Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run dds tool with AVG 2012 Completely Disabled


  • This topic is locked This topic is locked
3 replies to this topic

#1 prestonjjrtr

prestonjjrtr

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 26 September 2014 - 06:36 PM

Hi,

 

I'm a new user and I am currently experiencing a problem that started just a few days ago where the svchost.exe process keeps taking up memory on my computer even when there isn't anything active and continues to grow to taking up 87% or more of memory before it crashes/freezes the computer and it has to be restarted then several times a day to clear the memory back down but within a few hours or sometimes less the memory will get exhausted.  I wanted to make are help report and was following the tutorial. 

 

I was able to download the dds tool to my desktop without any trouble.  I disabled AVG Internet Security Antivirus and firewall, closed the internet windows, and ran the dds tool.  The dds tool never completes no matter how much time that I let it run.  When I try to stop it using the Task Manager, the task manager says that the dds tool is not responding and I have to close it.  I have Windows 7.  I've also checked my cookie controls per another article on this forum so that I have the following and still I'm unable to get the dds too to complete. 

 

Cookie controls in the privacy tab are set as follows:

 

Checked override automatic cookie handling

Checked allow first party cookies

Checked block third party cookies

 

Cookie controls in the security tab are set as follows:

 

In the custom level in the scripting section the following 2 are enabled:

- Active scripting enabled

- scripting for java applets enabled

 

 I don't have any other antivirus or firewall or malware programs on my computer.

 

Hope someone will be able to help me. 

 

Thanks so much for your help, time and efforts with this it is appreciated.



BC AdBot (Login to Remove)

 


m

#2 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 26 September 2014 - 06:56 PM

I forgot to add that I have a 64bit computer.  Thanks



#3 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 26 September 2014 - 07:09 PM

I was able to download the FRST tool and I have the following results, so hopefully this will help someone to be able to help me with the following problem:

 

I am currently experiencing a problem that started just a few days ago where the svchost.exe process keeps taking up memory on my computer even when there isn't anything active and continues to grow to taking up 87% or more of memory before it crashes/freezes the computer and it has to be restarted then several times a day to clear the memory back down but within a few hours or sometimes less the memory will get exhausted. 

 

Thanks for your help, time and efforts it is appreciated and here are the following 2 logs from FRST:

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2014
Ran by Joellen at 2014-09-26 19:04:45
Running from C:\Users\Joellen\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 (Enabled) {621CC794-9486-F902-D092-0484E8EA828B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{9A6AD916-D45D-1D1C-E2C0-A0402F511999}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0113.2337.42366 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help English (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help French (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help German (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
ccc-utility64 (Version: 2011.0113.2337.42366 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.2615 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.1.2615 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
H&R Block Standard 2011 (HKLM-x32\...\{5C52EC19-3B77-4B03-BBE8-E7F58ED92D73}) (Version: 11.01.6901 - HRB Technology, LLC.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.4 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}) (Version: 11.10.1000 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SMART-ER (HKLM-x32\...\{AA3A6E2F-2A2D-43FC-9EBC-AB0FBA4B1DA7}) (Version: 2.0.0.4 - Apricorn)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.21 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-772605068-1663628801-3090605291-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points  =========================

25-04-2014 07:42:04 Scheduled Checkpoint
03-05-2014 07:42:09 Scheduled Checkpoint
11-05-2014 07:56:58 Scheduled Checkpoint
19-05-2014 07:14:07 Scheduled Checkpoint
27-05-2014 07:45:39 Scheduled Checkpoint
04-06-2014 07:34:40 Scheduled Checkpoint
12-06-2014 06:57:33 Scheduled Checkpoint
19-06-2014 07:35:34 Scheduled Checkpoint
26-06-2014 07:58:28 Scheduled Checkpoint
04-07-2014 06:22:02 Scheduled Checkpoint
11-07-2014 06:22:48 Scheduled Checkpoint
18-07-2014 07:06:28 Scheduled Checkpoint
26-07-2014 07:41:59 Scheduled Checkpoint
02-08-2014 12:53:27 Windows Update
10-08-2014 05:52:35 Scheduled Checkpoint
17-08-2014 08:02:49 Scheduled Checkpoint
25-08-2014 05:38:57 Scheduled Checkpoint
01-09-2014 07:42:19 Scheduled Checkpoint
09-09-2014 10:36:06 Scheduled Checkpoint
17-09-2014 07:38:27 Scheduled Checkpoint
24-09-2014 07:50:47 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03375BF4-FD5A-48E9-9C39-B82D8181D26E} - System32\Tasks\HPCeeScheduleForJoellen => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {09050E82-910C-4ECB-BA76-E9BB0B58A81A} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe [2009-02-27] ()
Task: {18E22D66-7131-4A01-BDD7-EE8403E5DFE2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{89ADA0F2-0C46-4DC7-9244-1058ADC3DA00}.exe
Task: {19DDD9B1-A1DC-42D3-9AD8-1D3CB6749946} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {2F09C407-EE2E-4D62-B0F5-88CADACC268A} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {3BE86E4C-F291-46E8-BBC7-F97CDA75437E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8E3C11C4-600B-4E27-BC2C-CA64681F2956} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8E4AAF37-6EB1-4DD7-8B55-2A85040D2723} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)
Task: {98133CAC-D151-4CD9-9043-658CED114553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)
Task: {AEDD60B2-583A-467C-8B63-E030795CBBCB} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {BBB23748-2A86-4834-A050-F6C8E49237D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E2CF1F4A-6FD3-4196-BBA6-E11E7594462D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {EFB7AA85-32A2-4E3F-9383-708FF4E1B8AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{89ADA0F2-0C46-4DC7-9244-1058ADC3DA00}.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJoellen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-04-20 04:13 - 2009-02-27 21:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
2011-04-20 04:13 - 2009-02-19 19:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-772605068-1663628801-3090605291-500 -> Administrator - Disabled - Status: Degraded)
Guest (S-1-5-21-772605068-1663628801-3090605291-501 -> Limited - Disabled - Status: Degraded)
HomeGroupUser$ (S-1-5-21-772605068-1663628801-3090605291-1002 -> Limited - Enabled - Status: OK)
Joellen (S-1-5-21-772605068-1663628801-3090605291-1000 -> Administrator - Enabled - Status: OK) => C:\Users\Joellen

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 06:42:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1198

Start Time: 01cfd9e2d0750604

Termination Time: 156

Application Path: C:\Users\Joellen\Desktop\dds.com

Report Id:

Error: (09/26/2014 06:23:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e7c

Start Time: 01cfd9e024d3af75

Termination Time: 0

Application Path: C:\Users\Joellen\Desktop\dds.com

Report Id:

Error: (09/26/2014 06:13:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a5c

Start Time: 01cfd9dbf98f94cf

Termination Time: 0

Application Path: C:\Users\Joellen\Desktop\dds.com

Report Id:

Error: (09/26/2014 05:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1840

Start Time: 01cfd9da99ca8ddf

Termination Time: 0

Application Path: C:\Users\Joellen\Downloads\dds.com

Report Id:

Error: (09/26/2014 00:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2014 01:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/26/2014 00:18:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 10:48:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 09:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

System errors:
=============
Error: (09/26/2014 00:49:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/26/2014 00:49:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:46:55 PM on ‎9/‎26/‎2014 was unexpected.

Error: (09/26/2014 09:48:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (09/26/2014 08:29:20 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 08:29:10 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 08:29:00 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 08:28:50 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 00:17:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/25/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/25/2014 10:47:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:45:04 PM on ‎9/‎25/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (09/26/2014 06:42:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.1119801cfd9e2d0750604156C:\Users\Joellen\Desktop\dds.com

Error: (09/26/2014 06:23:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.12e7c01cfd9e024d3af750C:\Users\Joellen\Desktop\dds.com

Error: (09/26/2014 06:13:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.12a5c01cfd9dbf98f94cf0C:\Users\Joellen\Desktop\dds.com

Error: (09/26/2014 05:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.1184001cfd9da99ca8ddf0C:\Users\Joellen\Downloads\dds.com

Error: (09/26/2014 00:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2014 01:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/26/2014 00:18:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 10:48:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 09:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF)

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600S CPU @ 2.80GHz
Percentage of memory in use: 66%
Total physical RAM: 8174.54 MB
Available physical RAM: 2722.32 MB
Total Pagefile: 16347.25 MB
Available Pagefile: 11352.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1385.69 GB) (Free:994.66 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.48 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Joellen (administrator) on JOELLEN-HP on 26-09-2014 19:03:44
Running from C:\Users\Joellen\Desktop
Loaded Profile: Joellen (Available profiles: Joellen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apricorn) C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVCM.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apricorn) C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
HKU\S-1-5-21-772605068-1663628801-3090605291-1000\...\MountPoints2: {da0afe8d-b1dd-11e0-b87e-e069958d31c5} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-772605068-1663628801-3090605291-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-772605068-1663628801-3090605291-1000\$ac4e1da0b1b31fd6d68092d262c633d8\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe -update activex
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART-ER.lnk
ShortcutTarget: SMART-ER.lnk -> C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER.exe (Apricorn)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/sch/ebayadvsearch/?rt=nc
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {EC2F27A6-B3A7-44D4-843C-9815A218BEF9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {EC2F27A6-B3A7-44D4-843C-9815A218BEF9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-05-17]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SMART-ERService; C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER Service.exe [69632 2007-06-04] (Apricorn) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Western Digital Technologies) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 19:03 - 2014-09-26 19:04 - 00019078 _____ () C:\Users\Joellen\Desktop\FRST.txt
2014-09-26 19:02 - 2014-09-26 19:03 - 00000000 ____D () C:\FRST
2014-09-26 18:57 - 2014-09-26 18:57 - 02108928 _____ (Farbar) C:\Users\Joellen\Desktop\FRST64.exe
2014-09-26 18:35 - 2014-09-26 18:35 - 00688992 ____R (Swearware) C:\Users\Joellen\Desktop\dds.com
2014-09-26 08:28 - 2014-09-26 08:28 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{938A3FFE-B0DD-4F38-81F4-4FF1B2AA9598}
2014-09-25 18:45 - 2014-09-25 18:45 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A5D48C46-4F55-47A7-B079-A5F2E597E483}
2014-09-24 22:54 - 2014-09-24 22:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{2861F21E-3B2E-4730-BFB6-37F6D042F764}
2014-09-24 10:23 - 2014-09-24 10:24 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{93311B44-BA5F-446A-B882-DE11A3194EE1}
2014-09-23 14:55 - 2014-09-23 14:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{516377B2-3447-469B-88DD-2E277B0BB91D}
2014-09-23 12:29 - 2014-09-23 12:29 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{E3721974-C993-49D7-98D6-27BC43AEDE79}
2014-09-22 22:43 - 2014-09-22 22:43 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{61D59652-81C1-4FE5-8703-0DAA8E77C0B6}
2014-09-22 08:22 - 2014-09-22 08:22 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{0BD8F765-E9E6-4069-AE15-8E951928250E}
2014-09-21 14:11 - 2014-09-21 14:12 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{7DEFDDCA-C5B9-4491-B71C-11E2C56EC4CD}
2014-09-20 23:52 - 2014-09-20 23:52 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{6D1B23E6-04B4-4F2F-8BC6-0211419FC484}
2014-09-20 10:35 - 2014-09-20 10:35 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D14E23A3-CE45-46F0-9256-4CF965CF2F05}
2014-09-19 16:14 - 2014-09-19 16:14 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D018C90B-C84B-4F18-9E82-B86CE47818FF}
2014-09-19 01:15 - 2014-09-19 01:15 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{4961141D-9D1B-4F70-8F9D-FB4ACBE25656}
2014-09-18 09:03 - 2014-09-18 09:03 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{F8FD7AC9-6F6E-4375-A0FD-EA82025F68CB}
2014-09-17 12:15 - 2014-09-17 12:15 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{FAECF297-B5FA-4068-8A6C-8CB483F33B1F}
2014-09-16 23:53 - 2014-09-16 23:53 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{AC3938CA-003A-4C82-9EE0-A605188ECBA5}
2014-09-16 11:52 - 2014-09-16 11:52 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{9D069F99-5C67-4DFF-B793-88F419F8757E}
2014-09-15 23:10 - 2014-09-15 23:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{060DF96C-335B-4F0C-A610-21757EC3260C}
2014-09-15 22:54 - 2014-09-18 18:06 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2014-09-15 09:02 - 2014-09-15 09:02 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{CCA23A61-2B75-4D81-AB14-7DE539CFEB11}
2014-09-15 00:41 - 2014-09-15 00:41 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{FC5E7974-9D71-4667-9C54-3E65D473EF34}
2014-09-14 12:10 - 2014-09-14 12:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{659865E8-2CEB-43E9-BC91-135741087D89}
2014-09-13 23:33 - 2014-09-13 23:33 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{4D9EFA65-C7A5-4FAC-9064-780B9FC010B2}
2014-09-13 11:04 - 2014-09-13 11:04 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D85BD238-6C71-4E8F-8238-B30ED4CA7A3B}
2014-09-12 16:48 - 2014-09-12 16:48 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A8FDF811-EE0D-4D5B-967F-DEDEE4A3CB8B}
2014-09-12 13:58 - 2014-09-12 13:58 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{64AE8A54-5093-4D9A-8795-86694164E997}
2014-09-12 00:55 - 2014-09-12 00:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{15E05FA6-B470-4ED4-A1B6-EB305EE2B2E9}
2014-09-11 12:26 - 2014-09-11 12:26 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{482D0531-55F9-4E4C-BBD1-91D8FBBBCF99}
2014-09-10 12:07 - 2014-09-10 12:07 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{DACE4988-710E-47B8-85C5-628A71A9672A}
2014-09-09 21:05 - 2014-09-09 21:05 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{6F8D5060-3D96-498D-AF1A-4B4363523260}
2014-09-09 08:59 - 2014-09-09 08:59 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{CD27989C-7F4D-452F-9F82-1354E404819D}
2014-09-08 18:46 - 2014-09-08 18:46 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{1EF3D394-B38C-4E39-B8A2-D453D0DD13EA}
2014-09-08 06:19 - 2014-09-08 06:19 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A2D4605C-9307-43DA-83AD-FA1342B69E02}
2014-09-07 12:48 - 2014-09-07 12:48 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{DF96D145-9703-456D-B4D0-725C35FEB5F1}
2014-09-06 13:09 - 2014-09-06 13:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{EC61BF4C-DC4B-41D7-9C35-8621144FB58B}
2014-09-06 00:42 - 2014-09-06 00:42 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{3A4DDB6E-43E5-4718-9E6F-8328571A7294}
2014-09-05 12:15 - 2014-09-05 12:16 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{99567531-1F71-4CD2-A617-475409684C6B}
2014-09-04 15:40 - 2014-09-04 15:41 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{50A8CF66-B483-4E00-9BB8-BBE6E2A2C7CA}
2014-09-04 03:31 - 2014-09-04 03:31 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{48F749EC-6C39-44C6-A299-CA50DBBA3999}
2014-09-03 13:02 - 2014-09-03 13:02 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{F83E54D3-4E1A-4170-A51B-3532891E0B65}
2014-09-02 20:40 - 2014-09-02 20:40 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{55C1C7CA-DCD9-4EBD-B1E1-7CF95EE44615}
2014-09-02 08:06 - 2014-09-02 08:07 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{7A4779D4-7890-4D20-A416-E7F54F660327}
2014-09-01 13:33 - 2014-09-01 13:33 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{65FA8911-BAE6-4077-941B-8BB6BF6586B7}
2014-09-01 00:16 - 2014-09-01 00:16 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{84863774-9BC2-4B32-BDDC-7294BDFA0720}
2014-08-31 04:06 - 2014-08-31 04:06 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A51DAF75-38D9-4F5F-A0B4-F499F1F3AE61}
2014-08-30 13:18 - 2014-08-30 13:18 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{2EDF0D1B-8D1B-4844-86A1-A7251DEB005D}
2014-08-29 21:55 - 2014-08-29 21:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{BA4F9CE5-33D8-4576-9E99-09561B8F9C8F}
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{66E167A5-7DF6-41F6-B5A9-9177F3914BC8}
2014-08-28 21:09 - 2014-08-28 21:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{3F8BB77E-579F-4E40-8E2C-B985BE0EFC87}
2014-08-27 12:14 - 2014-08-27 12:14 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{9C416E17-B15F-49C7-9A19-70060F2EA137}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 12:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:53 - 2011-07-14 23:06 - 01902097 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 12:49 - 2013-06-02 23:01 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-09-26 12:49 - 2013-01-22 02:52 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-09-26 12:49 - 2011-04-20 04:20 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-26 12:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 12:49 - 2009-07-13 23:51 - 00058447 _____ () C:\Windows\setupact.log
2014-09-26 11:25 - 2011-07-14 23:07 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-09-26 02:11 - 2011-10-28 20:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-26 02:11 - 2011-07-15 13:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-25 21:05 - 2011-07-19 01:17 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\SoftGrid Client
2014-09-25 00:33 - 2011-07-17 23:32 - 00000000 ____D () C:\Users\Joellen\AppData\Local\CrashDumps
2014-09-23 21:16 - 2012-02-05 19:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-23 02:04 - 2014-05-30 02:06 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJoellen
2014-09-23 02:04 - 2014-05-30 02:06 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJoellen.job
2014-09-22 00:08 - 2009-07-14 00:13 - 00780156 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 10:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 18:06 - 2014-07-17 07:46 - 00000000 ____D () C:\ProgramData\Virtualized Applications
2014-09-15 23:09 - 2011-07-19 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2014-09-15 23:02 - 2012-04-22 15:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 23:02 - 2011-07-24 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-28 18:19 - 2011-07-19 01:17 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\TP

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-772605068-1663628801-3090605291-1000\$ac4e1da0b1b31fd6d68092d262c633d8

Some content of TEMP:
====================
C:\Users\Joellen\AppData\Local\Temp\avguidx.dll
C:\Users\Joellen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Joellen\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Joellen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Joellen\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Joellen\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Joellen\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Joellen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Joellen\AppData\Local\Temp\Resource.exe
C:\Users\Joellen\AppData\Local\Temp\sp53904.exe
C:\Users\Joellen\AppData\Local\Temp\sp54931.exe
C:\Users\Joellen\AppData\Local\Temp\sp58915.exe
C:\Users\Joellen\AppData\Local\Temp\sp64126.exe
C:\Users\Joellen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Joellen\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Joellen\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Joellen\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Joellen\AppData\Local\Temp\~Unta13.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0528384 ____A (Microsoft Corporation) 897248AC2316B2C22589E01549B821F6

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 01:03

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 27 September 2014 - 02:02 PM

http://www.bleepingcomputer.com/forums/t/549923/svchostexe-extreme-memory-usage-crashes-computer-when-computer-idle/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users