 2015-01-23 20:03 - 05198336 _____ (AVAST Software) C:\Users\Christine\Downloads\aswMBR.exe
    2015-01-22 01:21 - 2015-01-22 01:22 - 15788193 _____ () C:\Users\Christine\Downloads\mk8Prototype24rnds003in.3gp
    2015-01-21 16:48 - 2015-01-21 16:48 - 00009331 _____ () C:\Users\Christine\Downloads\thumbcacheviewer.zip
    2015-01-21 00:08 - 2015-01-21 00:08 - 00000197 _____ () C:\Windows\system32\2015-01-21-06-08-56.026-AvastVBoxSVC.exe-2368.log
    2015-01-21 00:06 - 2015-01-21 00:06 - 00000056 _____ () C:\Windows\setupact.log
    2015-01-21 00:06 - 2015-01-21 00:06 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-21 00:05 - 2015-01-21 00:05 - 00000338 _____ () C:\Windows\PFRO.log
    2015-01-20 23:25 - 2015-01-20 23:35 - 00014510 _____ () C:\Users\Christine\Desktop\dds.txt
    2015-01-20 23:25 - 2015-01-20 23:35 - 00006637 _____ () C:\Users\Christine\Desktop\attach.txt
    2015-01-20 23:20 - 2015-01-20 23:21 - 00688992 ____R (Swearware) C:\Users\Christine\Desktop\dds.com
    2015-01-19 08:15 - 2015-01-19 08:15 - 00000197 _____ () C:\Windows\system32\2015-01-19-14-15-23.030-AvastVBoxSVC.exe-3912.log
    2015-01-19 07:06 - 2015-01-19 07:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-19 04:13 - 2015-01-19 04:13 - 00000197 _____ () C:\Windows\system32\2015-01-19-10-13-57.058-AvastVBoxSVC.exe-3764.log
    2015-01-18 14:31 - 2015-01-18 14:31 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-31-28.082-AvastVBoxSVC.exe-3012.log
    2015-01-18 14:23 - 2015-01-18 14:23 - 00593754 _____ () C:\Users\Christine\Downloads\Sprint Cell Phones lg,note4, note3 compare.html
    2015-01-18 14:23 - 2015-01-18 14:23 - 00000000 ____D () C:\Users\Christine\Downloads\Sprint Cell Phones lg,note4, note3 compare_files
    2015-01-17 21:51 - 2015-01-17 21:51 - 00000197 _____ () C:\Windows\system32\2015-01-18-03-51-19.088-AvastVBoxSVC.exe-1064.log
    2015-01-17 21:44 - 2015-01-17 21:44 - 02186752 _____ () C:\Users\Christine\Downloads\adwcleaner_4.108.exe
    2015-01-14 01:47 - 2015-01-14 01:47 - 00000197 _____ () C:\Windows\system32\2015-01-14-07-47-03.066-AvastVBoxSVC.exe-3812.log
    2015-01-14 01:31 - 2015-01-14 01:31 - 00000197 _____ () C:\Windows\system32\2015-01-14-07-31-30.079-AvastVBoxSVC.exe-2768.log
    2015-01-14 01:14 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 01:14 - 2014-12-11 11:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 01:14 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 01:14 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 01:14 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-14 01:13 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 01:13 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 01:13 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 01:13 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 01:13 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 01:13 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 01:13 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 01:13 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-11 21:20 - 2015-01-11 22:17 - 00016223 _____ () C:\Users\Christine\Documents\biggest loser weekly stats.odt
    2015-01-11 21:15 - 2015-01-11 21:15 - 00016452 _____ () C:\Users\Christine\Documents\biggest loser pg 4 final stats.odt
    2015-01-11 21:11 - 2015-01-11 21:11 - 00015279 _____ () C:\Users\Christine\Documents\biggest loser pg 3.odt
    2015-01-11 20:15 - 2015-01-11 20:17 - 00013746 _____ () C:\Users\Christine\Documents\Dasi Biggest Loser page 2.odt
    2015-01-11 19:30 - 2015-01-11 19:53 - 00016483 _____ () C:\Users\Christine\Documents\Biggest loser page 1.odt
    2015-01-08 03:35 - 2015-01-08 03:35 - 00000197 _____ () C:\Windows\system32\2015-01-08-09-35-28.032-AvastVBoxSVC.exe-3152.log
    2015-01-08 03:27 - 2015-01-08 03:30 - 00000000 ____D () C:\Users\Christine\Downloads\New folder
    2015-01-08 03:23 - 2015-01-08 03:23 - 02124288 _____ (Farbar) C:\Users\Christine\Downloads\FRST64.exe
    2015-01-08 03:20 - 2015-01-08 03:21 - 00000197 _____ () C:\Windows\system32\2015-01-08-09-20-14.063-AvastVBoxSVC.exe-3432.log
    2015-01-06 02:50 - 2015-01-06 02:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-08-50-17.088-AvastVBoxSVC.exe-3152.log
    2015-01-06 02:41 - 2015-01-06 02:41 - 02173952 _____ () C:\Users\Christine\Downloads\adwcleaner_4.106 (2).exe
    2015-01-05 15:27 - 2015-01-05 15:28 - 00000197 _____ () C:\Windows\system32\2015-01-05-21-27-43.019-AvastVBoxSVC.exe-2412.log
    2015-01-04 19:50 - 2015-01-04 20:30 - 00016066 _____ () C:\Users\Christine\Documents\Dasi Biggest Loser.odt
    2014-12-31 05:13 - 2014-12-31 05:13 - 00000197 _____ () C:\Windows\system32\2014-12-31-11-13-10.067-AvastVBoxSVC.exe-3980.log
    2014-12-30 00:02 - 2014-12-30 00:02 - 00000197 _____ () C:\Windows\system32\2014-12-30-06-02-54.094-AvastVBoxSVC.exe-3932.log
    2014-12-29 21:30 - 2014-12-29 21:30 - 00000247 _____ () C:\Windows\system32\2014-12-30-03-30-25.049-aswFe.exe-4356.log
    2014-12-29 21:25 - 2014-12-29 21:25 - 00852504 _____ () C:\Users\Christine\Downloads\SecurityCheck (4).exe
    2014-12-29 21:24 - 2014-12-29 21:30 - 00000247 _____ () C:\Windows\system32\2014-12-30-03-24-45.065-aswFe.exe-364.log
    2014-12-29 21:24 - 2014-12-29 21:24 - 00019377 _____ () C:\Users\Christine\Downloads\Result.txt
    2014-12-29 21:24 - 2014-12-29 21:24 - 00000197 _____ () C:\Windows\system32\2014-12-30-03-24-43.017-AvastVBoxSVC.exe-2576.log
    2014-12-29 21:23 - 2014-12-29 21:23 - 00401920 _____ (Farbar) C:\Users\Christine\Downloads\MiniToolBox.exe
    2014-12-29 21:17 - 2014-12-29 21:17 - 00000247 _____ () C:\Windows\system32\2014-12-30-03-17-27.067-aswFe.exe-4272.log
    2014-12-29 21:17 - 2014-12-29 21:17 - 00000197 _____ () C:\Windows\system32\2014-12-30-03-17-20.040-AvastVBoxSVC.exe-3232.log
    2014-12-29 21:14 - 2015-01-17 21:50 - 00000000 ____D () C:\Users\Christine\Desktop\New folder
    2014-12-29 21:11 - 2014-12-29 21:11 - 00031319 _____ () C:\Users\Christine\Desktop\FRST.txt
    2014-12-29 21:00 - 2014-12-29 21:00 - 02173952 _____ () C:\Users\Christine\Downloads\adwcleaner_4.106 (1).exe
    2014-12-29 18:13 - 2014-12-29 18:13 - 00000197 _____ () C:\Windows\system32\2014-12-30-00-13-56.093-AvastVBoxSVC.exe-3184.log
    2014-12-28 23:23 - 2014-12-28 23:23 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\OpenOffice
    2014-12-28 23:18 - 2014-12-28 23:18 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2014-12-28 23:18 - 2014-12-28 23:18 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
    2014-12-28 23:17 - 2014-12-28 23:17 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
    2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Users\Christine\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
    2014-12-28 23:11 - 2014-12-28 23:12 - 140852175 _____ () C:\Users\Christine\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    2014-12-28 22:59 - 2014-12-28 22:59 - 00000000 ____D () C:\Users\Christine\AppData\Local\StormFall
    2014-12-28 22:58 - 2014-12-28 22:58 - 00000000 ____D () C:\Users\Christine\AppData\Local\Sparta
    2014-12-28 03:07 - 2014-12-28 03:07 - 00000197 _____ () C:\Windows\system32\2014-12-28-09-07-11.069-AvastVBoxSVC.exe-2796.log
    2014-12-28 03:05 - 2014-12-28 03:05 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-23 20:17 - 2014-11-20 15:35 - 00013202 _____ () C:\Users\Christine\Downloads\FRST.txt
    2015-01-23 20:17 - 2014-11-20 15:35 - 00000000 ____D () C:\FRST
    2015-01-23 20:11 - 2014-06-26 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-23 20:06 - 2009-07-13 22:45 - 00015504 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-23 20:06 - 2009-07-13 22:45 - 00015504 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-23 19:58 - 2013-05-06 05:01 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-01-23 19:53 - 2014-04-05 18:59 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000UA.job
    2015-01-23 19:50 - 2013-05-12 19:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-23 19:49 - 2014-05-23 05:08 - 01909847 _____ () C:\Windows\WindowsUpdate.log
    2015-01-23 19:49 - 2013-05-05 13:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-23 00:53 - 2014-04-05 18:59 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000Core.job
    2015-01-23 00:42 - 2013-05-12 19:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-22 21:27 - 2013-05-05 13:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-22 21:27 - 2013-05-05 13:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-22 21:27 - 2013-05-05 13:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-22 08:28 - 2014-02-23 17:23 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\HpUpdate
    2015-01-21 03:03 - 2014-11-26 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-21 00:10 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-21 00:06 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-21 00:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\security
    2015-01-19 10:02 - 2013-08-27 22:42 - 00000000 ___RD () C:\Users\Christine\Dropbox
    2015-01-19 10:01 - 2014-01-07 06:00 - 00000000 ____D () C:\Users\Christine\Downloads\l4dmaps
    2015-01-19 09:47 - 2013-08-27 22:37 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Dropbox
    2015-01-17 21:46 - 2014-04-07 20:14 - 00000000 ____D () C:\AdwCleaner
    2015-01-14 01:37 - 2013-05-06 04:54 - 00758700 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-14 01:23 - 2013-07-11 18:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 01:15 - 2013-05-05 22:32 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-07 20:47 - 2013-05-06 02:07 - 00030628 _____ () C:\Users\Christine\Desktop\PIP4.txt
    2015-01-06 04:36 - 2013-05-05 21:51 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-01-05 15:27 - 2014-03-19 01:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-01-04 15:39 - 2013-05-06 23:59 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\TS3Client
    2015-01-01 15:21 - 2014-11-02 16:05 - 00000000 ____D () C:\Users\Christine\Desktop\Screenshots 2
    2014-12-30 13:59 - 2014-07-01 19:22 - 00000000 ____D () C:\Users\Christine\AppData\Local\CrashDumps
    2014-12-30 03:12 - 2013-05-05 13:01 - 00064416 _____ () C:\Users\Christine\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-29 18:11 - 2009-07-13 22:45 - 00295224 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-25 18:51 - 2013-08-27 22:38 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
     
    ==================== Files in the root of some directories =======
    2013-05-06 06:05 - 2014-09-21 03:32 - 0007604 _____ () C:\Users\Christine\AppData\Local\Resmon.ResmonCfg
    2014-02-23 17:21 - 2014-02-23 17:21 - 0000057 _____ () C:\ProgramData\Ament.ini
     
    Some content of TEMP:
    ====================
    C:\Users\Christine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3pmeqz.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-20 00:01
     
    ==================== End Of Log ============================


    #4 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:00 AM

    Posted 24 January 2015 - 06:47 AM

    Morning,

     

    Running from C:\Users\Christine\Downloads <-- Your running FRST from your downloads folder, most of our tools run better from the desktop s per instructions so go to your download folder and right click FRST64 and select CUT, come back to your desktop , right click on an open space and select PASTE.  You did not post the Additions log so run FRST64 again, checkmark Additions and post both logs please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 fred4949

    fred4949
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:07:00 AM

    Posted 24 January 2015 - 08:01 AM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by Christine (administrator) on PC on 24-01-2015 06:58:31
    Running from C:\Users\Christine\Desktop
    Loaded Profiles: Christine (Available profiles: Christine)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Google) C:\Users\Christine\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\...\Run: [Google Update] => C:\Users\Christine\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-27] (Google Inc.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-06] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
    ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block                            )
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1725108987-1616313865-456290591-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\s1bf40rm.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Christine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @talk.google.com/O1DPlugin -> C:\Users\Christine\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1725108987-1616313865-456290591-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Christine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Christine\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Image Zoom - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\s1bf40rm.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-11-26]
    FF Extension: NoScript - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\s1bf40rm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-26]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-19]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.foxnews.com/
    CHR Profile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Image Zoom) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmfgepgnaffojoiojoeadeofipcfndh [2014-12-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
    CHR Extension: (ImageZoomer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnaagndnllbblbgeimdkknegobbpohk [2014-12-04]
    CHR Extension: (AdBlock) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-04]
    CHR Extension: (Avast Online Security) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-03]
    CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
    R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2013-05-05] (C-Media Inc)
    S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software)
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-24 06:57 - 2015-01-24 06:57 - 02129920 _____ (Farbar) C:\Users\Christine\Desktop\FRST64.exe
    2015-01-24 06:57 - 2015-01-24 06:57 - 00000000 ____D () C:\Users\Christine\Desktop\FRST-OlderVersion
    2015-01-24 00:11 - 2015-01-24 00:11 - 00000197 _____ () C:\Windows\system32\2015-01-24-06-11-37.040-AvastVBoxSVC.exe-3196.log
    2015-01-23 20:13 - 2015-01-23 20:13 - 00002072 _____ () C:\Users\Christine\Desktop\aswMBR.txt
    2015-01-23 20:13 - 2015-01-23 20:13 - 00000512 _____ () C:\Users\Christine\Desktop\MBR.dat
    2015-01-23 20:03 - 2015-01-23 20:03 - 05198336 _____ (AVAST Software) C:\Users\Christine\Downloads\aswMBR.exe
    2015-01-22 01:21 - 2015-01-22 01:22 - 15788193 _____ () C:\Users\Christine\Downloads\mk8Prototype24rnds003in.3gp
    2015-01-21 16:48 - 2015-01-21 16:48 - 00009331 _____ () C:\Users\Christine\Downloads\thumbcacheviewer.zip
    2015-01-21 00:08 - 2015-01-21 00:08 - 00000197 _____ () C:\Windows\system32\2015-01-21-06-08-56.026-AvastVBoxSVC.exe-2368.log
    2015-01-21 00:06 - 2015-01-24 00:08 - 00000112 _____ () C:\Windows\setupact.log
    2015-01-21 00:06 - 2015-01-21 00:06 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-21 00:05 - 2015-01-24 00:08 - 00000684 _____ () C:\Windows\PFRO.log
    2015-01-20 23:25 - 2015-01-20 23:35 - 00014510 _____ () C:\Users\Christine\Desktop\dds.txt
    2015-01-20 23:25 - 2015-01-20 23:35 - 00006637 _____ () C:\Users\Christine\Desktop\attach.txt
    2015-01-20 23:20 - 2015-01-20 23:21 - 00688992 ____R (Swearware) C:\Users\Christine\Desktop\dds.com
    2015-01-19 08:15 - 2015-01-19 08:15 - 00000197 _____ () C:\Windows\system32\2015-01-19-14-15-23.030-AvastVBoxSVC.exe-3912.log
    2015-01-19 07:06 - 2015-01-19 07:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-19 04:13 - 2015-01-19 04:13 - 00000197 _____ () C:\Windows\system32\2015-01-19-10-13-57.058-AvastVBoxSVC.exe-3764.log
    2015-01-18 14:31 - 2015-01-18 14:31 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-31-28.082-AvastVBoxSVC.exe-3012.log
    2015-01-18 14:23 - 2015-01-18 14:23 - 00593754 _____ () C:\Users\Christine\Downloads\Sprint Cell Phones lg,note4, note3 compare.html
    2015-01-18 14:23 - 2015-01-18 14:23 - 00000000 ____D () C:\Users\Christine\Downloads\Sprint Cell Phones lg,note4, note3 compare_files
    2015-01-17 21:51 - 2015-01-17 21:51 - 00000197 _____ () C:\Windows\system32\2015-01-18-03-51-19.088-AvastVBoxSVC.exe-1064.log
    2015-01-17 21:44 - 2015-01-17 21:44 - 02186752 _____ () C:\Users\Christine\Downloads\adwcleaner_4.108.exe
    2015-01-14 01:47 - 2015-01-14 01:47 - 00000197 _____ () C:\Windows\system32\2015-01-14-07-47-03.066-AvastVBoxSVC.exe-3812.log
    2015-01-14 01:31 - 2015-01-14 01:31 - 00000197 _____ () C:\Windows\system32\2015-01-14-07-31-30.079-AvastVBoxSVC.exe-2768.log
    2015-01-14 01:14 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 01:14 - 2014-12-11 11:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 01:14 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 01:14 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 01:14 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-14 01:13 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 01:13 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 01:13 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 01:13 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 01:13 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 01:13 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 01:13 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 01:13 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-11 21:20 - 2015-01-11 22:17 - 00016223 _____ () C:\Users\Christine\Documents\biggest loser weekly stats.odt
    2015-01-11 21:15 - 2015-01-11 21:15 - 00016452 _____ () C:\Users\Christine\Documents\biggest loser pg 4 final stats.odt
    2015-01-11 21:11 - 2015-01-11 21:11 - 00015279 _____ () C:\Users\Christine\Documents\biggest loser pg 3.odt
    2015-01-11 20:15 - 2015-01-11 20:17 - 00013746 _____ () C:\Users\Christine\Documents\Dasi Biggest Loser page 2.odt
    2015-01-11 19:30 - 2015-01-11 19:53 - 00016483 _____ () C:\Users\Christine\Documents\Biggest loser page 1.odt
    2015-01-08 03:35 - 2015-01-08 03:35 - 00000197 _____ () C:\Windows\system32\2015-01-08-09-35-28.032-AvastVBoxSVC.exe-3152.log
    2015-01-08 03:27 - 2015-01-08 03:30 - 00000000 ____D () C:\Users\Christine\Downloads\New folder
    2015-01-08 03:23 - 2015-01-08 03:23 - 02124288 _____ (Farbar) C:\Users\Christine\Downloads\FRST64.exe
    2015-01-08 03:20 - 2015-01-08 03:21 - 00000197 _____ () C:\Windows\system32\2015-01-08-09-20-14.063-AvastVBoxSVC.exe-3432.log
    2015-01-06 02:50 - 2015-01-06 02:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-08-50-17.088-AvastVBoxSVC.exe-3152.log
    2015-01-06 02:41 - 2015-01-06 02:41 - 02173952 _____ () C:\Users\Christine\Downloads\adwcleaner_4.106 (2).exe
    2015-01-05 15:27 - 2015-01-05 15:28 - 00000197 _____ () C:\Windows\system32\2015-01-05-21-27-43.019-AvastVBoxSVC.exe-2412.log
    2015-01-04 19:50 - 2015-01-04 20:30 - 00016066 _____ () C:\Users\Christine\Documents\Dasi Biggest Loser.odt
    2014-12-31 05:13 - 2014-12-31 05:13 - 00000197 _____ () C:\Windows\system32\2014-12-31-11-13-10.067-AvastVBoxSVC.exe-3980.log
    2014-12-30 00:02 - 2014-12-30 00:02 - 00000197 _____ () C:\Windows\system32\2014-12-30-06-02-54.094-AvastVBoxSVC.exe-3932.log
    2014-12-29 21:30 - 2014-12-29 21:30 - 00000247 _____ () C:\Windows\system32\2014-12-30-03-30-25.049-aswFe.exe-4356.log
    2014-12-29 21:25 - 2014-12-29 21:25 - 00852504 _____ () C:\Users\Christine\Downloads\SecurityCheck (4).exe
    2014-12-29 21:24 - 2014-12-29 21:30 - 00000247 _____ () C:\Windows\system32\2014-12-30-03-24-45.065-aswFe.exe-364.log
    2014-12-29 21:24 - 2014-12-29 21:24 - 00019377 _____ () C:\Users\Christine\Downloads\Result.txt
    2014-12-29 21:24 - 2014-12-29 21:24 - 00000197 _____ () C:\Windows\system32\2014-12-30-03-24-43.017-AvastVBoxSVC.exe-2576.log
    2014-12-29 21:23 - 2014-12-29 21:23 - 00401920 _____ (Farbar) C:\Users\Christine\Downloads\MiniToolBox.exe
    2014-12-29 21:17 - 2014-12-29 21:17 - 00000247 _____ () C:\Windows\system32\2014-12-30-03-17-27.067-aswFe.exe-4272.log
    2014-12-29 21:17 - 2014-12-29 21:17 - 00000197 _____ () C:\Windows\system32\2014-12-30-03-17-20.040-AvastVBoxSVC.exe-3232.log
    2014-12-29 21:14 - 2015-01-17 21:50 - 00000000 ____D () C:\Users\Christine\Desktop\New folder
    2014-12-29 21:00 - 2014-12-29 21:00 - 02173952 _____ () C:\Users\Christine\Downloads\adwcleaner_4.106 (1).exe
    2014-12-29 18:13 - 2014-12-29 18:13 - 00000197 _____ () C:\Windows\system32\2014-12-30-00-13-56.093-AvastVBoxSVC.exe-3184.log
    2014-12-28 23:23 - 2014-12-28 23:23 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\OpenOffice
    2014-12-28 23:18 - 2014-12-28 23:18 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2014-12-28 23:18 - 2014-12-28 23:18 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
    2014-12-28 23:17 - 2014-12-28 23:17 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
    2014-12-28 23:15 - 2014-12-28 23:15 - 00000000 ____D () C:\Users\Christine\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
    2014-12-28 23:11 - 2014-12-28 23:12 - 140852175 _____ () C:\Users\Christine\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    2014-12-28 22:59 - 2014-12-28 22:59 - 00000000 ____D () C:\Users\Christine\AppData\Local\StormFall
    2014-12-28 22:58 - 2014-12-28 22:58 - 00000000 ____D () C:\Users\Christine\AppData\Local\Sparta
    2014-12-28 03:07 - 2014-12-28 03:07 - 00000197 _____ () C:\Windows\system32\2014-12-28-09-07-11.069-AvastVBoxSVC.exe-2796.log
    2014-12-28 03:05 - 2014-12-28 03:05 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-24 06:58 - 2014-11-20 15:35 - 00013011 _____ () C:\Users\Christine\Desktop\FRST.txt
    2015-01-24 06:58 - 2014-11-20 15:35 - 00000000 ____D () C:\FRST
    2015-01-24 06:55 - 2014-05-23 05:08 - 01931402 _____ () C:\Windows\WindowsUpdate.log
    2015-01-24 06:53 - 2014-04-05 18:59 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000UA.job
    2015-01-24 06:42 - 2013-05-12 19:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-24 06:27 - 2013-05-05 13:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-24 06:20 - 2014-06-26 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-24 05:58 - 2013-05-06 05:01 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-01-24 01:20 - 2014-04-05 18:59 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000Core.job
    2015-01-24 01:20 - 2013-05-12 19:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-24 00:14 - 2009-07-13 22:45 - 00015504 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-24 00:14 - 2009-07-13 22:45 - 00015504 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-24 00:13 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-24 00:09 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-24 00:08 - 2014-11-26 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-22 21:27 - 2013-05-05 13:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-22 21:27 - 2013-05-05 13:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-22 21:27 - 2013-05-05 13:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-22 08:28 - 2014-02-23 17:23 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\HpUpdate
    2015-01-21 00:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\security
    2015-01-19 10:02 - 2013-08-27 22:42 - 00000000 ___RD () C:\Users\Christine\Dropbox
    2015-01-19 10:01 - 2014-01-07 06:00 - 00000000 ____D () C:\Users\Christine\Downloads\l4dmaps
    2015-01-19 09:47 - 2013-08-27 22:37 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Dropbox
    2015-01-17 21:46 - 2014-04-07 20:14 - 00000000 ____D () C:\AdwCleaner
    2015-01-14 01:37 - 2013-05-06 04:54 - 00758700 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-14 01:23 - 2013-07-11 18:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 01:15 - 2013-05-05 22:32 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-07 20:47 - 2013-05-06 02:07 - 00030628 _____ () C:\Users\Christine\Desktop\PIP4.txt
    2015-01-06 04:36 - 2013-05-05 21:51 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-01-05 15:27 - 2014-03-19 01:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-01-04 15:39 - 2013-05-06 23:59 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\TS3Client
    2015-01-01 15:21 - 2014-11-02 16:05 - 00000000 ____D () C:\Users\Christine\Desktop\Screenshots 2
    2014-12-30 13:59 - 2014-07-01 19:22 - 00000000 ____D () C:\Users\Christine\AppData\Local\CrashDumps
    2014-12-30 03:12 - 2013-05-05 13:01 - 00064416 _____ () C:\Users\Christine\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-29 18:11 - 2009-07-13 22:45 - 00295224 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-25 18:51 - 2013-08-27 22:38 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
     
    ==================== Files in the root of some directories =======
     
    2013-05-06 06:05 - 2014-09-21 03:32 - 0007604 _____ () C:\Users\Christine\AppData\Local\Resmon.ResmonCfg
    2014-02-23 17:21 - 2014-02-23 17:21 - 0000057 _____ () C:\ProgramData\Ament.ini
     
    Some content of TEMP:
    ====================
    C:\Users\Christine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3pmeqz.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-24 00:38
     
    ==================== End Of Log ============================
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by Christine at 2015-01-24 06:59:07
    Running from C:\Users\Christine\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Amnesia: The Dark Descent Demo  (HKLM-x32\...\Steam App 57310) (Version:  - Frictional Games)
    Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Batman: Arkham City Demo (HKLM-x32\...\Steam App 200240) (Version:  - Rocksteady Studios)
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
    Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
    Dropbox (HKU\S-1-5-21-1725108987-1616313865-456290591-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
    Free Resume Builder version 1.0 (HKLM-x32\...\{94EC5C8C-6159-427D-9D1C-EF48B267ACF1}_is1) (Version: 1.0 - www.builldmyresumefree.com)
    Gas Guzzlers Extreme Demo (HKLM-x32\...\Steam App 265100) (Version:  - )
    GetFLV 9.5.8.2 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.7601 - HRB Technology, LLC.)
    H&R Block Minnesota 2013 (HKLM-x32\...\{E48C9382-EDCD-45A7-A177-B55DCE785390}) (Version: 1.13.5301 - HRB Technology, LLC.)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
    Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
    Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
    Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
    Rayman Legends Demo (HKLM-x32\...\Steam App 243340) (Version:  - )
    Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
    Saints Row IV Inauguration Station (HKLM-x32\...\Steam App 242590) (Version:  - )
    Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version:  - Croteam)
    ShootMania Storm Demo (HKLM-x32\...\Steam App 233050) (Version:  - Nadeo)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
    Unreal Tournament 2004 (HKLM-x32\...\{394DC0BC-5476-4260-B52C-BDE1BDEFA958}) (Version: 1.00.0000 - Epic Games)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Christine\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1725108987-1616313865-456290591-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
     
    ==================== Restore Points  =========================
     
    07-11-2014 16:20:04 Windows Update
    11-11-2014 01:44:17 Windows Update
    12-11-2014 04:01:58 Windows Update
    15-11-2014 06:17:31 Windows Update
    19-11-2014 05:20:55 Windows Update
    21-11-2014 04:45:15 avast! antivirus system restore point
    21-11-2014 05:02:05 Windows Update
    22-11-2014 04:06:51 avast! antivirus system restore point
    23-11-2014 03:14:40 Windows Backup
    23-11-2014 03:15:45 Windows Backup
    25-11-2014 19:36:48 Windows Backup
    26-11-2014 01:38:57 Windows Update
    30-11-2014 09:39:00 Windows Update
    05-12-2014 07:02:42 Windows Update
    09-12-2014 02:18:59 Windows Update
    10-12-2014 09:00:39 Windows Update
    12-12-2014 01:22:58 Windows Update
    14-12-2014 13:33:33 Windows Update
    17-12-2014 18:59:25 Windows Update
    25-12-2014 19:00:09 Windows Backup
    26-12-2014 01:05:19 Windows Update
    28-12-2014 23:16:38 Installed OpenOffice 4.1.1
    30-12-2014 00:59:52 Windows Update
    02-01-2015 13:07:43 Windows Update
    08-01-2015 01:16:23 Windows Update
    14-01-2015 01:14:28 Windows Update
    14-01-2015 01:33:37 Windows Update
    20-01-2015 02:18:49 Windows Update
    24-01-2015 05:57:37 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 20:34 - 2014-11-26 08:32 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {158EF682-3171-44AA-B970-00A646A9E4F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000Core => C:\Users\Christine\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
    Task: {4D1E186A-619E-49C9-87F9-FB2CC45E6AFE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000UA => C:\Users\Christine\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
    Task: {613AB606-38A8-4EB8-9390-0B33070A5CFE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
    Task: {A461C837-672E-407C-AA6D-887326A52055} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {A68F1FE4-9F58-4E68-8DEA-B9D8CF11825C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
    Task: {A698C292-0FCA-4A28-94CD-52FEE67B53D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {B88FD37C-F0D5-4C86-8566-AB1B33797D4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
    Task: {BB6B5E06-17BA-4492-BDE9-3F136B64007F} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {D5647BD7-0CB3-40AB-90FD-7084B26B99B0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
    Task: {E7D7C86A-61A9-4C1E-B1C2-C92FA65B87CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000Core.job => C:\Users\Christine\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725108987-1616313865-456290591-1000UA.job => C:\Users\Christine\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-11-22 04:08 - 2014-11-22 04:08 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-22 04:08 - 2014-11-22 04:08 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2015-01-23 19:49 - 2015-01-23 19:49 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012301\algo.dll
    2014-11-22 04:08 - 2014-11-22 04:08 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2015-01-24 04:10 - 2015-01-24 04:10 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012400\algo.dll
    2014-11-22 04:08 - 2014-11-22 04:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-28 18:25 - 2014-12-01 15:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-28 18:25 - 2014-12-01 15:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-28 18:25 - 2014-12-01 15:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-28 18:25 - 2014-12-01 15:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2013-03-25 13:23 - 2014-11-11 12:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-01-20 00:15 - 2014-12-01 18:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-01-20 00:15 - 2014-12-01 18:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-01-20 00:15 - 2014-12-01 18:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2014-05-23 04:58 - 2015-01-23 16:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-28 18:25 - 2014-12-01 15:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2013-04-19 12:10 - 2015-01-23 16:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2013-03-26 15:16 - 2015-01-15 17:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2014-08-14 12:49 - 2015-01-15 17:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^Users^Christine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1725108987-1616313865-456290591-500 - Administrator - Disabled)
    Christine (S-1-5-21-1725108987-1616313865-456290591-1000 - Administrator - Enabled) => C:\Users\Christine
    Guest (S-1-5-21-1725108987-1616313865-456290591-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.
     
    Context: Windows Application
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.
     
    Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
     
    Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.
     
    Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: The Windows Search Service cannot load the property store information.
     
    Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
    Description: The Windows Search Service cannot open the Jet property store.
     
     
    Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
     
    Error: (01/21/2015 00:06:47 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: Windows (2804) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0005A.log.
     
     
    System errors:
    =============
    Error: (01/24/2015 01:20:40 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
     
    Error: (01/24/2015 01:20:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
     
    Error: (01/24/2015 00:01:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
     
    Error: (01/23/2015 07:58:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error: 
    %%1053
     
    Error: (01/23/2015 07:58:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
     
    Error: (01/23/2015 07:49:32 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
     
    Error: (01/23/2015 09:15:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
     
    Error: (01/23/2015 00:05:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
     
    Error: (01/23/2015 00:05:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
     
    Error: (01/22/2015 07:03:23 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: 
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: Context: Windows Application
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
    Error: (01/21/2015 00:06:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
    Search.TripoliIndexer
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
    Search.JetPropStore
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: Context: Windows Application, SystemIndex Catalog
     
     
    Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: 
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
    The catalog is corrupt
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: 
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
    4700
     
    Error: (01/21/2015 00:06:47 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
    Description: 
    Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
     
    Error: (01/21/2015 00:06:47 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: Windows2804Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0005A.log-1811
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
    Percentage of memory in use: 36%
    Total physical RAM: 4094.3 MB
    Available physical RAM: 2616.08 MB
    Total Pagefile: 8186.79 MB
    Available Pagefile: 6293.88 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:1862.92 GB) (Free:1458.1 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 503D5B5B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #6 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:00 AM

    Posted 24 January 2015 - 09:37 AM

    Hi,

     

    Nothing earthshatterng malware related , just a few things to point out

     

    It looks like at one time you had AVG installed and these appear to be leftovers, see if you can uninstall them via Programs and Features in the Control Panel

     

    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
     
     
     
    You also have CCleaner installed, while its a valid and legit program its also running in the background using up system resources, you can still keep this program but you can disable it and just use it when you feel the need. I want to give you a heads up on the registry side of this program, remove the wrong entries and it can do some damage to your system so running it to clean up temp files and such is fine
     
    You can disable CCleaner from running in the background by reading these instructions
     
     
    I am attaching a Fixlist file, download it to your desktop where you have FRST64, then open FRST64 and click on FIX, after it reboots your system you will have a FIXLOG on your desktop, post it please
     
    Do you know if you have the lastest version of Malwarebytes installed and is it the free or payed version ??
    Either way open it, check for updates and run the Threat scan and post the log

    Attached Files


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #7 fred4949

    fred4949
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:07:00 AM

    Posted 24 January 2015 - 08:59 PM

    Ok done. Thank you. 

     

    I'd post my Malwarebytes log, but the log opens in IE...do you want me to copy and paste the contents anyway?

     

    BTW, it's "Malwarebyes Premium". I never paid for it. I wonder what "premium" means.


    Edited by fred4949, 24 January 2015 - 09:01 PM.


    #8 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:00 AM

    Posted 25 January 2015 - 03:47 AM

    Morning,

     

    See if you can find the report like this

     

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread
     
     
    "The retail product named Malwarebytes Anti-Malware Premium is a unique, hybrid product that provides malware protection TODAY and a very valuable upgrade option in the near future. When the Premium box product is installed, it checks to see if the new V2.0 is available. When it is, Premium will automatically download and install it along with the normal, renewable subscription license that comes with V2.0 and has been described in other forum posts.

    I think this means that you did not download Malwarebytes directly from Malwarebytes but from a 3rd party

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #9 fred4949

    fred4949
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:07:00 AM

    Posted 25 January 2015 - 05:05 AM

    Thanks!
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
     
    Update, 1/25/2015 12:18:11 AM, SYSTEM, PC, Scheduler, Failed, Unable to access update server, 
    Update, 1/25/2015 2:08:24 AM, SYSTEM, PC, Scheduler, Failed, Unable to access update server, 
    Update, 1/25/2015 2:17:26 AM, SYSTEM, PC, Scheduler, Malware Database, 2015.1.25.1, 2015.1.25.6, 
    Protection, 1/25/2015 2:17:26 AM, SYSTEM, PC, Protection, Refresh, Starting, 
    Protection, 1/25/2015 2:17:26 AM, SYSTEM, PC, Protection, Malicious Website Protection, Stopping, 
    Protection, 1/25/2015 2:17:26 AM, SYSTEM, PC, Protection, Malicious Website Protection, Stopped, 
    Protection, 1/25/2015 2:17:32 AM, SYSTEM, PC, Protection, Refresh, Success, 
    Protection, 1/25/2015 2:17:32 AM, SYSTEM, PC, Protection, Malicious Website Protection, Starting, 
    Protection, 1/25/2015 2:17:32 AM, SYSTEM, PC, Protection, Malicious Website Protection, Started, 
    Scan, 1/25/2015 3:10:06 AM, SYSTEM, PC, Manual, Start:1/25/2015 3:00:24 AM, Duration:9 min 35 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
    Detection, 1/25/2015 3:38:12 AM, SYSTEM, PC, Protection, Malicious Website Protection, IP, 108.60.65.6, 58293, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
    Detection, 1/25/2015 3:38:13 AM, SYSTEM, PC, Protection, Malicious Website Protection, IP, 108.60.65.6, 58293, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
    Detection, 1/25/2015 3:38:13 AM, SYSTEM, PC, Protection, Malicious Website Protection, IP, 108.60.65.6, 58294, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
    Detection, 1/25/2015 3:38:15 AM, SYSTEM, PC, Protection, Malicious Website Protection, IP, 108.60.65.6, 58295, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
     
    (end)


    #10 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:00 AM

    Posted 25 January 2015 - 05:18 AM

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #11 fred4949

    fred4949
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:07:00 AM

    Posted 25 January 2015 - 08:01 AM

    See my previous post.



    #12 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:00 AM

    Posted 25 January 2015 - 08:54 AM

    Fred, your posting the wrong log, your posting the Protection log , In need to see the Scan log, take another look at my post


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #13 fred4949

    fred4949
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:07:00 AM

    Posted 25 January 2015 - 09:28 PM

    The scan log isn't listed.

     

    I'm doing a custom scan. Entire hdd. I'll see if it saves that log.

     

    EDIT-- I ran the scan. When I looked for the log, Malwarebytes froze and I had to restart the computer. Again, the scan log isn't listed.

     

    The last log that Malwarebytes saved was from 2 weeks ago. Strange since I've run threat scans several times since then. 


    Edited by fred4949, 25 January 2015 - 11:53 PM.


    #14 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:02:00 AM

    Posted 26 January 2015 - 06:37 AM

    The last time you ran the threat scan did it find anything, look in your quarantine folder the sameway you looked for the scan log, can you post whats in quarantine , the reason I am asking if it found nothing during the scans than thats fine and I dont need to see the log but if it did remove bad entries I would like to know what they where , they may be a clue to look deeper


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #15 fred4949

    fred4949
    • Topic Starter

    • Members
    • 26 posts
    • OFFLINE
    •  
    • Local time:07:00 AM

    Posted 26 January 2015 - 08:05 AM

    It didn't find anything. 






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users