Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish Presario CQ57


  • This topic is locked This topic is locked
10 replies to this topic

#1 clemkonan

clemkonan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:45 AM

Posted 14 December 2013 - 02:42 PM

Compaq Presario CQ57

8 Gig of Kingston Ram

Windows 7

Vipre anti virus

MS office 2010

Small Business machine

 

This is my business PC I need it to interview candidates but it is very sluggish , with 4 small Excel  sheets open at times it becomes unresponsive. I have erased the HD twice and restored to factory defaults  only to have the same problem  with 6-8 weeks.

 

 

My first move was to update the 2 gig of Ram to 8 Gig but no noticeable  difference , I have Vipre and I ran memtest over 16 passes with no errors. My back up PC is doing better with only 2 Gig of Ram

 

MiniToolBox Data

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Clem Griffiths (administrator) on 14-12-2013 at 12:50:28
Running from "C:\Users\Clem Griffiths\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/14/2013 00:43:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2013 00:21:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2013 00:09:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2013 11:50:30 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1214
 
Start Time: 01cef8ec4cca8787
 
Termination Time: 296
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (12/14/2013 11:45:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: SOLAR.exe, version: 1.0.0.0, time stamp: 0x5299060e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0x1160
Faulting application start time: 0xSOLAR.exe0
Faulting application path: SOLAR.exe1
Faulting module path: SOLAR.exe2
Report Id: SOLAR.exe3
 
Error: (12/14/2013 11:45:42 AM) (Source: .NET Runtime) (User: )
Description: Application: SOLAR.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Windows.Forms.Control.WaitForWaitHandle(System.Threading.WaitHandle)
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
   at wyDay.Controls.AutomaticUpdater.auBackend_UpToDate(System.Object, wyDay.Controls.SuccessArgs)
   at wyDay.Controls.AutomaticUpdaterBackend.AlreadyUpToDate()
   at wyDay.Controls.AutomaticUpdaterBackend.StartNextStep(wyUpdate.Common.UpdateStep)
   at wyDay.Controls.AutomaticUpdaterBackend.updateHelper_ProgressChanged(System.Object, wyUpdate.Common.UpdateHelperData)
   at wyDay.Controls.UpdateHelper.ProcessReceivedMessage(wyUpdate.Common.UpdateHelperData)
   at wyDay.Controls.UpdateHelper.SafeProcessReceivedMessage(Byte[])
   at wyDay.Controls.PipeClient.Read()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (12/14/2013 11:28:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 10:55:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 11:04:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 08:06:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/14/2013 00:46:11 PM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/14/2013 00:42:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/14/2013 00:20:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/14/2013 00:10:10 PM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/14/2013 00:08:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/14/2013 11:39:46 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/14/2013 11:27:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/14/2013 11:27:15 AM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff80002d75654, 0xfffff880079ae390, 0x0000000000000000)C:\Windows\MEMORY.DMP121413-33867-01
 
Error: (12/14/2013 11:27:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:05:37 PM on ?12/?13/?2013 was unexpected.
 
Error: (12/13/2013 10:58:39 PM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 2 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (12/14/2013 00:43:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2013 00:21:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2013 00:09:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/14/2013 11:50:30 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16526121401cef8ec4cca8787296C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (12/14/2013 11:45:51 AM) (Source: Application Error)(User: )
Description: SOLAR.exe1.0.0.05299060eKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f116001cef8ebd34589fcC:\Program Files (x86)\SAI Global\SOLAR\SOLAR.exeC:\Windows\syswow64\KERNELBASE.dll3040363d-64df-11e3-b83b-2c27d70ce590
 
Error: (12/14/2013 11:45:42 AM) (Source: .NET Runtime)(User: )
Description: Application: SOLAR.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Windows.Forms.Control.WaitForWaitHandle(System.Threading.WaitHandle)
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
   at wyDay.Controls.AutomaticUpdater.auBackend_UpToDate(System.Object, wyDay.Controls.SuccessArgs)
   at wyDay.Controls.AutomaticUpdaterBackend.AlreadyUpToDate()
   at wyDay.Controls.AutomaticUpdaterBackend.StartNextStep(wyUpdate.Common.UpdateStep)
   at wyDay.Controls.AutomaticUpdaterBackend.updateHelper_ProgressChanged(System.Object, wyUpdate.Common.UpdateHelperData)
   at wyDay.Controls.UpdateHelper.ProcessReceivedMessage(wyUpdate.Common.UpdateHelperData)
   at wyDay.Controls.UpdateHelper.SafeProcessReceivedMessage(Byte[])
   at wyDay.Controls.PipeClient.Read()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (12/14/2013 11:28:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 10:55:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 11:04:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2013 08:06:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
AccelerateTab (Version: 1.4)
Adobe AIR (Version: 3.9.0.1380)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
Adobe Shockwave Player 12.0 (Version: 12.0.6.147)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
AMD Fuel (Version: 2011.0304.1135.20703)
ATI Catalyst Install Manager (Version: 3.0.808.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.6585)
Bounce Symphony (Version: 2.2.0.95)
Brother MFL-Pro Suite DCP-7065DN (Version: 1.1.3.0)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0304.1135.20703)
Catalyst Control Center InstallProxy (Version: 2011.0304.1135.20703)
Catalyst Control Center Localization All (Version: 2011.0304.1135.20703)
CCC Help Chinese Standard (Version: 2011.0304.1134.20703)
CCC Help Chinese Traditional (Version: 2011.0304.1134.20703)
CCC Help Czech (Version: 2011.0304.1134.20703)
CCC Help Danish (Version: 2011.0304.1134.20703)
CCC Help Dutch (Version: 2011.0304.1134.20703)
CCC Help English (Version: 2011.0304.1134.20703)
CCC Help Finnish (Version: 2011.0304.1134.20703)
CCC Help French (Version: 2011.0304.1134.20703)
CCC Help German (Version: 2011.0304.1134.20703)
CCC Help Greek (Version: 2011.0304.1134.20703)
CCC Help Hungarian (Version: 2011.0304.1134.20703)
CCC Help Italian (Version: 2011.0304.1134.20703)
CCC Help Japanese (Version: 2011.0304.1134.20703)
CCC Help Korean (Version: 2011.0304.1134.20703)
CCC Help Norwegian (Version: 2011.0304.1134.20703)
CCC Help Polish (Version: 2011.0304.1134.20703)
CCC Help Portuguese (Version: 2011.0304.1134.20703)
CCC Help Russian (Version: 2011.0304.1134.20703)
CCC Help Spanish (Version: 2011.0304.1134.20703)
CCC Help Swedish (Version: 2011.0304.1134.20703)
CCC Help Thai (Version: 2011.0304.1134.20703)
CCC Help Turkish (Version: 2011.0304.1134.20703)
ccc-core-static (Version: 2011.0304.1135.20703)
ccc-utility64 (Version: 2011.0304.1135.20703)
CCleaner (Version: 4.08)
Cepstral Callie 6.2.3 (Version: 6.2.3.801)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compaq Setup Manager (Version: 1.1.13155.3599)
Connect (Version: 1.4.12253.0)
CyberLink YouCam (Version: 3.2.1.3726)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HGST Align Tool (Version: 2.0.154)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MovieStore (Version: 1.0.045)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.8)
HP Quick Launch (Version: 2.7.2)
HP Setup (Version: 8.6.4516.3597)
HP Software Framework (Version: 4.6.10.1)
HP Support Assistant (Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.10.0)
iAudit (Version: 13.11.2)
IObit Apps Toolbar v8.4 (Version: 8.4)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 45 (64-bit) (Version: 6.0.450)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6287)
Realtek PCIE Card Reader (Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (Version: 1.00.11.0706)
Recovery Manager (Version: 1.0.22)
RoxioNow Player (Version: 1.9.5.103)
Seagate Dashboard 2.0 (Version: 2.2.29.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SetupHelperInstall (Version: 1.00.0000)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.11 (Version: 6.11.102)
Smart Defrag 2 (Version: 2.9)
SOLAR Shell  (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 15.2.4.3)
TextAloud 3.0 (Version: 3.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VIPRE Internet Security (Version: 7.0.6.2)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Zuma Deluxe (Version: 2.2.0.95)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 28%
Total physical RAM: 7674.91 MB
Available physical RAM: 5516.59 MB
Total Pagefile: 15347.99 MB
Available Pagefile: 12921.95 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.43 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:218.59 GB) (Free:152.47 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14 GB) (Free:1.75 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\AUDITPC
 
Administrator            Clem Griffiths           Guest                    
QTemp                    
 
 
**** End of log ****
 
Snapshot  from Speccy
Not sure if I got this right but here goes
 

Edited by hamluis, 14 December 2013 - 05:22 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,094 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:45 AM

Posted 14 December 2013 - 03:50 PM

Thanks for posting the good info :), wish more did it from the beginning.

 

I probably won't really take a look until later tonight, but I will review your topic today.

 

Louis

 

SearchSettings.exe       Process ID: 3260        Path: C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
 
This appears to be related to malware, moving topic to Am I Infected for further work there.
 
Louis

Edited by hamluis, 14 December 2013 - 05:21 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 14 December 2013 - 09:43 PM

Hello klemconan


Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
----------


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
----------

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 clemkonan

clemkonan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:45 AM

Posted 15 December 2013 - 08:08 PM

Thanks for the feedback the summary / log follows below. I have not seen any significant improvement , its better but not significantly so and the litmus test to that effect is a 8 year old  Semptron cpu running XP that is getting to web sites and rendering pages quickly and smoothly.

 

Is there a benchmark test I can run that will give me a score for this CQ57 vs other CQ57's with the same or less Ram?

Would it help to do a back up and restore to factory settings?

 

Thanks

 

Adwcleaner log:

# AdwCleaner v3.015 - Report created 15/12/2013 at 12:58:28
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Clem Griffiths - AUDITPC
# Running from : C:\Users\Clem Griffiths\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Secure Speed Dial
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Clem Griffiths\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\QTemp\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Folder Deleted : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Search Settings
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [2246 octets] - [15/12/2013 00:30:01]
AdwCleaner[R1].txt - [2293 octets] - [15/12/2013 12:03:12]
AdwCleaner[R2].txt - [7039 octets] - [15/12/2013 12:47:43]
AdwCleaner[S0].txt - [6444 octets] - [15/12/2013 12:58:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6504 octets] ##########
 

Adware Log a second run:

# AdwCleaner v3.015 - Report created 15/12/2013 at 00:30:01
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Clem Griffiths - AUDITPC
# Running from : C:\Users\Clem Griffiths\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Application Updater
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Found : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Found : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Found : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Folder Found : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Found : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Found : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Found : C:\Users\QTemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Folder Found C:\Program Files (x86)\Application Updater
Folder Found C:\Program Files (x86)\Common Files\Spigot
Folder Found C:\Program Files (x86)\IObit Apps Toolbar
Folder Found C:\Program Files (x86)\Secure Speed Dial
Folder Found C:\ProgramData\Uniblue\DriverScanner
Folder Found C:\Users\Clem Griffiths\AppData\LocalLow\Search Settings
Folder Found C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Found C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found C:\Users\QTemp\AppData\LocalLow\Search Settings
 
***** [ Shortcuts ] *****
 

Junkremoval Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Clem Griffiths on Sun 12/15/2013 at 13:14:24.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Clem Griffiths\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/15/2013 at 13:40:00.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malware Log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.15.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Clem Griffiths :: AUDITPC [administrator]
 
Protection: Enabled
 
12/15/2013 2:18:00 PM
mbam-log-2013-12-15 (14-18-00).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374417
Time elapsed: 1 hour(s), 20 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 15 December 2013 - 09:24 PM

Hi
Uninstall this, outdated and exploitable
Java™ 6 Update 45 (64-bit) (Version: 6.0.450)


You had a Spigot infection. this many times brings others, We need to be clean before any considering restore/

Is there a benchmark test I can run that will give me a score for this CQ57 vs other CQ57's with the same or less Ram?

Ask that in Hardware, I am not sure.
 
 
 
Run these and then we will do a system file check.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Last run ESET. This may need a few hours.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 clemkonan

clemkonan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:45 AM

Posted 15 December 2013 - 09:53 PM

Does this mean Vipre cannot find and fix this sort of problem I have been running Vipre for about a year. I was pushed for time time I am already in the process of restoring the system to factory settings.

Which programs should I acquire to stop this problem from happening again?

 

I have been applying the advice to both of my laptops so I will continue with your recommendation on the other laptop just in case and will do same for subject laptop after I have restored it to factory defaults.

 

Thanks for your help I will be following your site closely 



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 16 December 2013 - 11:05 AM

Ok, run the 3 tools after the restore.


Most likely the infections were acquired thru downloads.. Many apps and some tools install "extra" as part of the "recommended " install procedure..

I always use custom so I can unchec these extra items before te install..

Here's another example

Adobe Reader's install.......
Notice the middle column. It contains a box that if NOT unchecked will install both Google Chrome and it's Toolbar.
I for one do not install any toolbars.

Look here
http://get.adobe.com/reader/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 clemkonan

clemkonan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:45 AM

Posted 16 December 2013 - 11:21 AM

Bad call on my part , I am  running everything again and will post. After going back to factory defaults the system came back strong , very fast then I start noticing "pop up" advertisements flying everywhere so I the  Avast scanner and got something like the following :

Servicetrusted installer C:/ windows\ services\ Trustedinstaller.exe, "Hidden"

 

This was after installed my company's database ( Solar) and downloading : FoxitReader, Google Chrome and another company program called iAudit thats all. 

 

I am running everything on your post and will post later ( finding stuff)

I need to clean and hopefully you have a deselection solution Ad-Aware used to have something.

Stay with me I do not want to create a new post . For now here are 2 logs

 

# AdwCleaner v3.015 - Report created 16/12/2013 at 09:22:05
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Clem Griffiths - QTEMP_2013
# Running from : C:\Users\Clem Griffiths\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
Service Deleted : WajamUpdaterV3
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Wajam
Folder Deleted : C:\Users\Clem Griffiths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [6688 octets] - [16/12/2013 09:10:36]
AdwCleaner[S0].txt - [5788 octets] - [16/12/2013 09:22:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5848 octets] ##########
 

A second run

 

# AdwCleaner v3.015 - Report created 16/12/2013 at 10:27:18
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Clem Griffiths - QTEMP_2013
# Running from : C:\Users\Clem Griffiths\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Folder Deleted : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Clem Griffiths\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6688 octets] - [16/12/2013 09:10:36]
AdwCleaner[R1].txt - [1302 octets] - [16/12/2013 09:35:56]
AdwCleaner[S0].txt - [5944 octets] - [16/12/2013 09:22:05]
AdwCleaner[S1].txt - [1231 octets] - [16/12/2013 10:27:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1291 octets] ##########
Combofix
ComboFix 13-12-16.01 - Clem Griffiths 12/16/2013  10:38:51.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7787.6578 [GMT -8:00]
Running from: c:\users\Clem Griffiths\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-16 to 2013-12-16  )))))))))))))))))))))))))))))))
.
.
2013-12-16 18:52 . 2013-12-16 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-16 18:32 . 2013-12-16 18:32 -------- d-----w- c:\programdata\InternetUpdater
2013-12-16 17:10 . 2013-12-16 18:27 -------- d-----w- C:\AdwCleaner
2013-12-16 16:53 . 2013-12-16 16:53 -------- d-----w- c:\windows\ERUNT
2013-12-16 15:09 . 2013-12-16 17:25 -------- d-----w- c:\windows\system32\drivers\NISx64\1206000.01D
2013-12-16 08:30 . 2013-12-16 08:30 -------- d-----w- c:\program files\Microsoft Office
2013-12-16 08:29 . 2013-12-16 08:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-12-16 08:28 . 2013-12-16 08:44 -------- d-----w- c:\windows\SHELLNEW
2013-12-16 08:28 . 2013-12-16 08:54 -------- d-----w- c:\programdata\Microsoft Help
2013-12-16 08:27 . 2013-12-16 08:27 -------- d-----r- C:\MSOCache
2013-12-16 08:08 . 2013-12-16 08:08 -------- d-----w- c:\program files (x86)\Foxit Software
2013-12-16 08:06 . 2013-12-16 08:06 -------- d-----w- c:\programdata\Updater
2013-12-16 08:06 . 2013-12-16 08:06 -------- d-----w- c:\programdata\RHelpers
2013-12-16 08:06 . 2013-12-16 08:06 -------- d-----w- c:\programdata\Websteroids
2013-12-16 07:44 . 2013-12-16 07:44 -------- d-----w- c:\program files (x86)\iAudit
2013-12-16 07:44 . 2013-12-16 07:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-12-16 07:29 . 2013-12-16 08:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-12-16 07:01 . 2013-12-16 07:01 -------- d-----w- c:\program files (x86)\SAI Global
2013-12-16 06:51 . 2013-12-16 06:52 -------- d-----w- c:\program files (x86)\Google
2013-12-16 06:42 . 2013-12-16 06:42 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-12-16 06:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-12-16 06:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-12-16 06:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-12-16 06:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-12-16 06:15 . 2013-12-16 06:15 -------- d-----w- c:\users\Public\Symantec
2013-12-16 06:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-12-16 06:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-12-16 06:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-12-16 06:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-12-16 06:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-12-16 06:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-12-16 06:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-12-16 06:11 . 2012-06-02 23:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-12-16 06:11 . 2012-06-02 23:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-12-16 06:11 . 2013-12-16 07:40 -------- d-----w- c:\users\Clem Griffiths
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 15:11 . 2013-10-22 00:16 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-12-16 06:13 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-10-22 00:44 . 2013-10-22 00:44 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-10-22 00:44 . 2013-10-22 00:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-10-22 00:44 . 2013-10-22 00:44 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-10-22 00:44 . 2013-10-22 00:44 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-10-22 00:44 . 2013-10-22 00:44 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-10-22 00:44 . 2013-10-22 00:44 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-10-22 00:43 . 2013-10-22 00:43 357888 ----a-w- c:\windows\system32\dnsapi.dll
2013-10-22 00:43 . 2013-10-22 00:43 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-10-22 00:43 . 2013-10-22 00:43 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2013-10-22 00:43 . 2013-10-22 00:43 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-10-22 00:43 . 2013-10-22 00:43 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2013-10-22 00:43 . 2013-10-22 00:43 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-10-22 00:43 . 2013-10-22 00:43 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-10-22 00:42 . 2013-10-22 00:42 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-22 00:42 . 2013-10-22 00:42 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-10-22 00:42 . 2013-10-22 00:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-22 00:42 . 2013-10-22 00:42 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-22 00:42 . 2013-10-22 00:42 3135488 ----a-w- c:\windows\system32\win32k.sys
2013-10-22 00:42 . 2013-10-22 00:42 1395712 ----a-w- c:\windows\system32\mfc42.dll
2013-10-22 00:42 . 2013-10-22 00:42 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2013-10-22 00:42 . 2013-10-22 00:42 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2013-10-22 00:42 . 2013-10-22 00:42 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2013-10-22 00:42 . 2013-10-22 00:42 642944 ----a-w- c:\windows\system32\winload.efi
2013-10-22 00:42 . 2013-10-22 00:42 605552 ----a-w- c:\windows\system32\winload.exe
2013-10-22 00:42 . 2013-10-22 00:42 566208 ----a-w- c:\windows\system32\winresume.efi
2013-10-22 00:42 . 2013-10-22 00:42 518672 ----a-w- c:\windows\system32\winresume.exe
2013-10-22 00:42 . 2013-10-22 00:42 20352 ----a-w- c:\windows\system32\kdusb.dll
2013-10-22 00:42 . 2013-10-22 00:42 19328 ----a-w- c:\windows\system32\kd1394.dll
2013-10-22 00:42 . 2013-10-22 00:42 17792 ----a-w- c:\windows\system32\kdcom.dll
2013-10-22 00:41 . 2013-10-22 00:41 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-10-22 00:41 . 2013-10-22 00:41 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-10-22 00:40 . 2013-10-22 00:40 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-10-22 00:39 . 2013-10-22 00:39 961024 ----a-w- c:\windows\system32\CPFilters.dll
2013-10-22 00:39 . 2013-10-22 00:39 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2013-10-22 00:39 . 2013-10-22 00:39 723968 ----a-w- c:\windows\system32\EncDec.dll
2013-10-22 00:39 . 2013-10-22 00:39 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2013-10-22 00:39 . 2013-10-22 00:39 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2013-10-22 00:39 . 2013-10-22 00:39 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2013-10-22 00:39 . 2013-10-22 00:39 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2013-10-22 00:39 . 2013-10-22 00:39 1118720 ----a-w- c:\windows\system32\sbe.dll
2013-10-22 00:01 . 2013-10-22 00:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-10-22 00:01 . 2013-10-22 00:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-10-22 00:01 . 2013-10-22 00:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-22 00:01 . 2013-10-22 00:01 96256 ----a-w- c:\windows\system32\mshtmled.dll
2013-10-22 00:01 . 2013-10-22 00:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-10-22 00:01 . 2013-10-22 00:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-22 00:01 . 2013-10-22 00:01 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-10-22 00:01 . 2013-10-22 00:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-10-22 00:01 . 2013-10-22 00:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-22 00:01 . 2013-10-22 00:01 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-10-22 00:01 . 2013-10-22 00:01 82432 ----a-w- c:\windows\system32\icardie.dll
2013-10-22 00:01 . 2013-10-22 00:01 818176 ----a-w- c:\windows\system32\jscript.dll
2013-10-22 00:01 . 2013-10-22 00:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-10-22 00:01 . 2013-10-22 00:01 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-10-22 00:01 . 2013-10-22 00:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-10-22 00:01 . 2013-10-22 00:01 697344 ----a-w- c:\windows\system32\msfeeds.dll
2013-10-22 00:01 . 2013-10-22 00:01 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-10-22 00:01 . 2013-10-22 00:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-10-22 00:01 . 2013-10-22 00:01 603648 ----a-w- c:\windows\system32\vbscript.dll
2013-10-22 00:01 . 2013-10-22 00:01 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-10-22 00:01 . 2013-10-22 00:01 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-10-22 00:01 . 2013-10-22 00:01 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-10-22 00:01 . 2013-10-22 00:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-10-22 00:01 . 2013-10-22 00:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-10-22 00:01 . 2013-10-22 00:01 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-10-22 00:01 . 2013-10-22 00:01 448512 ----a-w- c:\windows\system32\html.iec
2013-10-22 00:01 . 2013-10-22 00:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-10-22 00:01 . 2013-10-22 00:01 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-10-22 00:01 . 2013-10-22 00:01 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-10-22 00:01 . 2013-10-22 00:01 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-10-22 00:01 . 2013-10-22 00:01 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-10-22 00:01 . 2013-10-22 00:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-10-22 00:01 . 2013-10-22 00:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-22 00:01 . 2013-10-22 00:01 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-10-22 00:01 . 2013-10-22 00:01 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-10-22 00:01 . 2013-10-22 00:01 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-10-22 00:01 . 2013-10-22 00:01 248320 ----a-w- c:\windows\system32\ieui.dll
2013-10-22 00:01 . 2013-10-22 00:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-22 00:01 . 2013-10-22 00:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-22 00:01 . 2013-10-22 00:01 236544 ----a-w- c:\windows\system32\url.dll
2013-10-22 00:01 . 2013-10-22 00:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-10-22 00:01 . 2013-10-22 00:01 2303488 ----a-w- c:\windows\system32\jscript9.dll
2013-10-22 00:01 . 2013-10-22 00:01 222208 ----a-w- c:\windows\system32\msls31.dll
2013-10-22 00:01 . 2013-10-22 00:01 2136064 ----a-w- c:\windows\system32\iertutil.dll
2013-10-22 00:01 . 2013-10-22 00:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-10-22 00:01 . 2013-10-22 00:01 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-10-22 00:01 . 2013-10-22 00:01 17773056 ----a-w- c:\windows\system32\mshtml.dll
2013-10-22 00:01 . 2013-10-22 00:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-22 00:01 . 2013-10-22 00:01 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-10-22 00:01 . 2013-10-22 00:01 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-10-22 00:01 . 2013-10-22 00:01 160256 ----a-w- c:\windows\system32\wextract.exe
2013-10-22 00:01 . 2013-10-22 00:01 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-10-22 00:01 . 2013-10-22 00:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-10-22 00:01 . 2013-10-22 00:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-10-22 00:01 . 2013-10-22 00:01 149504 ----a-w- c:\windows\system32\occache.dll
2013-10-22 00:01 . 2013-10-22 00:01 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-22 00:01 . 2013-10-22 00:01 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-10-22 00:01 . 2013-10-22 00:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Updater"="c:\programdata\Updater\updater.exe" [2013-11-20 481656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Updater"="c:\programdata\Updater\Updater.exe" [2013-11-20 481656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 InternetUpdater;Internet Updater;c:\programdata\InternetUpdater\InternetUpdaterService.exe;c:\programdata\InternetUpdater\InternetUpdaterService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20131213.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20131213.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-16 06:52 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16 06:51]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16 06:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.71.255.204 64.71.255.198
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FileParade Bundle - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-16  10:58:53
ComboFix-quarantined-files.txt  2013-12-16 18:58
.
Pre-Run: 190,792,204,288 bytes free
Post-Run: 190,648,827,904 bytes free
.
- - End Of File - - 0C12C4FA7B177E69DF0F277158BCBE03
A36C5E4F47E84449FF07ED3517B43A31
 

Regards

Clemkonan 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 16 December 2013 - 11:34 AM

Hi ... here's what you have to do now.. The finding.. Servicetrusted installer C:/ windows\ services\ Trustedinstaller.exe, "Hidden" ... is a Rootkit infection.

But since you have run ComboFix,we can no longer work this topic here in AII forum by board rules. You must now repost that combo log here

 

Virus, Trojan, Spyware, and Malware Removal Logs         

 

Include this link back to this topic

http://www.bleepingcomputer.com/forums/t/517474/sluggish-presario-cq57/#entry3234847


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 clemkonan

clemkonan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:45 AM

Posted 16 December 2013 - 12:01 PM

Here is the JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Clem Griffiths on Mon 12/16/2013 at 11:25:55.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1687622520-3324627805-2579811440-1002\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/16/2013 at 11:50:42.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 16 December 2013 - 08:56 PM

Thank you!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users