Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow, freezing computer


  • This topic is locked This topic is locked
46 replies to this topic

#1 Anron311

Anron311

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 19 March 2015 - 01:02 PM

Hello, I'm having some serious issues on my computer. Everything I attempt to open takes much longer than it should, and the computer is freezing anywhere from 2 seconds to 2 minutes where I can' do anything until it unlocks itself. I'm at a loss for what is causing the problem as my anti virus scans are turning up nothing. Thank you ahead of time for your help!



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 22 March 2015 - 06:49 PM

Greetings Anron311 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Anron311

Anron311
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 22 March 2015 - 07:47 PM

Hello Gary, my name is Steve and I want to thank you for taking time to help me with my issue.

 

Here are the logs you requested, I attempted to attach the zipped file but the website is telling me it's too large.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Lauren (administrator) on LAUREN-PC on 22-03-2015 19:31:10
Running from C:\Users\Lauren\Desktop
Loaded Profiles: Lauren (Available profiles: Lauren & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(ASUS) C:\Windows\AsScrPro.exe
(Curse) C:\Users\Lauren\AppData\Local\Apps\2.0\HTVER4JD.23E\24K6PNG9.B8E\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\Lauren\AppData\Local\Google\Update\Install\{BF779D2A-140F-4B59-9970-6508C822FC95}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
(Google Inc.) C:\Users\Lauren\AppData\Local\Temp\CR_A9BC2.tmp\setup.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.22-delta.exe
(Microsoft Corporation) C:\92bde27b74a601a35b9b46\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-06-26] (ASUS)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909312 2011-03-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-22] (AVAST Software)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\e04ae956-b223-45ea-858d-d9ae95ebdfdf.exe [183232 2015-03-22] (AVAST Software)
HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Policies\Explorer: [NoLogOff] 0
Startup: C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-258255347-638875456-2395817908-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-258255347-638875456-2395817908-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^YYA^us&si=downloadunzip&ptb=3E7639C1-515A-4EAA-BD84-A4F892FF229B&ind=2014072211&n=780c4d93&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-258255347-638875456-2395817908-1001 -> {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-258255347-638875456-2395817908-1001 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^YYA^us&si=downloadunzip&ptb=3E7639C1-515A-4EAA-BD84-A4F892FF229B&ind=2014072211&n=780c4d93&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-258255347-638875456-2395817908-1001 -> {99F793F5-D25C-4080-B142-CC4210FA9FAB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\wz9x8jwx.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-26] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-258255347-638875456-2395817908-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-258255347-638875456-2395817908-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Extension:  RivalGaming  - C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-04-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
CHR Plugin: (Shockwave Flash) - C:\Users\Lauren\AppData\Local\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lauren\AppData\Local\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lauren\AppData\Local\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (DealPly) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\DealplyUtils.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Lauren\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd [2012-04-25]
CHR Extension: (YouTube) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Avast SafePrice) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Skype Click to Call) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-12-06]
CHR Extension: (Google Wallet) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-22] (Avast Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-06-26] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-06-26] (Creative Labs) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-22] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)
S3 mr8980; C:\Windows\System32\DRIVERS\mr8980x64.sys [114176 2011-04-19] (Mars Semiconductor Corp.) [File not signed]
S3 mr8980; C:\Windows\SysWOW64\DRIVERS\mr8980x64.sys [114176 2011-04-19] (Mars Semiconductor Corp.) [File not signed]
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-22] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 19:31 - 2015-03-22 19:32 - 00027502 _____ () C:\Users\Lauren\Desktop\FRST.txt
2015-03-22 19:31 - 2015-03-22 19:31 - 00000000 ____D () C:\FRST
2015-03-22 19:30 - 2015-03-22 19:30 - 02095616 _____ (Farbar) C:\Users\Lauren\Desktop\FRST64.exe
2015-03-22 18:13 - 2015-03-22 18:13 - 00000000 ____D () C:\92bde27b74a601a35b9b46
2015-03-19 11:11 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-19 11:11 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 11:16 - 2015-03-11 11:17 - 00000197 _____ () C:\Windows\system32\2015-03-11-16-16-42.098-AvastVBoxSVC.exe-6128.log
2015-03-08 12:57 - 2015-03-08 12:57 - 00000197 _____ () C:\Windows\system32\2015-03-08-17-57-05.034-AvastVBoxSVC.exe-4004.log
2015-03-07 18:54 - 2015-03-07 18:54 - 00000197 _____ () C:\Windows\system32\2015-03-07-23-54-09.018-AvastVBoxSVC.exe-5652.log
2015-03-07 12:16 - 2015-03-07 12:16 - 00000197 _____ () C:\Windows\system32\2015-03-07-17-16-42.000-AvastVBoxSVC.exe-6632.log
2015-03-01 18:11 - 2015-03-01 18:11 - 00000197 _____ () C:\Windows\system32\2015-03-01-23-11-40.012-AvastVBoxSVC.exe-4880.log
2015-03-01 18:07 - 2015-03-01 18:08 - 01404992 _____ () C:\Windows\Minidump\030115-31153-01.dmp
2015-03-01 12:22 - 2015-03-01 12:22 - 00000197 _____ () C:\Windows\system32\2015-03-01-17-22-13.087-AvastVBoxSVC.exe-6944.log
2015-02-28 23:14 - 2015-02-28 23:14 - 00000197 _____ () C:\Windows\system32\2015-03-01-04-14-04.099-AvastVBoxSVC.exe-5848.log
2015-02-28 15:12 - 2015-02-28 15:13 - 00000197 _____ () C:\Windows\system32\2015-02-28-20-12-50.025-AvastVBoxSVC.exe-7052.log
2015-02-28 11:25 - 2015-02-28 11:25 - 00000197 _____ () C:\Windows\system32\2015-02-28-16-25-07.046-AvastVBoxSVC.exe-6324.log
2015-02-28 11:16 - 2015-02-28 11:16 - 00000197 _____ () C:\Windows\system32\2015-02-28-16-16-35.065-AvastVBoxSVC.exe-4596.log
2015-02-27 18:54 - 2015-02-27 18:54 - 00000197 _____ () C:\Windows\system32\2015-02-27-23-54-40.026-AvastVBoxSVC.exe-2924.log
2015-02-27 13:44 - 2015-02-27 13:45 - 00000197 _____ () C:\Windows\system32\2015-02-27-18-44-18.044-AvastVBoxSVC.exe-4704.log
2015-02-27 13:40 - 2015-02-27 13:41 - 01399360 _____ () C:\Windows\Minidump\022715-30997-01.dmp
2015-02-26 18:15 - 2015-02-26 18:15 - 00000197 _____ () C:\Windows\system32\2015-02-26-23-15-00.073-AvastVBoxSVC.exe-6692.log
2015-02-26 15:33 - 2015-02-26 15:34 - 00000197 _____ () C:\Windows\system32\2015-02-26-20-33-28.079-AvastVBoxSVC.exe-3956.log
2015-02-26 12:53 - 2015-02-26 12:53 - 00000247 _____ () C:\Windows\system32\2015-02-26-17-53-57.035-aswFe.exe-5668.log
2015-02-26 12:49 - 2015-02-26 12:53 - 00000247 _____ () C:\Windows\system32\2015-02-26-17-49-42.029-aswFe.exe-6824.log
2015-02-26 12:49 - 2015-02-26 12:49 - 00000197 _____ () C:\Windows\system32\2015-02-26-17-49-37.003-AvastVBoxSVC.exe-1680.log
2015-02-26 12:27 - 2015-02-26 12:27 - 00000197 _____ () C:\Windows\system32\2015-02-26-17-27-06.092-AvastVBoxSVC.exe-3708.log
2015-02-26 12:20 - 2015-02-26 12:20 - 01055936 _____ (Adobe) C:\Users\Lauren\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-02-26 12:20 - 2015-02-26 12:20 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Macromedia
2015-02-25 22:28 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 22:28 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 22:25 - 2015-02-25 22:25 - 00000197 _____ () C:\Windows\system32\2015-02-26-03-25-23.021-AvastVBoxSVC.exe-4380.log
2015-02-24 14:36 - 2015-02-24 14:36 - 00000197 _____ () C:\Windows\system32\2015-02-24-19-36-40.084-AvastVBoxSVC.exe-5640.log
2015-02-23 20:57 - 2015-02-23 22:58 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\TS3Client
2015-02-23 20:57 - 2015-02-23 20:57 - 00001164 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-02-23 20:57 - 2015-02-23 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-02-23 20:57 - 2015-02-23 20:57 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2015-02-23 20:22 - 2015-02-23 20:22 - 00000247 _____ () C:\Windows\system32\2015-02-24-01-22-18.070-aswFe.exe-6788.log
2015-02-23 20:17 - 2015-02-23 20:22 - 00000247 _____ () C:\Windows\system32\2015-02-24-01-17-20.024-aswFe.exe-4456.log
2015-02-23 20:17 - 2015-02-23 20:17 - 00000197 _____ () C:\Windows\system32\2015-02-24-01-17-15.031-AvastVBoxSVC.exe-5884.log
2015-02-23 19:36 - 2015-02-23 19:37 - 00000197 _____ () C:\Windows\system32\2015-02-24-00-36-45.020-AvastVBoxSVC.exe-3880.log
2015-02-23 19:13 - 2015-02-23 19:14 - 00010203 _____ () C:\Users\Lauren\Documents\Uninstall STAR WARS The Old Republic.log
2015-02-23 19:09 - 2015-02-23 19:10 - 00000197 _____ () C:\Windows\system32\2015-02-24-00-09-42.021-AvastVBoxSVC.exe-4508.log
2015-02-22 20:13 - 2015-02-22 20:13 - 00000247 _____ () C:\Windows\system32\2015-02-23-01-13-12.016-aswFe.exe-8032.log
2015-02-22 20:08 - 2015-02-22 20:13 - 00000247 _____ () C:\Windows\system32\2015-02-23-01-08-30.012-aswFe.exe-6428.log
2015-02-22 20:08 - 2015-02-22 20:08 - 00000197 _____ () C:\Windows\system32\2015-02-23-01-08-26.061-AvastVBoxSVC.exe-5772.log
2015-02-22 20:02 - 2015-02-26 12:32 - 00001970 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-22 20:02 - 2015-02-22 20:03 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-22 20:02 - 2015-02-22 20:03 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-22 20:02 - 2015-02-22 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-22 20:01 - 2015-03-19 10:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-22 20:01 - 2015-02-22 20:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-22 20:01 - 2015-02-22 20:02 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-22 20:01 - 2015-02-22 20:01 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-22 20:01 - 2015-02-22 20:01 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-22 20:01 - 2015-02-22 20:01 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-22 20:01 - 2015-02-22 20:01 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-22 20:01 - 2015-02-22 20:01 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-22 20:01 - 2015-02-22 20:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-22 20:01 - 2015-02-22 20:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-22 20:01 - 2015-02-22 20:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-22 19:59 - 2015-02-22 19:59 - 04864744 _____ (AVAST Software) C:\Users\Lauren\Downloads\avast_free_antivirus_setup_online.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-11-22 18:55 - 2011-08-24 22:34 - 00000000 ____D () C:\Users\Lauren
2015-11-22 18:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-22 19:32 - 2011-09-12 01:44 - 00002374 _____ () C:\Users\Lauren\Desktop\Google Chrome.lnk
2015-03-22 19:30 - 2009-07-14 00:13 - 00798844 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 19:29 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 19:29 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 19:27 - 2011-09-12 01:44 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001UA.job
2015-03-22 19:26 - 2014-05-17 00:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 19:26 - 2012-04-08 00:42 - 00000380 _____ () C:\Users\Lauren\AppData\Roaming\sp_data.sys
2015-03-22 19:26 - 2011-09-30 03:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 19:26 - 2011-09-12 01:44 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001Core.job
2015-03-22 19:26 - 2011-06-26 19:15 - 02034094 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 18:13 - 2013-08-16 09:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-22 18:13 - 2011-09-01 19:31 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-19 10:39 - 2011-08-24 22:36 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Deployment
2015-03-11 11:50 - 2014-05-22 02:23 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Battle.net
2015-03-11 11:12 - 2014-05-13 19:28 - 00016967 _____ () C:\Windows\setupact.log
2015-03-11 11:12 - 2012-05-31 00:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-11 11:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 16:20 - 2011-09-10 02:13 - 00000000 ____D () C:\Users\Lauren\AppData\Local\CrashDumps
2015-03-07 18:48 - 2011-12-02 03:52 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\Skype
2015-03-01 18:07 - 2014-11-06 20:42 - 615827107 _____ () C:\Windows\MEMORY.DMP
2015-03-01 18:07 - 2013-02-05 02:47 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 17:54 - 2014-05-22 10:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 11:19 - 2011-08-24 22:53 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-02-28 11:14 - 2014-05-22 02:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-27 18:48 - 2009-07-14 00:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-26 12:33 - 2014-06-17 02:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-26 12:33 - 2014-06-17 02:44 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-26 12:33 - 2012-11-12 21:45 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-26 12:28 - 2011-06-26 19:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-26 12:21 - 2014-06-17 02:45 - 00000000 ____D () C:\Users\Lauren\AppData\Local\Adobe
2015-02-26 12:21 - 2014-05-17 00:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-26 12:21 - 2014-05-17 00:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-26 12:21 - 2014-05-17 00:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-24 15:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-24 14:31 - 2014-05-13 19:28 - 00320394 _____ () C:\Windows\PFRO.log
2015-02-24 04:17 - 2012-07-03 18:50 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 20:04 - 2014-03-12 09:23 - 00000000 ___RD () C:\Users\Lauren\Dropbox
2015-02-23 20:03 - 2014-12-23 23:12 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\Spotify
2015-02-23 20:03 - 2014-03-12 09:21 - 00000000 ____D () C:\Users\Lauren\AppData\Roaming\Dropbox
2015-02-23 20:01 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2015-02-23 19:36 - 2014-05-23 11:06 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 19:36 - 2014-05-23 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-23 19:36 - 2014-05-23 11:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 19:13 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-23 19:12 - 2014-07-25 19:31 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-02-23 19:12 - 2014-07-25 19:31 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios

==================== Files in the root of some directories =======

2012-04-08 00:42 - 2015-03-22 19:26 - 0000380 _____ () C:\Users\Lauren\AppData\Roaming\sp_data.sys
2012-09-15 23:40 - 2012-09-15 23:40 - 0000865 _____ () C:\Users\Lauren\AppData\Local\recently-used.xbel
2011-06-26 19:40 - 2011-06-26 19:41 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-06-26 19:40 - 2011-06-26 19:40 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Lauren\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb_gcte.dll
C:\Users\Lauren\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-19 10:39

==================== End Of Log ============================

 

 

Here is the results of the additional.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lauren at 2015-03-22 19:33:33
Running from C:\Users\Lauren\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Curse Client (HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{17F94DA8-CB07-4BD8-A6DB-E53A1CC5C433}) (Version: 3.5.73.0 - Fresco Logic Inc.)
Google Chrome (HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{1A570BFA-D775-47EE-8071-06E9559C14F5}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NVIDIA 3D Vision Driver 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
paint.net (HKLM\...\{87D5082F-F857-40FE-9C8A-3F2B6C39F426}) (Version: 4.0.2 - dotPDN LLC)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Smilebox) (Version: 1.0.0.27710 - Smilebox, Inc.)
Spotify (HKU\S-1-5-21-258255347-638875456-2395817908-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.01 - Creative Technology Limited)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Wireless Monitoring System (HKLM-x32\...\InstallShield_{1E6679EB-C736-40E6-A1E5-F97F69A096E3}) (Version: 1.00.0000 - MR8980)
Wireless Monitoring System (x32 Version: 1.00.0000 - MR8980) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{14a36c78-48e3-415a-b5b8-f1596573598b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{160d23c1-0a79-4072-aae8-2eecc4e6729b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

11-02-2015 18:49:52 Windows Modules Installer
14-02-2015 12:00:07 Windows Update
19-02-2015 21:29:37 Windows Update
22-02-2015 12:35:01 Windows Update
22-02-2015 20:00:25 avast! antivirus system restore point
23-02-2015 19:12:11 Removed Hi-Rez Studios Games
24-02-2015 15:57:02 Windows Update
25-02-2015 22:27:07 Windows Update
26-02-2015 12:27:38 Removed Respondus LockDown Browser
06-03-2015 18:50:56 Windows Update
10-03-2015 11:09:58 Windows Update
19-03-2015 11:05:19 Windows Update
22-03-2015 18:08:08 Windows Update
22-11-2015 19:41:54 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-05-23 10:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {006B3CD4-7A9D-4EFF-B157-1A5915818F2B} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {0208625C-A8A1-4BC1-966A-7EA4EA27C596} - System32\Tasks\ASC7_SkipUac_Lauren => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: {07E35BC4-F905-4436-A2C4-EE7E1EE6EE3E} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {20AF95E1-5D2D-4F9F-B00C-9DBA13E08135} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {24B3CF09-D965-41A6-9150-FCF8061D5096} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)
Task: {32756B5F-3711-4E4E-9A73-8839465BC55D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-22] (AVAST Software)
Task: {3BC8EAD3-A78E-4EDF-8749-1C6BCC5E105D} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {4514EE1A-4061-40CD-B426-557E3C351436} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001UA => C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {4661EE8B-66D1-45F4-B6C2-BB40E9528EDF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001Core => C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {4BE64693-C4F7-42B6-AF56-96057CF3BD79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {55FFD3B6-313C-4063-9CA3-7C794F402D09} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
Task: {573473DF-D42E-4B63-946D-F6C040F1D7B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {6005B0F4-CD45-43EE-A24D-4181E044103D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {61C61460-F69D-4341-B4CC-EF6E8E7584FB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
Task: {8080D5E7-363B-4E82-956E-17703B3F01E4} - System32\Tasks\{744986BC-16E5-4244-84DB-6AF73F037A89} => pcalua.exe -a "C:\Users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3UD6586\setup.exe" -d C:\Users\Lauren\Desktop
Task: {82A8B03B-9FAE-409E-9D56-1D88060B71A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-26] (Adobe Systems Incorporated)
Task: {96CD439D-9551-4952-8144-E2951738AA89} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {A92D7204-4F82-4DFC-8B34-8AAD87305CAB} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {B56EEEEC-5FE1-4FB2-B78D-6152EB230F4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B5A77135-D7ED-487F-A72C-23C45A9C828A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {CF7403E3-309F-424A-AD87-FFB51A359A81} - System32\Tasks\{DE442276-2EC0-464E-A839-1B7FA8BFFE1D} => pcalua.exe -a C:\Users\Lauren\Downloads\setup.exe -d C:\Users\Lauren\Desktop
Task: {DE952EC0-B3A8-425A-83AD-A5E52585E915} - System32\Tasks\{892D9C5A-718A-4EE0-BB5F-BD873ED56495} => Iexplore.exe http://ui.skype.com/ui/0/6.7.59.102/en/abandoninstall?page=tsMain
Task: {DFE6525F-2243-49F1-90DA-9747162BA4A9} - System32\Tasks\4796 => Wscript.exe C:\Users\Lauren\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E6C0FA46-AFFC-4677-96A1-F8D72E74B219} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001Core.job => C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001UA.job => C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-31 00:25 - 2013-03-14 01:28 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-05 14:53 - 2011-01-05 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-01-05 14:53 - 2011-01-05 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-26 19:37 - 2010-06-08 15:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-08-24 13:33 - 2014-08-24 13:32 - 00014848 _____ () C:\Users\Lauren\AppData\Local\Apps\2.0\HTVER4JD.23E\24K6PNG9.B8E\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll
2014-08-24 13:33 - 2014-08-24 13:32 - 00035840 _____ () C:\Users\Lauren\AppData\Local\Apps\2.0\HTVER4JD.23E\24K6PNG9.B8E\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll
2014-08-24 13:33 - 2014-08-24 13:32 - 00099840 _____ () C:\Users\Lauren\AppData\Local\Apps\2.0\HTVER4JD.23E\24K6PNG9.B8E\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll
2015-02-22 20:01 - 2015-02-22 20:01 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-02-22 20:01 - 2015-02-22 20:01 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-03-22 18:08 - 2015-03-19 16:36 - 00885840 _____ () C:\Users\Lauren\AppData\Local\Google\Update\Install\{BF779D2A-140F-4B59-9970-6508C822FC95}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
2015-03-10 22:36 - 2015-03-10 22:36 - 02920960 _____ () C:\Program Files\AVAST Software\Avast\defs\15031001\algo.dll
2015-02-22 20:01 - 2015-02-22 20:01 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-22 18:07 - 2015-03-22 18:07 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032201\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-06 19:32 - 2012-02-06 19:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-01-31 09:25 - 2012-01-31 09:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2009-11-02 16:20 - 2009-11-02 16:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 16:23 - 2009-11-02 16:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-02-22 20:01 - 2015-02-22 20:01 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-258255347-638875456-2395817908-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^Users^Lauren^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Lauren^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Elite Unzip Home Page Guard 64 bit => "C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Lauren\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Lauren\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lauren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Accounts: =============================

Administrator (S-1-5-21-258255347-638875456-2395817908-500 - Administrator - Disabled)
Guest (S-1-5-21-258255347-638875456-2395817908-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-258255347-638875456-2395817908-1005 - Limited - Enabled)
Lauren (S-1-5-21-258255347-638875456-2395817908-1001 - Administrator - Enabled) => C:\Users\Lauren
UpdatusUser (S-1-5-21-258255347-638875456-2395817908-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® WiMAX 6150
Description: Intel® Centrino® WiMAX 6150
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: bpmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 07:26:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FitbitConnectService.exe, version: 2.0.0.6512, time stamp: 0x545c9cdb
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x14d4
Faulting application start time: 0xFitbitConnectService.exe0
Faulting application path: FitbitConnectService.exe1
Faulting module path: FitbitConnectService.exe2
Report Id: FitbitConnectService.exe3

Error: (03/19/2015 06:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FitbitConnectService.exe, version: 2.0.0.6512, time stamp: 0x545c9cdb
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x73c
Faulting application start time: 0xFitbitConnectService.exe0
Faulting application path: FitbitConnectService.exe1
Faulting module path: FitbitConnectService.exe2
Report Id: FitbitConnectService.exe3

Error: (03/09/2015 04:20:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17631, time stamp: 0x54b31a70
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x496f7847
Faulting process id: 0x2984
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/06/2015 06:37:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FitbitConnectService.exe, version: 2.0.0.6512, time stamp: 0x545c9cdb
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0013baac
Faulting process id: 0xc48
Faulting application start time: 0xFitbitConnectService.exe0
Faulting application path: FitbitConnectService.exe1
Faulting module path: FitbitConnectService.exe2
Report Id: FitbitConnectService.exe3

Error: (03/02/2015 03:22:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FitbitConnectService.exe, version: 2.0.0.6512, time stamp: 0x545c9cdb
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x938
Faulting application start time: 0xFitbitConnectService.exe0
Faulting application path: FitbitConnectService.exe1
Faulting module path: FitbitConnectService.exe2
Report Id: FitbitConnectService.exe3

Error: (03/01/2015 07:23:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17631, time stamp: 0x54b31a70
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xff808080
Faulting process id: 0x1944
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/01/2015 00:21:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17c8

Start Time: 01d05443d0bd4834

Termination Time: 67

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (02/28/2015 03:06:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 29e0

Start Time: 01d0538f75e4c4a2

Termination Time: 169

Application Path: C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 371ec8fe-bf85-11e4-83db-14dae912f566

Error: (02/28/2015 02:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FitbitConnectService.exe, version: 2.0.0.6512, time stamp: 0x545c9cdb
Faulting module name: netprofm.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda75
Exception code: 0xc0000005
Fault offset: 0x00002505
Faulting process id: 0x9b8
Faulting application start time: 0xFitbitConnectService.exe0
Faulting application path: FitbitConnectService.exe1
Faulting module path: FitbitConnectService.exe2
Report Id: FitbitConnectService.exe3

Error: (02/27/2015 06:47:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: SSCORE.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c9ec
Exception code: 0xc0000005
Fault offset: 0x000000000000146d
Faulting process id: 0x408
Faulting application start time: 0xsvchost.exe_LanmanServer0
Faulting application path: svchost.exe_LanmanServer1
Faulting module path: svchost.exe_LanmanServer2
Report Id: svchost.exe_LanmanServer3

System errors:
=============
Error: (03/22/2015 07:26:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (03/22/2015 07:26:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fitbit Connect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/19/2015 06:59:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fitbit Connect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/19/2015 01:02:58 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/19/2015 10:39:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (03/11/2015 00:02:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer STEVE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AA935A64-A29D-4C2A-A931-A707E5632450}.
The master browser is stopping or an election is being forced.

Error: (03/11/2015 11:16:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/11/2015 11:16:00 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/11/2015 11:12:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2

Error: (03/08/2015 05:44:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Microsoft Office Sessions:
=========================
Error: (03/22/2015 07:26:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FitbitConnectService.exe2.0.0.6512545c9cdbole32.dll6.1.7601.175144ce7b96fc00000050003934214d401d062a0b0fd0b37C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Windows\syswow64\ole32.dll3c3592fe-d0f3-11e4-8d0e-14dae912f566

Error: (03/19/2015 06:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FitbitConnectService.exe2.0.0.6512545c9cdbole32.dll6.1.7601.175144ce7b96fc00000050003934273c01d05c163a683042C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Windows\syswow64\ole32.dlle91d886d-ce93-11e4-8d0e-14dae912f566

Error: (03/09/2015 04:20:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1763154b31a70unknown0.0.0.000000000c0000005496f7847298401d05aad5c6ac5d5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown21cf01e2-c6a2-11e4-bb76-14dae912f566

Error: (03/06/2015 06:37:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FitbitConnectService.exe2.0.0.6512545c9cdbole32.dll6.1.7601.175144ce7b96fc00000050013baacc4801d055269eae3429C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Windows\syswow64\ole32.dllb2d98444-c459-11e4-a90e-14dae912f566

Error: (03/02/2015 03:22:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FitbitConnectService.exe2.0.0.6512545c9cdbole32.dll6.1.7601.175144ce7b96fc00000050003934293801d05474a0ee238cC:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Windows\syswow64\ole32.dlld50e4306-c119-11e4-a90e-14dae912f566

Error: (03/01/2015 07:23:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1763154b31a70unknown0.0.0.000000000c0000005ff808080194401d05479342ec706C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown48da52ef-c072-11e4-a90e-14dae912f566

Error: (03/01/2015 00:21:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1763117c801d05443d0bd483467C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (02/28/2015 03:06:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.11529e001d0538f75e4c4a2169C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe371ec8fe-bf85-11e4-83db-14dae912f566

Error: (02/28/2015 02:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FitbitConnectService.exe2.0.0.6512545c9cdbnetprofm.dll6.1.7600.163854a5bda75c0000005000025059b801d053729132cc42C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Windows\System32\netprofm.dll44216f13-bf82-11e4-83db-14dae912f566

Error: (02/27/2015 06:47:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc3c1SSCORE.DLL6.1.7601.175144ce7c9ecc0000005000000000000146d40801d052e7ad1121e6C:\Windows\system32\svchost.exeC:\Windows\system32\SSCORE.DLL054ff69d-bedb-11e4-9598-14dae912f566

CodeIntegrity Errors:
===================================
  Date: 2014-05-23 10:08:06.765
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-23 10:08:06.719
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-08-24 22:59:24.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-08-24 22:59:24.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-08-24 22:59:24.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-08-24 22:59:24.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-08-24 22:58:36.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-08-24 22:58:36.876
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-08-24 22:58:36.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-08-24 22:58:36.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Lauren\Documents\boot\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 30%
Total physical RAM: 8169.16 MB
Available physical RAM: 5643.86 MB
Total Pagefile: 16336.52 MB
Available Pagefile: 13129.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:281.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:226.83 GB) NTFS
Drive e: (SDATA2) (Fixed) (Total:232.89 GB) (Free:232.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 22 March 2015 - 09:08 PM

Hi Steve and welcome. It is my pleasure to work on this with you.

Please do this.

===================================================

Managing Attachments

----------
  • Navigate to the top of this post
  • In the upper right hand corner you will see your screen name
  • Left click on that and a drop down list will appear
  • Select My Settings
  • On the left hand side under General Settings click on Manage Attachments
  • To the very right on the blue bar just above the first entry click on the open check box
  • All of the checkboxes should now be checked
  • Click Delete Selected
  • Your should now see You have used 0bytes of 250K
  • Please try to attach the System Summary report
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Lauren\AppData\Local\Temp\CR_A9BC2.tmp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-258255347-638875456-2395817908-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^YYA^us&si=downloadunzip&ptb=3E7639C1-515A-4EAA-BD84-A4F892FF229B&ind=2014072211&n=780c4d93&psa=&st=sb&searchfor={searchTerms}
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {A92D7204-4F82-4DFC-8B34-8AAD87305CAB} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {DFE6525F-2243-49F1-90DA-9747162BA4A9} - System32\Tasks\4796 => Wscript.exe C:\Users\Lauren\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on your computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Anron311

Anron311
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 23 March 2015 - 04:11 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Lauren at 2015-03-23 15:15:11 Run:1
Running from C:\Users\Lauren\Desktop
Loaded Profiles: Lauren (Available profiles: Lauren & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Lauren\AppData\Local\Temp\CR_A9BC2.tmp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-258255347-638875456-2395817908-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm037^YYA^us&si=downloadunzip&ptb=3E7639C1-515A-4EAA-BD84-A4F892FF229B&ind=2014072211&n=780c4d93&psa=&st=sb&searchfor={searchTerms}
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lauren\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {A92D7204-4F82-4DFC-8B34-8AAD87305CAB} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {DFE6525F-2243-49F1-90DA-9747162BA4A9} - System32\Tasks\4796 => Wscript.exe C:\Users\Lauren\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
*****************

C:\Users\Lauren\AppData\Local\Temp\CR_A9BC2.tmp => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-258255347-638875456-2395817908-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{63894242-d1a7-4235-a425-c124cb8f4633} => Key not found.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
"HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-258255347-638875456-2395817908-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A92D7204-4F82-4DFC-8B34-8AAD87305CAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A92D7204-4F82-4DFC-8B34-8AAD87305CAB}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFE6525F-2243-49F1-90DA-9747162BA4A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFE6525F-2243-49F1-90DA-9747162BA4A9}" => Key deleted successfully.
C:\Windows\System32\Tasks\4796 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4796" => Key deleted successfully.

==== End of Fixlog 15:15:13 ====

 

 

 

# AdwCleaner v4.113 - Logfile created 23/03/2015 at 15:23:00
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lauren - LAUREN-PC
# Running from : C:\Users\Lauren\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lauren\AppData\Local\Mindspark_Interactive_Net
Folder Deleted : C:\Users\Lauren\AppData\LocalLow\iac
Folder Deleted : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{63894242-d1a7-4235-a425-c124cb8f4633}
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v33.1 (x86 en-US)

-\\ Google Chrome v

[C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2752 bytes] - [23/03/2015 15:18:01]
AdwCleaner[S0].txt - [2574 bytes] - [23/03/2015 15:23:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2633  bytes] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lauren on Mon 03/23/2015 at 15:40:32.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util atuzi
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\EliteUnzip_aa.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\EliteUnzip_aa.ToolbarProtector.1

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\Lauren\AppData\Roaming\flexnet"
Successfully deleted: [Folder] "C:\Users\Lauren\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Lauren\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Lauren\appdata\local\rivalgaming"
Successfully deleted: [Empty Folder] C:\Users\Lauren\appdata\local\{268054B1-531E-4845-9017-CC5CEE7B744A}
Successfully deleted: [Empty Folder] C:\Users\Lauren\appdata\local\{9A67B8DD-D67D-4D6F-BAEB-ED1F8872D654}
Successfully deleted: [Empty Folder] C:\Users\Lauren\appdata\local\{E09299AB-DAB8-43C8-9A75-86DED152092C}
Successfully deleted: [Empty Folder] C:\Users\Lauren\appdata\local\{E7D75D24-6803-4B65-AE4E-13E9DB3C4120}

 

~~~ FireFox

Emptied folder: C:\Users\Lauren\AppData\Roaming\mozilla\firefox\profiles\wz9x8jwx.default\minidumps [1 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/23/2015 at 15:55:55.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Computer is running a little smoother now. However internet explorer randomly shut down on me a couple times but seems to be ok now.

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 23 March 2015 - 05:39 PM

Thank you for the information and update. You have a number of errors related to Fitbit. I want to change a setting and see if that helps us. Please do this.

===================================================

Modifying Service StartState

-------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Type sc config Fitbit Connect start= disabled and press Enter
  • You should receive confirmation the command was successful
  • Reboot your computer and monitor the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Was the command successful?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Anron311

Anron311
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 23 March 2015 - 10:02 PM

I did the step you instructed me to do, but I can't tell if it actually worked or not. Computer is running similar to before this change.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 23 March 2015 - 10:33 PM

Do you mean slow and freezing?

Please do this.

I am ending for the evening but will check back in first thing in the morning.

===================================================

Query a Service Via Command Line

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and hit Enter
  • Type the following after the command prompt and press Enter

sc query Fitbit Connect

  • Please tell me the information in the State line
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Slow/freezing?
  • What is the Fitbit Connect state?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Anron311

Anron311
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 23 March 2015 - 11:08 PM

It is still slow and freezing, but it isn't freezing as long as before we started and load times in the browsers have improved. I typed what you asked to the prompt and it came back with this:

 

[SC] EnumQueryServicesStatus: OpenServce FAILED 1060:

The specified service does not exist as an installed service.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 24 March 2015 - 08:28 AM

Please do this.

===================================================

Disabling Service

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type services.msc and hit Enter.
  • In the right panel under Name tab find Fitbit Connect Service
  • Right click on the entry and select Properties
  • Click the Stop button then select Disabled from the Startup type drop down list (the service may already be stopped)
  • Click OK and close the window
  • Reboot your computer into Normal Mode and check your computer behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Anron311

Anron311
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 24 March 2015 - 01:49 PM

While following these instructions my computer began to freeze for long periods (1-2 minutes) and eventually it froze completely and I had to shut down with the power button. I tried again after the reboot and it worked fine, rebooted after completing the instructions and the computer performance has not changed.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 24 March 2015 - 03:25 PM

Greetings,

Please boot into Safe Mode and let me know if your computer freezes. In addition please attempt to run the below.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Anron311

Anron311
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 24 March 2015 - 06:20 PM

While in safe mode I didn't crash or freeze at all, but I also didn't use any web browsers or anything similar.

 

 

 

 

Here is the combofix log

 

 

ComboFix 15-03-23.01 - Lauren 03/24/2015  17:42:28.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8169.6119 [GMT -5:00]
Running from: c:\users\Lauren\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-24 to 2015-03-24  )))))))))))))))))))))))))))))))
.
.
2015-03-23 20:17 . 2015-03-23 20:57 -------- d-----w- C:\AdwCleaner
2015-03-23 20:09 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEA532F5-33C4-461D-86C1-7950A9D25C92}\mpengine.dll
2015-03-23 00:31 . 2015-03-23 20:15 -------- d-----w- C:\FRST
2015-03-19 16:13 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-19 16:13 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-19 16:13 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-19 16:13 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-19 16:13 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-19 16:13 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-19 16:13 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-19 16:13 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-19 16:13 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-19 16:13 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-19 16:12 . 2015-01-29 03:23 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-19 16:12 . 2015-01-29 03:05 3973048 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-03-19 16:12 . 2015-01-29 03:05 3917752 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-19 16:12 . 2015-01-29 03:19 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-19 16:12 . 2015-01-29 03:18 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-19 16:12 . 2015-01-29 03:19 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-19 16:12 . 2015-01-29 03:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-19 16:12 . 2015-01-29 03:18 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-19 16:12 . 2015-01-29 03:16 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-19 16:12 . 2015-01-29 03:01 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-03-19 16:12 . 2015-01-29 02:57 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-02-26 17:20 . 2015-02-26 17:20 -------- d-----w- c:\users\Lauren\AppData\Local\Macromedia
2015-02-24 01:57 . 2015-02-24 03:58 -------- d-----w- c:\users\Lauren\AppData\Roaming\TS3Client
2015-02-24 01:57 . 2015-02-24 01:57 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2015-02-23 01:02 . 2015-02-23 01:03 -------- d-----w- c:\windows\SysWow64\vbox
2015-02-23 01:02 . 2015-02-23 01:03 -------- d-----w- c:\windows\system32\vbox
2015-02-23 01:01 . 2015-02-23 01:01 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-23 01:01 . 2015-02-23 01:01 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-23 01:01 . 2015-02-23 01:02 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-23 01:01 . 2015-02-23 01:01 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-23 01:01 . 2015-02-23 01:01 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-23 01:01 . 2015-02-23 01:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-23 01:01 . 2015-02-23 01:01 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-23 01:01 . 2015-02-23 01:02 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-23 01:01 . 2015-02-23 01:01 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-23 01:01 . 2015-02-23 01:01 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-24 22:34 . 2012-04-08 05:42 380 ----a-w- c:\users\Lauren\AppData\Roaming\sp_data.sys
2015-03-22 23:13 . 2011-09-02 00:31 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-28 22:54 . 2014-05-22 15:41 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 17:21 . 2014-05-17 05:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-26 17:21 . 2014-05-17 05:33 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-24 09:17 . 2012-07-03 23:50 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-04 03:16 . 2015-02-11 03:26 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 03:26 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 03:26 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 03:26 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 03:26 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 03:26 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 03:26 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 03:26 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-20 02:35 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-20 02:35 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 03:14 . 2015-02-20 02:35 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 02:48 . 2015-02-20 02:35 76800 ----a-w- c:\windows\SysWow64\wdi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-11-07 4369952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-27 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-11-07 4369952]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-19 5227648]
.
c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-8-24 0]
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mr8980;Wireless Monitoring System;c:\windows\system32\DRIVERS\mr8980x64.sys;c:\windows\SYSNATIVE\DRIVERS\mr8980x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17 17:21]
.
2014-12-27 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03 16:45]
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 00:27]
.
2015-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 00:27]
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001Core.job
- c:\users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 23:40]
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258255347-638875456-2395817908-1001UA.job
- c:\users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 23:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-23 01:01 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Lauren\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: hrsaccount.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\wz9x8jwx.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=hex:51,66,7a,6c,4c,1d,38,12,f2,0d,f8,
   07,a3,34,ef,06,dd,36,d8,12,b3,1f,89,a5
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,5b,3a,1f,56,89,8e,4b,8a,54,22,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-03-24  18:11:59 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-24 23:11
.
Pre-Run: 292,180,987,904 bytes free
Post-Run: 291,861,958,656 bytes free
.
- - End Of File - - E40DA0FB0EA97790947E24724EEAEFF4
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 24 March 2015 - 08:03 PM

Thanks Steve, that report looks good. Please do this now.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click the Windows key + R at the same time
  • Type msconfig and hit Enter
  • Click the Boot tab (for XP click BOOT.INI)
  • Place a check mark in Base video, then click OK
  • Restart your computer
  • Your screen resolution will look different as if it was in Safe Mode, that is normal
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer crash/freeze?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Anron311

Anron311
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 25 March 2015 - 03:32 PM

Things are taking longer to load in this view, but nothing has frozen or crashed in the past few minutes






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users