help a girl clean up her computer

Had some virus trouble and cleaned it up with anti-malwarebytes and Avast. Avast was catching a bunch of potential threats every day and then suddenly, it stopped completely. Now, 81 processes when the computer starts up. About 13 of them are svchost.exe. My CPU useage fluctuates around 80% when it’s first turned on. Video loads 2 seconds at a time. Tried deleting a svchost.exe and my anti-virus shut down. Running a full scan in Avast now, but it wouldn’t let me start Avast the first few times I tried, and it said, “Scan canceled, Threat Detected.” Is this a rootkit/virus/worm or is this normal? I scanned with anti-malwarebytes but I feel it’s still not right. Tired of watching videos two seconds at a time while everything struggles to load. Very grateful for any help or insight you all might offer.

thank you!!!

Hello,

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thank you so much for your help!

I followed your instructions, and here are the logs.

=========================FRST.TXT=================================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by crusty (administrator) on THRASHER on 17-05-2015 17:40:04
Running from C:\Users\crusty\Desktop
Loaded Profiles: crusty (Available profiles: crusty)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM.…\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM.…\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM.…\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-05-10] (Lenovo.)
HKLM.…\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-18] (Synaptics Incorporated)
HKLM.…\Run: =>
HKLM.…\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32.…\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32.…\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-04-09] (Ricoh co.,Ltd.)
HKLM-x32.…\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32.…\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32.…\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1085744 2012-11-21] (Lenovo)
HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32.…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-1502718689-3989064885-3880140442-1002.…\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1502718689-3989064885-3880140442-1002.…\MountPoints2: {c412bcbd-2a1c-11e3-99d8-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1502718689-3989064885-3880140442-1002\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] → {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] → {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] → {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] → {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] → {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] → {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] → {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-10] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1502718689-3989064885-3880140442-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1502718689-3989064885-3880140442-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1502718689-3989064885-3880140442-1002 → DefaultScope {7AB829C3-4154-446B-BE1B-DAF5CA7F7004} URL =
SearchScopes: HKU\S-1-5-21-1502718689-3989064885-3880140442-1002 → {7AB829C3-4154-446B-BE1B-DAF5CA7F7004} URL =
BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-10] (Microsoft Corporation)
BHO: SteadyVideoBHO Class → {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} → C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: TrueSuite Browser Helper Object → {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} → C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-06-07] (AuthenTec Inc.)
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-25] (Avast Software s.r.o.)
BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-10] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class → {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} → C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-09] (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object → {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} → C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-06-07] (AuthenTec Inc.)
BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-25] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-10] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:

FF ProfilePath: C:\Users\crusty\AppData\Roaming\Mozilla\Firefox\Profiles\p1jvloxp.default-1430060136336
FF DefaultSearchEngine.US: Ixquick HTTPS
FF Homepage: https://ixquick.com/
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE → disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 → C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 → C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE → disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF → C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502718689-3989064885-3880140442-1002: @talk.google.com/GoogleTalkPlugin → C:\Users\crusty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1502718689-3989064885-3880140442-1002: @talk.google.com/O1DPlugin → C:\Users\crusty\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1502718689-3989064885-3880140442-1002: @tools.google.com/Google Update;version=3 → C:\Users\crusty\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502718689-3989064885-3880140442-1002: @tools.google.com/Google Update;version=9 → C:\Users\crusty\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502718689-3989064885-3880140442-1002: intel.com/AppUpx64 → C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\crusty\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\crusty\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\crusty\AppData\Roaming\Mozilla\Firefox\Profiles\p1jvloxp.default-1430060136336\searchplugins\ixquick-https.xml [2015-04-26]
FF Extension: Adblock Plus - C:\Users\crusty\AppData\Roaming\Mozilla\Firefox\Profiles\p1jvloxp.default-1430060136336\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-26]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-05-17]
FF HKLM-x32.…\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-12]

Chrome:

CHR StartupUrls: Default → “https://ixquick.com/do/mypage.pl?prf=3315f6c1cea1b20a7bc3abde4dceaca4
CHR DefaultSearchKeyword: Default → ixquick.com
CHR DefaultSearchURL: Default → https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
CHR DefaultSuggestURL: Default →
CHR Profile: C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Google Search) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (Avast SafePrice) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-06]
CHR Extension: (Blur) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-03-12]
CHR Extension: (BetaFish Adblocker) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-12]
CHR Extension: (Bookmark Manager) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-12]
CHR Extension: (Social Fixer for Facebook) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-08-11]
CHR Extension: (Universe) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcicgpahfpikagbhofhehldknadneld [2014-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Gmail) - C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR HKLM-x32.…\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14]
CHR HKLM-x32.…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM-x32.…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [160048 2012-11-21] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; “C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe”

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71472 2012-11-21] (Windows (R) Win 7 DDK provider)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [149632 2013-04-09] (Ricoh co.,Ltd.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1480776 2013-02-08] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver_AMDASF.sys [28912 2013-03-18] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
U4 VBoxAswDrv; ??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 17:40 - 2015-05-17 17:40 - 00024100 _____ () C:\Users\crusty\Desktop\FRST.txt
2015-05-17 17:39 - 2015-05-17 17:40 - 00000000 ____D () C:\FRST
2015-05-17 17:38 - 2015-05-17 17:38 - 02107392 _____ (Farbar) C:\Users\crusty\Desktop\FRST64.exe
2015-05-17 17:31 - 2015-05-17 17:31 - 01146368 _____ (Farbar) C:\Users\crusty\Desktop\FRST.exe
2015-05-17 01:18 - 2015-05-17 01:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 17:40 - 2015-05-15 17:40 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\crusty\Downloads\flashplayer17au_ha_install.exe
2015-05-13 20:18 - 2015-05-17 11:31 - 01557891 _____ () C:\Users\crusty\Documents\schroth kara walker.pptx
2015-05-13 19:01 - 2015-05-13 19:01 - 00000000 _____ () C:\Users\crusty\AppData\Local{6386D9B5-8002-46E6-A576-38078BBECC59}
2015-05-13 01:32 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:32 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:31 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:31 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:01 - 2015-05-12 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-12 21:00 - 2015-04-27 09:51 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-12 16:50 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 16:50 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 16:50 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 16:50 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 16:50 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 16:50 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 16:50 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 16:50 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 16:50 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 16:50 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 16:50 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 16:50 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 16:50 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 16:50 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 16:50 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 16:50 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 16:50 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 16:50 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 16:50 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 16:50 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 16:50 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 16:50 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 16:50 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 16:50 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 16:50 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 16:50 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 16:50 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 16:50 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 16:50 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 16:50 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 16:50 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 16:50 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 16:50 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 16:50 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 16:50 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 16:50 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 16:50 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 16:50 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 16:50 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 16:50 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 16:50 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 16:50 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 16:50 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 16:50 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 16:50 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 16:50 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 16:50 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 16:50 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 16:50 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 16:50 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 16:50 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 16:50 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 16:50 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 16:50 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 16:50 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 16:50 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 16:50 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 16:50 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 16:50 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 16:50 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 14:22 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 14:22 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 14:22 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 14:22 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 14:22 - 2015-04-03 22:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 14:22 - 2015-04-03 22:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 14:22 - 2015-04-03 22:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 14:22 - 2015-04-03 22:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 14:22 - 2015-04-03 22:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 14:22 - 2015-04-03 22:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 14:22 - 2015-04-03 22:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 14:22 - 2015-04-03 22:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 14:22 - 2015-04-03 22:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 14:22 - 2015-04-03 22:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 14:22 - 2015-04-03 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 14:22 - 2015-04-03 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 14:22 - 2015-04-03 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 14:22 - 2015-04-03 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 14:22 - 2015-04-03 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 14:22 - 2015-04-03 22:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 14:22 - 2015-04-03 22:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 14:22 - 2015-04-03 22:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 14:22 - 2015-04-03 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 14:22 - 2015-04-03 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 14:22 - 2015-04-03 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 14:17 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 14:17 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 14:17 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 14:17 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 14:17 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 14:16 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 14:16 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 14:16 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-10 00:15 - 2015-05-10 00:15 - 00098256 _____ () C:\ProgramData\1431234829.bdinstall.bin
2015-05-10 00:13 - 2015-05-10 00:13 - 00037823 _____ () C:\ProgramData\1431234826.bdinstall.bin
2015-05-09 19:30 - 2015-05-09 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-09 19:02 - 2015-05-09 19:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-09 18:20 - 2015-05-09 18:20 - 00000000 ___D () C:\Program Files (x86)\Microsoft Office 15
2015-05-09 18:14 - 2015-05-09 18:14 - 00002994 _____ () C:\Windows\System32\Tasks{8C0EC503-F86B-42D1-A894-0B840E6F1287}
2015-05-09 18:10 - 2015-05-13 10:01 - 00122812 _____ () C:\Windows\PFRO.log
2015-05-09 12:35 - 2015-05-09 12:35 - 00002994 _____ () C:\Windows\System32\Tasks{5D9DCF27-0A13-43DA-921E-536A31187AB0}
2015-05-09 12:33 - 2015-05-09 12:33 - 00002994 _____ () C:\Windows\System32\Tasks{05561E43-6403-48D1-B063-6D452734A0B8}
2015-05-09 12:32 - 2015-05-09 12:32 - 00002994 _____ () C:\Windows\System32\Tasks{BEE7729E-76E7-4F25-B373-F85516B5B256}
2015-05-09 12:32 - 2015-05-09 12:32 - 00002994 _____ () C:\Windows\System32\Tasks{4B4F3D8A-BD51-47B5-9B2D-1AD80A38F697}
2015-05-09 12:31 - 2015-05-09 12:31 - 00002994 _____ () C:\Windows\System32\Tasks{BB8CEC4D-C3D6-49E8-B586-D09B18077045}
2015-05-09 12:27 - 2015-05-09 18:58 - 01076408 _____ (Microsoft Corporation) C:\Users\crusty\Downloads\Setup.X86.en-us_O365ProPlusRetail_b356a858-a34a-450c-a628-b5729d479ce1_TX_PR
.exe
2015-05-09 12:16 - 2015-05-17 17:37 - 00022894 _____ () C:\Windows\setupact.log
2015-05-09 12:16 - 2015-05-09 12:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-01 13:49 - 2015-05-01 13:49 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-01 13:48 - 2015-05-01 13:57 - 00002842 _____ () C:\Windows\system32\lic2.xml24938
2015-05-01 13:48 - 2015-05-01 13:48 - 00238162 _____ () C:\ProgramData\1430505773.bdinstall.bin

2015-05-01 13:45 - 2015-05-10 00:14 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-27 20:36 - 2015-05-11 14:34 - 38789022 _____ () C:\Users\crusty\Documents\schroth literacy portfolio compressed.pptx
2015-04-27 09:51 - 2015-04-27 09:51 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-26 09:57 - 2015-04-26 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2015-04-26 09:55 - 2015-04-26 09:55 - 00000000 ____D () C:\Users\crusty\Desktop\Old Firefox Data
2015-04-22 15:28 - 2015-04-22 15:28 - 00007602 _____ () C:\Users\crusty\AppData\Local\Resmon.ResmonCfg
2015-04-21 21:57 - 2015-04-21 21:57 - 00000000 ____D () C:\Users\crusty\AppData\Roaming\VideoEditor
2015-04-21 21:57 - 2015-04-21 21:57 - 00000000 ____D () C:\Users\crusty\AppData\Roaming\FlashIntegro
2015-04-21 21:56 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2015-04-21 21:55 - 2015-05-01 14:43 - 00000000 ____D () C:\Program Files (x86)\Video Editor
2015-04-21 21:55 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2015-04-21 21:55 - 2005-08-01 19:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2015-04-21 21:55 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-04-21 21:55 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax
2015-04-21 21:55 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-04-21 21:55 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-04-21 21:55 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2015-04-21 21:55 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2015-04-21 21:55 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2015-04-21 21:55 - 2003-05-21 23:50 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-04-21 21:55 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2015-04-21 21:55 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx
2015-04-21 21:55 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2015-04-21 21:55 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2015-04-21 21:55 - 2003-05-21 23:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-04-21 21:55 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2015-04-21 21:55 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2015-04-21 21:55 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2015-04-19 14:15 - 2015-04-27 20:04 - 357002209 _____ () C:\Users\crusty\Documents\Child Literacy and Language Development.pptx
2015-04-17 19:44 - 2015-04-17 19:44 - 00000090 _____ () C:\Users\crusty\AppData\Roaming\findawordscores1.plist
2015-04-17 19:43 - 2015-04-19 01:47 - 00000011 _____ () C:\Users\crusty\AppData\Roaming\findaword.plist
2015-04-17 19:43 - 2015-04-17 19:44 - 00703152 _____ () C:\Users\crusty\AppData\Roaming\findaworddictionary.txt
2015-04-17 19:43 - 2015-04-17 19:43 - 00000000 ____D () C:\Program Files (x86)\Find a Word
2015-04-17 19:19 - 2015-04-17 19:19 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 17:39 - 2013-09-30 17:11 - 02012782 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 17:37 - 2014-03-12 15:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 17:36 - 2014-03-12 17:29 - 00002292 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-17 17:35 - 2014-03-12 15:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 17:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 17:34 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 17:34 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 17:33 - 2014-08-02 12:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502718689-3989064885-3880140442-1002UA.job
2015-05-17 17:32 - 2014-04-15 16:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-17 17:25 - 2014-03-12 15:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-17 17:24 - 2014-03-12 09:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 11:20 - 2015-02-06 12:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 10:27 - 2014-04-15 16:16 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-17 10:27 - 2014-04-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 10:27 - 2014-04-15 16:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 01:16 - 2014-03-16 10:44 - 00000000 ____D () C:\Users\crusty\AppData\Roaming\foobar2000
2015-05-17 01:15 - 2014-03-15 19:50 - 00000000 ____D () C:\Users\crusty\AppData\Local\Last.fm
2015-05-16 14:31 - 2014-03-12 15:17 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 14:31 - 2014-03-12 15:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 22:48 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 10:04 - 2009-07-13 23:45 - 00487128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 10:02 - 2013-02-11 13:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 01:41 - 2014-03-22 09:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 01:34 - 2014-03-22 09:41 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 23:55 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\crusty
2015-05-12 23:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-05-12 23:54 - 2013-09-30 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Password Vault
2015-05-12 23:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-05-12 21:01 - 2015-01-31 12:06 - 00001893 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-11 13:43 - 2014-03-27 13:37 - 00000000 ____D () C:\Users\crusty\AppData\Roaming\vlc
2015-05-10 00:07 - 2014-03-12 17:35 - 00000000 ____D () C:\Users\crusty\AppData\Local\CrashDumps
2015-05-09 20:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-09 12:22 - 2014-03-27 14:13 - 00000000 ____D () C:\Users\crusty\Documents\BotaniculaSaves
2015-05-09 11:11 - 2015-01-05 04:19 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-09 11:10 - 2015-01-05 04:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-08 16:35 - 2009-07-14 00:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-06 13:44 - 2014-03-12 09:29 - 00000000 ____D () C:\Users\crusty\AppData\Roaming\Skype
2015-05-06 09:33 - 2014-08-02 12:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502718689-3989064885-3880140442-1002Core.job
2015-04-27 10:57 - 2015-02-23 12:21 - 00000000 ____D () C:\Users\crusty\Documents\literacy development
2015-04-27 09:51 - 2014-08-06 17:17 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-27 09:51 - 2014-03-12 15:17 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-27 09:51 - 2014-03-12 15:17 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-27 09:51 - 2014-03-12 15:17 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-27 09:51 - 2014-03-12 15:17 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-27 09:51 - 2014-03-12 15:17 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-27 09:51 - 2014-03-12 15:17 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-27 09:51 - 2014-03-12 15:17 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-27 00:15 - 2013-09-30 17:30 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-04-27 00:15 - 2013-09-30 17:21 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-26 09:57 - 2014-03-15 19:50 - 00000000 ____D () C:\Program Files (x86)\Last.fm
2015-04-21 22:56 - 2015-04-05 12:11 - 00154121 _____ () C:\Users\crusty\Downloads\image.jpeg
2015-04-21 17:43 - 2014-03-12 09:35 - 00000000 ____D () C:\Users\crusty\AppData\Roaming\Mozilla
2015-04-20 12:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 19:43 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-17 19:20 - 2014-03-11 18:54 - 00129512 _____ () C:\Users\crusty\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-17 19:17 - 2014-03-11 18:53 - 00000000 ____D () C:\Users\crusty\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-03-11 18:49 - 2014-03-15 09:01 - 0007095 _____ () C:\Users\crusty\AppData\Roaming\AbsoluteReminder.xml
2015-04-17 19:43 - 2015-04-19 01:47 - 0000011 _____ () C:\Users\crusty\AppData\Roaming\findaword.plist
2015-04-17 19:43 - 2015-04-17 19:44 - 0703152 _____ () C:\Users\crusty\AppData\Roaming\findaworddictionary.txt
2015-04-17 19:44 - 2015-04-17 19:44 - 0000090 _____ () C:\Users\crusty\AppData\Roaming\findawordscores1.plist
2015-04-22 15:28 - 2015-04-22 15:28 - 0007602 _____ () C:\Users\crusty\AppData\Local\Resmon.ResmonCfg
2015-05-13 19:01 - 2015-05-13 19:01 - 0000000 _____ () C:\Users\crusty\AppData\Local{6386D9B5-8002-46E6-A576-38078BBECC59}
2015-03-19 19:13 - 2015-03-19 19:13 - 0105058 _____ () C:\ProgramData\1426810397.bdinstall.bin
2015-03-19 23:24 - 2015-03-19 23:24 - 0105662 _____ () C:\ProgramData\1426825389.bdinstall.bin
2015-03-19 23:25 - 2015-03-19 23:25 - 0104648 _____ () C:\ProgramData\1426825513.bdinstall.bin
2015-03-19 23:26 - 2015-03-19 23:26 - 0104166 _____ () C:\ProgramData\1426825568.bdinstall.bin
2015-03-19 23:26 - 2015-03-19 23:26 - 0104786 _____ () C:\ProgramData\1426825599.bdinstall.bin
2015-03-19 23:29 - 2015-03-19 23:29 - 0104595 _____ () C:\ProgramData\1426825774.bdinstall.bin
2015-03-19 23:36 - 2015-03-19 23:36 - 0105633 _____ () C:\ProgramData\1426826141.bdinstall.bin
2015-03-19 23:37 - 2015-03-19 23:37 - 0105376 _____ () C:\ProgramData\1426826239.bdinstall.bin
2015-03-19 23:38 - 2015-03-19 23:38 - 0104867 _____ () C:\ProgramData\1426826317.bdinstall.bin
2015-03-19 23:39 - 2015-03-19 23:39 - 0104833 _____ () C:\ProgramData\1426826367.bdinstall.bin
2015-05-01 13:48 - 2015-05-01 13:48 - 0238162 _____ () C:\ProgramData\1430505773.bdinstall.bin
2015-05-10 00:13 - 2015-05-10 00:13 - 0037823 _____ () C:\ProgramData\1431234826.bdinstall.bin
2015-05-10 00:15 - 2015-05-10 00:15 - 0098256 _____ () C:\ProgramData\1431234829.bdinstall.bin
2013-09-30 17:26 - 2013-09-30 17:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-11 16:00

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by crusty at 2015-05-17 17:41:51
Running from C:\Users\crusty\Desktop
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-1502718689-3989064885-3880140442-500 - Administrator - Disabled)
crusty (S-1-5-21-1502718689-3989064885-3880140442-1002 - Administrator - Enabled) => C:\Users\crusty
Guest (S-1-5-21-1502718689-3989064885-3880140442-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502718689-3989064885-3880140442-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with “hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32.…{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Ad-Aware Antivirus (HKLM.…{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe AIR (HKLM-x32.…\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32.…{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32.…\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32.…{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM.…{82AA393A-8CF8-A2B7-EA09-88D39D151ABC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM.…{E9EED4AE-682B-4501-9574-D09A21717599}is1) (Version: 3.4.4.0 - AppEx Networks)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Audacity 2.0.5 (HKLM-x32.…\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32.…\Avast) (Version: 10.2.2218 - AVAST Software)
Botanicula (HKLM-x32.…\Botanicula) (Version: 1.0 - Amanita Design, s.r.o.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM.…\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32.…{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32.…{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32.…{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM.…\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32.…\InstallShield
{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32.…\InstallShield
{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32.…{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32.…{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Find a Word (HKLM-x32.…\Find a Word_is1) (Version: - )
foobar2000 v1.3 (HKLM-x32.…\foobar2000) (Version: 1.3 - Peter Pawlowski)
Google Chrome (HKLM-x32.…\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Talk Plugin (HKLM-x32.…{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.0.0.27 (HKLM-x32.…{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.27 - RICOH)
Java 8 Update 31 (HKLM-x32.…{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32.…{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Last.fm Scrobbler 2.1.37 (HKLM-x32.…\LastFM_is1) (Version: - Last.fm)
Lenovo Auto Scroll Utility (HKLM.…\LenovoAutoScrollUtility) (Version: 2.01 - )
Lenovo Communications Utility (HKLM.…{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.12.0 - Lenovo)
Lenovo Patch Utility (HKLM-x32.…{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM.…\Power Management Driver) (Version: 1.65.05.21 - )
Lenovo Registration (HKLM-x32.…{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo System Update (HKLM-x32.…{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0034 - Lenovo)
Lenovo User Guide (HKLM-x32.…{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32.…{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32.…{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32.…\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Message Center Plus (HKLM.…{AD130AB4-E88C-48F4-8353-B7395A4A82D1}) (Version: 3.2.0003.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM.…\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM.…\O365ProPlusRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM.…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32.…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM.…{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM.…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32.…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32.…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM.…{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32.…{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MixPad (HKLM-x32.…\MixPad) (Version: 3.54 - NCH Software)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32.…\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32.…\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32.…{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32.…{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTP Porting Kit (HKLM-x32.…{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
Nitro Pro 8 (HKLM.…{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87}) (Version: 8.5.5.2 - Nitro)
OEM Application Profile (HKLM-x32.…{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
On Screen Display (HKLM.…\OnScreenDisplay) (Version: 6.72.00 - )
OpenOffice 4.0.1 (HKLM-x32.…{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Password Vault (HKLM.…{C5BB9380-D729-410A-A440-061EBCADCCB9}) (Version: 5.4.100.232 - AuthenTec, Inc.)
Power Manager (HKLM-x32.…{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
RapidBoot HDD Accelerator (HKLM-x32.…\Fastboot) (Version: 1.0.5.11 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32.…{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32.…{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32.…{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0208 - REALTEK Semiconductor Corp.)
Skype™ 7.2 (HKLM-x32.…{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32.…\SoulseekQt) (Version: - )
SugarSync Manager (HKLM-x32.…\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
Switch Sound File Converter (HKLM-x32.…\Switch) (Version: 4.60 - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad UltraNav Driver (HKLM.…\SynTPDeinstKey) (Version: 16.4.0.3 - )
ThinkVantage Active Protection System (HKLM.…{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.20 - Lenovo)
VLC media player (HKLM-x32.…\VLC media player) (Version: 2.2.1 - VideoLAN)
WavePad Sound Editor (HKLM-x32.…\WavePad) (Version: 5.48 - NCH Software)
Winamp (HKLM-x32.…\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (HKLM.…\FD2ED46D31CE7DF190049D079E92DE03D347A634) (Version: 01/11/2012 1.65.05.21 - Lenovo)
WinRAR 5.01 (32-bit) (HKLM-x32.…\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1502718689-3989064885-3880140442-1002_Classes\CLSID{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 → C:\Users\crusty\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502718689-3989064885-3880140442-1002_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\crusty\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

10-03-2015 23:19:05 Windows Update
11-03-2015 08:44:07 Windows Update
11-03-2015 15:33:38 Windows Update
11-03-2015 17:56:03 Windows Update
12-03-2015 18:49:42 Windows Update
12-03-2015 22:22:46 Windows Update
13-03-2015 00:12:07 Windows Update
13-03-2015 16:33:11 Windows Update
14-03-2015 09:45:29 Windows Modules Installer
14-03-2015 13:42:19 Windows Update
14-03-2015 22:04:09 Windows Update
14-03-2015 22:46:40 AA11
14-03-2015 23:02:57 AA11
15-03-2015 02:54:34 Windows Update
22-03-2015 19:07:14 Windows Update
25-03-2015 18:58:17 avast! antivirus system restore point
27-03-2015 15:09:05 Windows Update
31-03-2015 08:17:54 Windows Update
03-04-2015 15:29:33 Windows Update
07-04-2015 17:34:18 Windows Update
11-04-2015 10:58:14 Removed iTunes
11-04-2015 11:18:05 Removed Apple Application Support
11-04-2015 11:19:31 Removed Apple Mobile Device Support
11-04-2015 11:20:24 Removed Apple Software Update
11-04-2015 11:21:15 Removed Bonjour
14-04-2015 09:00:34 Windows Update
15-04-2015 10:49:00 Windows Update
15-04-2015 23:24:55 Windows Update
21-04-2015 17:08:29 Windows Update
27-04-2015 00:13:57 Removed Lenovo Solution Center.
27-04-2015 09:50:29 avast! antivirus system restore point
28-04-2015 17:24:56 Windows Update
10-05-2015 11:33:43 Windows Update
12-05-2015 14:12:59 Windows Update
12-05-2015 20:58:52 avast! antivirus system restore point
13-05-2015 01:31:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0ADDFF7C-1CB2-49A7-BC66-77694C03D609} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)
Task: {0D41A550-31C5-4F3D-AF99-AF86BC807BA8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {0E03E8E5-EDC3-4E58-BD7E-B5CE3AB7DD85} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
Task: {32D149BE-35E9-4E05-BE4C-54B89A22E03B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502718689-3989064885-3880140442-1002UA => C:\Users\crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {39C9D299-6291-483E-8017-D75991E11F60} - System32\Tasks{BFE53355-F770-4DE4-BEA0-FFA3FF54E5BD} => C:\Users\crusty\Downloads\Antivirus_Free_Edition.exe
Task: {49C207A8-531B-4495-B1F2-E85644DCB539} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {4C7B3C49-D715-46E9-87F1-AB04F92A96F2} - System32\Tasks{5D9DCF27-0A13-43DA-921E-536A31187AB0} => C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE [2015-05-10] (Microsoft Corporation)
Task: {5147009F-AAB6-4139-95DB-C2ACFA5CDD17} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2013-02-05] (Lenovo)
Task: {520666E9-DD34-4675-A194-E41F092061D2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-03-27] ()
Task: {5669C001-71B4-4F48-827B-C4E1C79DD994} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {6118C9B7-BD75-497E-905B-649BA1FE26F8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-10] (Microsoft Corporation)
Task: {623DE3C0-7C1D-4DD5-A5F4-8862C74A9682} - System32\Tasks{BB8CEC4D-C3D6-49E8-B586-D09B18077045} => C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE [2015-05-10] (Microsoft Corporation)
Task: {7C716E97-9535-4887-9C78-3775203DA8C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {7D9789A2-3E77-47C5-BDA7-10EA759155FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {83B4D890-725E-4677-AC0C-B0555DECBE00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502718689-3989064885-3880140442-1002Core => C:\Users\crusty\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {90483C9E-22F2-403D-AF1F-3643F01BEFD8} - System32\Tasks\Dolby => c:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {A5EDA928-9C32-4DFA-9508-676BD4E2B70D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-27] (Avast Software s.r.o.)
Task: {AA1405A6-16A0-4EBD-B1AF-C1C8C335D9AD} - System32\Tasks{BEE7729E-76E7-4F25-B373-F85516B5B256} => C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE [2015-05-10] (Microsoft Corporation)
Task: {B6254323-C82A-4059-BC2A-FEB57D7FF0CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {B850481D-66E0-4644-9CDE-B3A75A8321A5} - System32\Tasks{15F44575-6A77-473A-B7F8-0D4C225DA596} => C:\Users\crusty\Downloads\Antivirus_Free_Edition.exe
Task: {BB4FB840-9D06-42F1-949C-AD4E108C4613} - System32\Tasks{05561E43-6403-48D1-B063-6D452734A0B8} => C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE [2015-05-10] (Microsoft Corporation)
Task: {BFD08254-0AFD-4DE8-8708-E3345BBCA8AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-10] (Microsoft Corporation)
Task: {C2140255-8FD9-4764-A3B1-B40CBA7CEF8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {C370917D-C4CD-4373-904C-05EBC1F81B8A} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {CD07762E-230B-4AB3-A0FF-829BF1B915E2} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {D2D826EB-A261-4658-8C6F-7226E6EAEA62} - System32\Tasks{8C0EC503-F86B-42D1-A894-0B840E6F1287} => C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE [2015-05-10] (Microsoft Corporation)
Task: {D9484846-66B3-4AA3-98A1-51D20B5329A7} - System32\Tasks{4B4F3D8A-BD51-47B5-9B2D-1AD80A38F697} => C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE [2015-05-10] (Microsoft Corporation)
Task: {E6735D53-C8C6-49F0-BC59-774EEDA73491} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {E719FEF1-FB4E-45FF-BA74-34C125C60FBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-10] (Microsoft Corporation)
Task: {FE59BB86-3132-4A42-A80E-2C5A8860630B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502718689-3989064885-3880140442-1002Core.job => C:\Users\crusty\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502718689-3989064885-3880140442-1002UA.job => C:\Users\crusty\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-09 19:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-06-07 02:03 - 2012-06-07 02:03 - 01163624 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2012-06-07 02:04 - 2012-06-07 02:04 - 00087912 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2015-05-09 23:10 - 2015-05-10 01:51 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-30 17:28 - 2012-05-15 16:32 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2013-09-30 17:26 - 2010-10-25 23:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-04-27 09:51 - 2015-04-27 09:51 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-27 09:51 - 2015-04-27 09:51 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-17 17:25 - 2015-05-17 17:25 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051701\algo.dll
2013-09-30 17:36 - 2012-11-21 04:49 - 00033072 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-09-30 17:29 - 2011-08-02 19:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-09-30 17:29 - 2011-08-02 19:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-03-25 19:02 - 2015-03-25 19:02 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-09 23:14 - 2015-05-10 01:56 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\crusty\Downloads\Setup.X86.en-us_O365ProPlusRetail_b356a858-a34a-450c-a628-b5729d479ce1_TX_PR_.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1502718689-3989064885-3880140442-1002\Control Panel\Desktop\Wallpaper → C:\Users\crusty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Google Update => “C:\Users\crusty\AppData\Local\Google\Update\GoogleUpdate.exe” /c
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D91EF46C-1F55-4191-B06E-E6CB3FC70CA2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4E8481D5-8D1D-4E71-BEA5-3F9520EB212B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{BE5B5C88-A43C-4C7F-89B0-1753BA8CB901}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{3EF0799D-BB79-4D57-BCC7-68D4C2EAFA89}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{F7E76B58-4727-491A-895C-FA0B2C442FF0}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{384E45BC-064F-4BD9-A104-5C4477EA53AD}] => (Allow) LPort=55124
FirewallRules: [{1A8DD6D4-9CFA-4EA8-A935-3D28C2C6E796}] => (Allow) %ProgramFiles% (x86)\SoulseekQt\SoulseekQt.exe
FirewallRules: [{2FA85A69-7172-47D3-A6C5-B739B86129FF}] => (Allow) %ProgramFiles% (x86)\SoulseekQt\SoulseekQt.exe
FirewallRules: [{D674BFAC-D590-4D39-83E5-F651C89B0889}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F9C7183C-6A6F-4D4F-BBA0-9FCC75FCCA71}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{85C80BE9-79B9-46FE-A8B4-4FEC12021A09}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D24449CC-86E5-484B-95B7-48930139F73F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E1E4F407-9047-4E72-804D-E0BFD95C6D2C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D961BB48-1BBA-417F-B862-E466B3800527}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1726D298-B24F-4135-A7E3-94C8C32D56E2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6AB286B8-9891-45F0-8957-73A1E10BA361}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1ADE121C-AB20-4930-92CE-8656B459C662}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{F66E54B5-8BC5-4347-8FFD-87870B4EF661}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{2E8A6B36-915D-4E80-83B0-AC9EECD11489}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CFBF21AA-50B9-48DE-B838-D60EBD600603}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CAD068BE-D5BA-41D8-9588-64D0244E8B36}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{DE920404-3A0E-4E5F-8962-95A8EDDDE99F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D11E61D4-E4CE-4965-9ABD-AF58F8535A8F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1BF6A8BC-D5EE-40B3-AFA9-4CD9B0CA9335}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check “winmgmt” service or repair WMI.

==================== Event log errors: =========================

Application errors:

Error: (05/17/2015 05:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 05:35:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x678
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3

Error: (05/17/2015 05:26:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 05:24:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x670
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3

Error: (05/17/2015 10:14:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 10:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x67c
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3

Error: (05/17/2015 00:08:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:07:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x5bc
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3

Error: (05/16/2015 01:34:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 01:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51783f5d
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x634
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3

System errors:

Error: (05/17/2015 05:35:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The On Screen Display service terminated with the following error:
%%13

Error: (05/17/2015 05:26:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly. It has done this 1 time(s).

Error: (05/17/2015 05:25:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The On Screen Display service terminated with the following error:
%%13

Error: (05/17/2015 10:49:28 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (05/17/2015 10:16:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/17/2015 10:15:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly. It has done this 1 time(s).

Error: (05/17/2015 10:13:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The On Screen Display service terminated with the following error:
%%13

Error: (05/17/2015 00:55:38 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (05/17/2015 00:10:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/17/2015 00:10:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:

Error: (05/17/2015 05:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 05:35:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351783f5datieclxx.exe6.14.11.114351783f5dc0000005000000000002ea1967801d090f1b0c5ff3bC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exef7d4568e-fce4-11e4-9052-208984d8a3ac

Error: (05/17/2015 05:26:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 05:24:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351783f5datieclxx.exe6.14.11.114351783f5dc0000005000000000002ea1967001d090f046204a14C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe8d2c4006-fce3-11e4-9b1b-208984d8a3ac

Error: (05/17/2015 10:14:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 10:13:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351783f5datieclxx.exe6.14.11.114351783f5dc0000005000000000002ea1967c01d090b3f7f2c4aeC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe3f70fcae-fca7-11e4-8a9c-208984d8a3ac

Error: (05/17/2015 00:08:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:07:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351783f5datieclxx.exe6.14.11.114351783f5dc0000005000000000002ea195bc01d0905f5d2d5236C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exea40c0e04-fc52-11e4-9cd0-208984d8a3ac

Error: (05/16/2015 01:34:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 01:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351783f5datieclxx.exe6.14.11.114351783f5dc0000005000000000002ea1963401d09006bf2c21aeC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe07b9b68d-fbfa-11e4-8b42-208984d8a3ac

CodeIntegrity Errors:

Date: 2015-04-30 08:40:13.937
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-30 08:40:13.750
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-30 08:39:44.437
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-30 08:39:44.234
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A6-5350M APU with Radeon™ HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3224.75 MB
Available physical RAM: 1630.38 MB
Total Pagefile: 6447.7 MB
Available Pagefile: 4556.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:278.85 GB) (Free:136.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:7.21 GB) (Free:6.49 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:17.77 GB) (Free:6.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1A1E5DB0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

THANK YOU SO MUCH FOR YOUR HELP! <3

I really appreciate it.

Can you please attach both reports instead of copy/paste? Thanks :slight_smile:

Hello,

Twin, See attached for her files.

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/warning.gif
Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

[]Ad-Aware
[
]avast! Antivirus

Uninstallation procedure:

[*]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png

  • R on your keyboard at the same time. Type appwiz.cpl and click OK.
    [*]Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by crusty on Mon 05/18/2015 at 11:17:08.50.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\crusty\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5/18/2015 11:20:46 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Intel deleted successfully
C:\PROGRA~2\Malwarebytes’ Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\crusty\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\crusty\AppData\Roaming\QuickScan deleted successfully
C:\Users\crusty\AppData\Roaming\Recordpad deleted successfully
C:\Users\Administrator\AppData\Local\Lenovo deleted successfully
C:\Users\crusty\AppData\Local\FluxSoftware deleted successfully
C:\Users\crusty\AppData\Local\LSC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1502718689-3989064885-3880140442-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Intel not found
C:\Users\crusty\AppData\Roaming\findaworddictionary.txt deleted
C:\Windows\wininit.ini deleted
“C:\Users\crusty\AppData\Local{6386D9B5-8002-46E6-A576-38078BBECC59}” deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\crusty\AppData\Roaming\Mozilla\Firefox\Profiles\p1jvloxp.default-1430060136336
user_pref(“browser.startup.homepage”, “https://ixquick.com/”);
user_pref(“browser.search.defaultenginename.US”, “Ixquick HTTPS”);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
wrc@avast.com”=“C:\Program Files\AVAST Software\Avast\WebRep\FF” [05/12/2015 09:00 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\crusty\AppData\Roaming\Mozilla\Firefox\Profiles\p1jvloxp.default-1430060136336

  • Adblock Plus - %ProfilePath%\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

  • Default - %AppDir%\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
  • TrueSuite Website Logon - %AppDir%\distribution\bundles\websitelogon@truesuite.com

==== Firefox Plugins ======================

Profilepath: C:\Users\crusty\AppData\Roaming\Mozilla\Firefox\Profiles\p1jvloxp.default-1430060136336
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
08ACECEB47FAF053C468D8AFE44709AD - C:\Users\crusty\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\crusty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\crusty\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.152

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cdkedefaddcdlpmiafhicjnkbogjiogj - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx[03/14/2012 12:31 AM]
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[08/06/2014 05:17 PM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/25/2015 07:02 PM]

Avast SafePrice - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Blur - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd
AdBlock - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Bookmark Manager - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Social Fixer for Facebook - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb
Universe - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcicgpahfpikagbhofhehldknadneld
Chrome Hotword Shared Module - crusty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Preferences
“startup_urls”: [ “https://ixquick.com/do/mypage.pl?prf=3315f6c1cea1b20a7bc3abde4dceaca4” ]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”=“{7AB829C3-4154-446B-BE1B-DAF5CA7F7004}”

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
{7AB829C3-4154-446B-BE1B-DAF5CA7F7004} Unknown Url=“Not_Found”

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1502718689-3989064885-3880140442-1002\Software\Microsoft\Internet Explorer\SearchScopes{7AB829C3-4154-446B-BE1B-DAF5CA7F7004} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{7AB829C3-4154-446B-BE1B-DAF5CA7F7004} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{7AB829C3-4154-446B-BE1B-DAF5CA7F7004} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\crusty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\crusty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\crusty\AppData\Local\Mozilla\Firefox\Profiles\p1jvloxp.default-1430060136336\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\crusty\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=0 703572 bytes)

==== Empty Temp Folders ======================

C:\Users\crusty\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\crusty\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:$RECYCLE.BIN successfully emptied

==== EOF on Mon 05/18/2015 at 12:20:45.21 ======================

How is your PC behaving now?