Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

astromenda and linkey slow HP laptop


  • This topic is locked This topic is locked
6 replies to this topic

#1 cosmos600

cosmos600

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 14 August 2014 - 06:14 AM

Hi

Please could someone help. I have recently upgraded my laptop HP dm1 windows ultimate 7 64 os with a new hard drive 750 WD and 4 RAM as it was running slow. It still is running slow and the c drive has 37 gb even though most of my files are on the d drive. I also have astromenda and linkey cannot seem to get it. Cannot think why it is running so slow and so much is taken up on the c drive could it be malware. Please could someone take a look at some logs.

Thanks



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 AM

Posted 14 August 2014 - 07:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 14 August 2014 - 09:54 AM

Hi

Thanks for a quick reply below are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01
Ran by HP (administrator) on HP-PC on 14-08-2014 15:43:38
Running from C:\Users\HP\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Recovery Toolbox for Outlook\RecoveryToolboxForOutlookLauncher.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-29] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-27] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SMSTray] => C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-13] (SUPERAntiSpyware)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [ApplePhotoStreams] => D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [iCloudServices] => D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\MountPoints2: {5597aa0e-065b-11e3-a218-2c27d7ad9046} - E:\SETUP.EXE
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=503&aid=100&itype=n&ver=13486&tm=438&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7274E1B6B45FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_50_ff&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzyyDyDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0EtA0AtD0FyBzytG0AyD0DzytGyD0AyBzytGzy0E0CyEtGtAyD0B0BtCyDtByB0Dzyzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1808733987&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_50_ff&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzyyDyDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0EtA0AtD0FyBzytG0AyD0DzytGyD0AyBzytGzy0E0CyEtGtAyD0B0BtCyDtByB0Dzyzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1808733987&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_50_ff&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzyyDyDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0EtA0AtD0FyBzytG0AyD0DzytGyD0AyBzytGzy0E0CyEtGtAyD0B0BtCyDtByB0Dzyzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1808733987&ir=
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClearThink -> {2ccb05fa-3f82-4b5c-b16b-3c6a9dea5e3f} -> C:\Program Files (x86)\ClearThink\ClearThinkbho.dll (ClearThink)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\d3i3irdg.default-1407940838091
FF Homepage: hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13486&tm=438&src=hmp
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-18]

Chrome:
=======
CHR HomePage: hxxp://astromenda.com/?f=1&a=ast_dsites03_14_50_ff&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzyyDyDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0EtA0AtD0FyBzytG0AyD0DzytGyD0AyBzytGzy0E0CyEtGtAyD0B0BtCyDtByB0Dzyzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1808733987&ir=
CHR StartupUrls: "hxxp://astromenda.com/?f=7&a=ast_dsites03_14_50_ff&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzyyDyDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0EtA0AtD0FyBzytG0AyD0DzytGyD0AyBzytGzy0E0CyEtGtAyD0B0BtCyDtByB0Dzyzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1808733987&ir="
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [3572240 2014-07-22] (Aztec Media Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-18] ()
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [41872 2014-07-22] (Aztec Media Inc)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-05-05] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 15:43 - 2014-08-14 15:44 - 00021119 _____ () C:\Users\HP\Downloads\FRST.txt
2014-08-14 15:43 - 2014-08-14 15:43 - 00000000 ____D () C:\FRST
2014-08-14 15:42 - 2014-08-14 15:43 - 02100224 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2014-08-14 14:00 - 2014-08-14 14:00 - 00001272 _____ () C:\Users\HP\Desktop\Recovery Toolbox for Outlook.lnk
2014-08-14 14:00 - 2014-08-14 14:00 - 00000000 ____D () C:\Users\HP\AppData\Local\Recovery Toolbox for Outlook
2014-08-14 14:00 - 2014-08-14 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Toolbox for Outlook
2014-08-14 14:00 - 2014-08-14 14:00 - 00000000 ____D () C:\Program Files (x86)\Recovery Toolbox for Outlook
2014-08-14 14:00 - 2013-02-26 14:37 - 00149352 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-08-14 14:00 - 2000-05-23 23:45 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-08-14 13:59 - 2014-08-14 13:59 - 06496672 _____ (Recovery ToolBox ) C:\Users\HP\Downloads\RecoveryToolboxForOutlookInstall.exe
2014-08-14 13:02 - 2014-08-14 15:37 - 00000000 ____D () C:\Users\HP\Documents\Outlook Files
2014-08-14 13:01 - 2014-08-14 13:01 - 00000000 ____D () C:\Data Recovery 2014-08-14 at 13.01.15
2014-08-14 12:42 - 2014-08-14 12:42 - 00000000 ____D () C:\Users\HP\Documents\My Data Files
2014-08-14 12:42 - 2014-08-14 12:42 - 00000000 ____D () C:\Users\HP\AppData\Local\Wondershare
2014-08-14 12:41 - 2014-08-14 12:41 - 00001224 _____ () C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\ProgramData\Wondershare
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-08-14 12:40 - 2014-08-14 12:41 - 25091040 _____ (Wondershare Software Co.,Ltd. ) C:\Users\HP\Downloads\data-recovery_full829.exe
2014-08-13 16:05 - 2014-08-14 15:44 - 00000000 ____D () C:\ProgramData\smdmf
2014-08-13 16:05 - 2014-08-13 16:05 - 00000000 ____D () C:\Users\HP\AppData\Roaming\FirefoxToolbar
2014-08-13 16:05 - 2014-08-13 16:05 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-08-13 16:02 - 2014-08-13 16:03 - 39428336 _____ (EaseUS ) C:\Users\HP\Downloads\epm.exe
2014-08-13 15:42 - 2014-08-14 15:22 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 15:42 - 2014-08-14 10:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 15:42 - 2014-08-13 15:47 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-13 15:42 - 2014-08-13 15:47 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-13 15:42 - 2014-08-13 15:42 - 04096000 _____ () C:\Program Files (x86)\GUTBEDC.tmp
2014-08-13 15:42 - 2014-08-13 15:42 - 00000000 ____D () C:\Program Files (x86)\GUMBECC.tmp
2014-08-13 15:41 - 2014-08-13 15:41 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-13 15:41 - 2014-08-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-13 15:35 - 2014-08-13 15:35 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 15:35 - 2014-08-13 15:35 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-13 15:35 - 2014-08-13 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-13 11:53 - 2014-08-13 13:49 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-08-13 11:52 - 2014-08-14 15:23 - 00000280 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-13 11:52 - 2014-08-13 13:49 - 00000000 ____D () C:\Users\HP\AppData\Roaming\WSE_Astromenda
2014-08-13 11:52 - 2014-08-13 13:49 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Astromenda
2014-08-13 11:52 - 2014-08-13 11:52 - 00003208 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-08-12 17:31 - 2014-08-12 17:31 - 00000000 ____D () C:\ProgramData\formatpart
2014-08-12 17:27 - 2014-08-12 17:27 - 00000000 ____D () C:\ProgramData\createonepart
2014-08-12 17:26 - 2014-08-12 17:26 - 00000000 ____D () C:\ProgramData\redistpart
2014-08-12 17:26 - 2014-08-12 17:26 - 00000000 ____D () C:\ProgramData\launcher
2014-08-12 17:26 - 2014-08-12 17:26 - 00000000 ____D () C:\ProgramData\explauncher
2014-08-12 16:50 - 2013-09-30 16:26 - 03050808 _____ () C:\Windows\system32\pwNative.exe
2014-08-12 16:50 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
2014-08-12 16:50 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
2014-08-12 16:40 - 2013-09-04 11:24 - 00189000 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2014-08-12 16:40 - 2013-09-04 11:24 - 00061000 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2014-08-12 16:40 - 2013-09-04 11:24 - 00048200 _____ () C:\Windows\system32\Drivers\EUBKMON.sys
2014-08-12 16:40 - 2013-09-04 11:24 - 00018504 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2014-08-12 16:36 - 2014-08-12 16:36 - 00000000 ____D () C:\ProgramData\374311380
2014-08-12 16:30 - 2014-08-13 16:04 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OpenCandy
2014-08-12 16:30 - 2014-08-12 16:36 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-08-09 20:17 - 2014-08-09 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2014-08-09 20:17 - 2014-08-09 20:17 - 00000000 ____D () C:\Program Files\Macrium
2014-08-09 15:41 - 2014-08-09 16:03 - 00000000 ____D () C:\ProgramData\Macrium
2014-08-05 17:18 - 2014-08-05 17:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QLaser Configurator
2014-07-29 19:14 - 2014-07-29 19:53 - 236124758 _____ () C:\Users\HP\Downloads\zropeswo4BGweb23.m4v
2014-07-29 14:56 - 2014-07-29 15:27 - 213067321 _____ () C:\Users\HP\Downloads\Tabata12_EDITED-BGweb23.m4v
2014-07-28 20:56 - 2014-07-28 20:57 - 00000000 ____D () C:\Users\HP\dwhelper
2014-07-21 12:36 - 2014-07-21 12:36 - 00012760 _____ (Paramount Software UK Ltd) C:\Windows\system32\Drivers\PSVolAcc.sys
2014-07-21 12:28 - 2014-07-21 12:28 - 00165360 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys
2014-07-19 15:33 - 2014-07-19 15:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2014-07-19 15:32 - 2014-08-02 17:15 - 00000385 _____ () C:\Users\HP\AppData\Roaming\Rim.Transcoder.Exception.log
2014-07-19 15:31 - 2014-08-09 15:56 - 00000000 ____D () C:\Users\HP\AppData\Local\Research In Motion
2014-07-19 15:31 - 2014-08-02 17:15 - 00000385 _____ () C:\Users\HP\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-07-19 15:31 - 2014-08-02 17:15 - 00000385 _____ () C:\Users\HP\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-19 15:29 - 2014-07-19 15:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-07-19 15:29 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2014-07-19 15:28 - 2014-08-09 15:55 - 00002021 _____ () C:\Users\HP\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-08-14 15:44 - 2014-08-14 15:43 - 00021119 _____ () C:\Users\HP\Downloads\FRST.txt
2014-08-14 15:44 - 2014-08-13 16:05 - 00000000 ____D () C:\ProgramData\smdmf
2014-08-14 15:43 - 2014-08-14 15:43 - 00000000 ____D () C:\FRST
2014-08-14 15:43 - 2014-08-14 15:42 - 02100224 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2014-08-14 15:37 - 2014-08-14 13:02 - 00000000 ____D () C:\Users\HP\Documents\Outlook Files
2014-08-14 15:23 - 2014-08-13 11:52 - 00000280 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-14 15:22 - 2014-08-13 15:42 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 15:22 - 2014-07-11 06:39 - 00000000 ____D () C:\Users\HP\AppData\Local\43FF9BEF-19B5-406B-821E-2B78026D1065.aplzod
2014-08-14 15:22 - 2013-05-20 17:15 - 01357021 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 14:00 - 2014-08-14 14:00 - 00001272 _____ () C:\Users\HP\Desktop\Recovery Toolbox for Outlook.lnk
2014-08-14 14:00 - 2014-08-14 14:00 - 00000000 ____D () C:\Users\HP\AppData\Local\Recovery Toolbox for Outlook
2014-08-14 14:00 - 2014-08-14 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Toolbox for Outlook
2014-08-14 14:00 - 2014-08-14 14:00 - 00000000 ____D () C:\Program Files (x86)\Recovery Toolbox for Outlook
2014-08-14 13:59 - 2014-08-14 13:59 - 06496672 _____ (Recovery ToolBox ) C:\Users\HP\Downloads\RecoveryToolboxForOutlookInstall.exe
2014-08-14 13:01 - 2014-08-14 13:01 - 00000000 ____D () C:\Data Recovery 2014-08-14 at 13.01.15
2014-08-14 12:47 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 12:42 - 2014-08-14 12:42 - 00000000 ____D () C:\Users\HP\Documents\My Data Files
2014-08-14 12:42 - 2014-08-14 12:42 - 00000000 ____D () C:\Users\HP\AppData\Local\Wondershare
2014-08-14 12:41 - 2014-08-14 12:41 - 00001224 _____ () C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\ProgramData\Wondershare
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-08-14 12:41 - 2014-08-14 12:40 - 25091040 _____ (Wondershare Software Co.,Ltd. ) C:\Users\HP\Downloads\data-recovery_full829.exe
2014-08-14 12:16 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 12:16 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 10:10 - 2013-08-18 17:00 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-14 10:10 - 2013-08-18 17:00 - 00001922 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 10:10 - 2013-08-18 17:00 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-14 10:08 - 2014-08-13 15:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 10:08 - 2014-03-10 18:39 - 00068503 _____ () C:\Windows\setupact.log
2014-08-14 10:08 - 2013-10-19 22:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-14 10:08 - 2013-05-20 18:01 - 00000000 ____D () C:\Users\HP
2014-08-14 10:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 19:07 - 2014-04-24 17:50 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps
2014-08-13 16:35 - 2014-03-11 16:22 - 00052870 _____ () C:\Windows\PFRO.log
2014-08-13 16:05 - 2014-08-13 16:05 - 00000000 ____D () C:\Users\HP\AppData\Roaming\FirefoxToolbar
2014-08-13 16:05 - 2014-08-13 16:05 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-08-13 16:04 - 2014-08-12 16:30 - 00000000 ____D () C:\Users\HP\AppData\Roaming\OpenCandy
2014-08-13 16:03 - 2014-08-13 16:02 - 39428336 _____ (EaseUS ) C:\Users\HP\Downloads\epm.exe
2014-08-13 15:48 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-13 15:47 - 2014-08-13 15:42 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-13 15:47 - 2014-08-13 15:42 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-13 15:42 - 2014-08-13 15:42 - 04096000 _____ () C:\Program Files (x86)\GUTBEDC.tmp
2014-08-13 15:42 - 2014-08-13 15:42 - 00000000 ____D () C:\Program Files (x86)\GUMBECC.tmp
2014-08-13 15:42 - 2013-05-20 20:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-13 15:41 - 2014-08-13 15:41 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-13 15:41 - 2014-08-13 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-13 15:35 - 2014-08-13 15:35 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-13 15:35 - 2014-08-13 15:35 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-13 15:35 - 2014-08-13 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-13 15:35 - 2014-05-02 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-13 13:49 - 2014-08-13 11:53 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-08-13 13:49 - 2014-08-13 11:52 - 00000000 ____D () C:\Users\HP\AppData\Roaming\WSE_Astromenda
2014-08-13 13:49 - 2014-08-13 11:52 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Astromenda
2014-08-13 11:52 - 2014-08-13 11:52 - 00003208 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-08-12 18:39 - 2013-05-24 18:21 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-12 17:31 - 2014-08-12 17:31 - 00000000 ____D () C:\ProgramData\formatpart
2014-08-12 17:27 - 2014-08-12 17:27 - 00000000 ____D () C:\ProgramData\createonepart
2014-08-12 17:26 - 2014-08-12 17:26 - 00000000 ____D () C:\ProgramData\redistpart
2014-08-12 17:26 - 2014-08-12 17:26 - 00000000 ____D () C:\ProgramData\launcher
2014-08-12 17:26 - 2014-08-12 17:26 - 00000000 ____D () C:\ProgramData\explauncher
2014-08-12 16:36 - 2014-08-12 16:36 - 00000000 ____D () C:\ProgramData\374311380
2014-08-12 16:36 - 2014-08-12 16:30 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-08-09 20:17 - 2014-08-09 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2014-08-09 20:17 - 2014-08-09 20:17 - 00000000 ____D () C:\Program Files\Macrium
2014-08-09 17:37 - 2014-05-05 17:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Samsung
2014-08-09 17:37 - 2014-05-05 17:29 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-09 17:37 - 2013-09-06 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-09 17:37 - 2013-05-20 19:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-09 16:07 - 2013-10-22 16:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-08-09 16:07 - 2013-10-22 16:20 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 16:03 - 2014-08-09 15:41 - 00000000 ____D () C:\ProgramData\Macrium
2014-08-09 15:56 - 2014-07-19 15:31 - 00000000 ____D () C:\Users\HP\AppData\Local\Research In Motion
2014-08-09 15:55 - 2014-07-19 15:28 - 00002021 _____ () C:\Users\HP\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-08-09 15:50 - 2014-07-08 14:42 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2014-08-09 15:50 - 2013-09-25 15:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-05 17:18 - 2014-08-05 17:18 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QLaser Configurator
2014-08-05 17:18 - 2013-05-20 20:53 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment
2014-08-02 17:15 - 2014-07-19 15:32 - 00000385 _____ () C:\Users\HP\AppData\Roaming\Rim.Transcoder.Exception.log
2014-08-02 17:15 - 2014-07-19 15:31 - 00000385 _____ () C:\Users\HP\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-08-02 17:15 - 2014-07-19 15:31 - 00000385 _____ () C:\Users\HP\AppData\Roaming\Rim.Desktop.Exception.log
2014-08-02 16:06 - 2013-10-04 13:16 - 00036864 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-29 19:53 - 2014-07-29 19:14 - 236124758 _____ () C:\Users\HP\Downloads\zropeswo4BGweb23.m4v
2014-07-29 15:27 - 2014-07-29 14:56 - 213067321 _____ () C:\Users\HP\Downloads\Tabata12_EDITED-BGweb23.m4v
2014-07-28 20:57 - 2014-07-28 20:56 - 00000000 ____D () C:\Users\HP\dwhelper
2014-07-28 18:40 - 2014-03-12 18:47 - 00000000 ____D () C:\MGADiagToolOutput
2014-07-21 18:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-21 12:36 - 2014-07-21 12:36 - 00012760 _____ (Paramount Software UK Ltd) C:\Windows\system32\Drivers\PSVolAcc.sys
2014-07-21 12:28 - 2014-07-21 12:28 - 00165360 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys
2014-07-19 15:33 - 2014-07-19 15:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2014-07-19 15:29 - 2014-07-19 15:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-07-18 11:16 - 2014-02-28 18:10 - 00000000 ____D () C:\temp

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\SAS6_Update.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-09 11:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014 01
Ran by HP at 2014-08-14 15:45:37
Running from C:\Users\HP\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0804.255.3304 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60804.0047 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0804.255.3304 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{96BB7EC1-BE6E-1616-3E92-086D617A9D49}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0804.255.3304 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0804.255.3304 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0804.255.3304 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help English (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help French (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help German (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
ccc-utility64 (Version: 2011.0804.255.3304 - ATI) Hidden
ContentSAFER for Wizmax (HKLM-x32\...\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EmoDio (HKLM-x32\...\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 1.0 - Samsung)
EmoDio (x32 Version: 1.0 - Samsung) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}) (Version: 5.1.1 - Hewlett-Packard)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{FE1141B3-F498-4144-A30C-25F4C6AD725A}) (Version: 3.0.1.9387 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7109 - Paramount Software (UK) Ltd.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QLaser Configurator (HKCU\...\a3bca3b4c766d359) (Version: 2.1.0.5 - QLaser Configurator)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Recovery Toolbox for Outlook 3.3 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version:  - Recovery ToolBox)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13486 - Aztec Media Inc) <==== ATTENTION
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.5.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wondershare Data Recovery(Build 4.6.1.3) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.6.1.3 - Wondershare Software Co.,Ltd.)
XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 10:49:58 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D662119-E3F9-40E8-8938-F9EB71AC62B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {26AD922F-02C0-4574-8335-1FD145E25299} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {2FA1EDF2-2322-408A-B19C-35426F646E15} - System32\Tasks\WSE_Astromenda => C:\Users\HP\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-13] ()
Task: {4B1BC075-5B6C-4A6E-993A-C67CD12CC7C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {6E621484-3F3A-4DE3-897D-38EDC4DAF8BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
Task: {98818A7A-70F4-424E-BC91-57B11D19A66B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
Task: {BDD69A03-AB36-4E20-919B-F9DFA3165681} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {ED70C775-B01D-404A-8156-49C0D3EDD6C7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {F25A4AF0-888B-4601-9E8D-B6401A3AA0AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {FF9C1431-F32A-4DB3-A336-E0D8ADA321EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\HP\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-08-13 16:05 - 2014-07-22 11:46 - 00662544 _____ () C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-04 03:05 - 2011-08-04 03:05 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-08-04 03:05 - 2011-08-04 03:05 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-08-04 02:53 - 2011-08-04 02:53 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-08-14 14:00 - 2013-06-27 02:02 - 03360256 _____ () C:\Program Files (x86)\Recovery Toolbox for Outlook\RecoveryToolboxForOutlookLauncher.exe
2014-08-13 16:05 - 2014-07-22 11:46 - 00488464 _____ () C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll
2013-08-18 16:59 - 2013-05-09 09:58 - 00240448 ____N () C:\Program Files\AVAST Software\Avast\Setup\SetIFace.dll
2014-08-14 14:17 - 2014-08-14 08:23 - 02822144 _____ () C:\Program Files\AVAST Software\Avast\defs\14081400\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-13 16:05 - 2014-07-22 11:46 - 00019472 _____ () C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll
2014-08-13 21:17 - 2013-09-14 01:51 - 00087952 _____ () D:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2014-08-13 21:16 - 2013-09-14 01:50 - 01242952 _____ () D:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-08-14 14:00 - 2005-03-27 00:24 - 00159744 _____ () C:\Program Files (x86)\Recovery Toolbox for Outlook\ssleay32.dll
2014-08-14 14:00 - 2005-03-27 00:24 - 00839680 _____ () C:\Program Files (x86)\Recovery Toolbox for Outlook\LIBEAY32.dll
2014-08-13 15:35 - 2014-07-17 06:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2014 11:46:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/14/2014 08:41:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35560974

Error: (08/14/2014 08:41:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35560974

Error: (08/14/2014 08:41:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/13/2014 06:06:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program APSDaemon.exe because of this error.

Program: APSDaemon.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000026E
Disk type: 0

Error: (08/13/2014 06:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: APSDaemon.exe, version: 0.0.0.0, time stamp: 0x516e136b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000006
Fault offset: 0x0005b263
Faulting process id: 0x10dc
Faulting application start time: 0xAPSDaemon.exe0
Faulting application path: APSDaemon.exe1
Faulting module path: APSDaemon.exe2
Report Id: APSDaemon.exe3

Error: (08/13/2014 05:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 983868

Error: (08/13/2014 05:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 983868

Error: (08/13/2014 05:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/13/2014 05:57:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 982854


System errors:
=============
Error: (08/14/2014 02:02:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (08/14/2014 00:57:21 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/14/2014 00:43:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/14/2014 00:43:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/14/2014 00:43:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/14/2014 00:43:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/14/2014 11:57:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.

Error: (08/14/2014 10:10:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/14/2014 10:09:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/14/2014 10:08:16 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (08/14/2014 11:46:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/14/2014 08:41:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35560974

Error: (08/14/2014 08:41:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35560974

Error: (08/14/2014 08:41:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/13/2014 06:06:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: APSDaemon.exeC000026E0

Error: (08/13/2014 06:06:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: APSDaemon.exe0.0.0.0516e136bntdll.dll6.1.7601.18247521ea8e7c00000060005b26310dc01cfb70cdc0ff16bD:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exeC:\Windows\SysWOW64\ntdll.dll26372900-230c-11e4-8d4b-c0f8dafb4467

Error: (08/13/2014 05:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 983868

Error: (08/13/2014 05:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 983868

Error: (08/13/2014 05:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/13/2014 05:57:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 982854


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 64%
Total physical RAM: 1641.9 MB
Available physical RAM: 580.89 MB
Total Pagefile: 3283.8 MB
Available Pagefile: 1615.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:66.89 GB) (Free:37.35 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:628.62 GB) (Free:350.3 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:3.03 GB) (Free:2.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 00DDB954)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=67 GB) - (Type=42)
Partition 4: (Not Active) - (Size=632 GB) - (Type=42)

==================== End Of Log ============================

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-14 15:48:28
-----------------------------
15:48:28.666    OS Version: Windows x64 6.1.7601 Service Pack 1
15:48:28.666    Number of processors: 2 586 0x100
15:48:28.670    ComputerName: HP-PC  UserName: HP
15:48:32.012    Initialize success
15:48:32.013    VM: initialized successfully
15:48:32.043    VM: outdated driver version !
15:48:33.361    AVAST engine defs: 14081400
15:49:12.648    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
15:49:12.655    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 11
15:49:12.679    Disk 0 MBR read successfully
15:49:12.686    Disk 0 MBR scan
15:49:12.705    Disk 0 Windows 7 default MBR code
15:49:12.714    Disk 0 Partition 1 00     42          SFS                 0 MB offset 63
15:49:12.724    Disk 0 Partition 2 80 (A) 42          SFS NTFS          100 MB offset 2048
15:49:12.734    Disk 0 default boot code
15:49:12.765    Disk 0 Partition 3 00     42          SFS NTFS        68492 MB offset 206848
15:49:12.800    Disk 0 Partition 4 00     42          SFS            646810 MB offset 140478464
15:49:12.813    Disk 0 scanning C:\Windows\system32\drivers
15:49:12.825    Service scanning
15:49:24.577    Service F06DEFF2-5B9C-490D-910F-35D3A9119622 C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg **LOCKED** 32
15:49:56.048    Modules scanning
15:49:56.063    Disk 0 trace - called modules:
15:49:56.094    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:49:56.110    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800240c790]
15:49:56.126    3 CLASSPNP.SYS[fffff880018e843f] -> nt!IofCallDriver -> [0xfffffa800240c040]
15:49:56.141    5 hpdskflt.sys[fffff8800188f189] -> nt!IofCallDriver -> [0xfffffa8002267040]
15:49:56.157    7 amd_xata.sys[fffff88001068900] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8001e0e1f0]
15:49:57.030    AVAST engine scan C:\Windows
15:49:57.062    AVAST engine scan C:\Windows\system32
15:49:57.077    AVAST engine scan C:\Windows\system32\drivers
15:49:57.093    AVAST engine scan C:\Users\HP
15:49:57.108    AVAST engine scan C:\ProgramData
15:49:57.124    Scan finished successfully
15:51:10.803    Disk 0 MBR has been saved successfully to "C:\Users\HP\Downloads\MBR.dat"
15:51:10.819    The log file has been saved successfully to "C:\Users\HP\Downloads\aswMBR.txt"

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 AM

Posted 15 August 2014 - 02:55 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 15 August 2014 - 08:55 AM

Hi

Thanks for your reply. As far as I know I have never downloaded from illegal sites or torrents. The laptop was bought second hand and I tried to clean it of bugs when I first got it. I use freeware sites such as gimzo tech freeware or anything recommended on this site. Have noticed the freeware or free trials for software tend to come with the software like linkey that is causing me the problem. Also the person that sold me the laptop said they have put a legal version of word on the laptop which is now after 1 year of using it flashing up the message saying word has not been registered please register, which is really confusing. I really do not want to be buying a new laptop, which is for work purposes when I travel. I have recently changed the hard drive - cloning it from the old one up grading the system to 750GB and put more RAM in as well. But all these changes do not seem to be making much of a difference to the speed of the laptop. Sorry for such a long reply. Hope you can help.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 AM

Posted 15 August 2014 - 09:00 AM

Please uninstall Microsoft Office, then rescan with FRST (create a new addition.txt as well) and post the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 AM

Posted 08 September 2014 - 09:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users