Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe Extreme Memory Usage Crashes Computer When Computer Idle


  • This topic is locked This topic is locked
13 replies to this topic

#1 prestonjjrtr

prestonjjrtr

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 27 September 2014 - 10:54 AM

Hi,

 

I am currently experiencing a problem that started just a few days ago where the svchost.exe process keeps taking up memory on my computer even when there isn't anything active and continues to grow to taking up to 99% of memory before it crashes/freezes the computer and it has to be restarted then several times a day to clear the memory back down but within a few hours or sometimes less the memory will get exhausted.

I was able to download the FRST tool and I have the following results, so hopefully this will help someone to be able to help me with the following problem:

 

Thanks for your help, time and efforts it is appreciated and here are the following 2 logs from FRST:

 

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2014
Ran by Joellen at 2014-09-26 19:04:45
Running from C:\Users\Joellen\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 (Enabled) {621CC794-9486-F902-D092-0484E8EA828B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{9A6AD916-D45D-1D1C-E2C0-A0402F511999}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0113.2337.42366 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help English (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help French (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help German (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
ccc-utility64 (Version: 2011.0113.2337.42366 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.2615 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.1.2615 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
H&R Block Standard 2011 (HKLM-x32\...\{5C52EC19-3B77-4B03-BBE8-E7F58ED92D73}) (Version: 11.01.6901 - HRB Technology, LLC.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.4 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}) (Version: 11.10.1000 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SMART-ER (HKLM-x32\...\{AA3A6E2F-2A2D-43FC-9EBC-AB0FBA4B1DA7}) (Version: 2.0.0.4 - Apricorn)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.21 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-772605068-1663628801-3090605291-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points =========================

25-04-2014 07:42:04 Scheduled Checkpoint
03-05-2014 07:42:09 Scheduled Checkpoint
11-05-2014 07:56:58 Scheduled Checkpoint
19-05-2014 07:14:07 Scheduled Checkpoint
27-05-2014 07:45:39 Scheduled Checkpoint
04-06-2014 07:34:40 Scheduled Checkpoint
12-06-2014 06:57:33 Scheduled Checkpoint
19-06-2014 07:35:34 Scheduled Checkpoint
26-06-2014 07:58:28 Scheduled Checkpoint
04-07-2014 06:22:02 Scheduled Checkpoint
11-07-2014 06:22:48 Scheduled Checkpoint
18-07-2014 07:06:28 Scheduled Checkpoint
26-07-2014 07:41:59 Scheduled Checkpoint
02-08-2014 12:53:27 Windows Update
10-08-2014 05:52:35 Scheduled Checkpoint
17-08-2014 08:02:49 Scheduled Checkpoint
25-08-2014 05:38:57 Scheduled Checkpoint
01-09-2014 07:42:19 Scheduled Checkpoint
09-09-2014 10:36:06 Scheduled Checkpoint
17-09-2014 07:38:27 Scheduled Checkpoint
24-09-2014 07:50:47 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03375BF4-FD5A-48E9-9C39-B82D8181D26E} - System32\Tasks\HPCeeScheduleForJoellen => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {09050E82-910C-4ECB-BA76-E9BB0B58A81A} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe [2009-02-27] ()
Task: {18E22D66-7131-4A01-BDD7-EE8403E5DFE2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{89ADA0F2-0C46-4DC7-9244-1058ADC3DA00}.exe
Task: {19DDD9B1-A1DC-42D3-9AD8-1D3CB6749946} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {2F09C407-EE2E-4D62-B0F5-88CADACC268A} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {3BE86E4C-F291-46E8-BBC7-F97CDA75437E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8E3C11C4-600B-4E27-BC2C-CA64681F2956} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8E4AAF37-6EB1-4DD7-8B55-2A85040D2723} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)
Task: {98133CAC-D151-4CD9-9043-658CED114553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)
Task: {AEDD60B2-583A-467C-8B63-E030795CBBCB} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {BBB23748-2A86-4834-A050-F6C8E49237D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E2CF1F4A-6FD3-4196-BBA6-E11E7594462D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {EFB7AA85-32A2-4E3F-9383-708FF4E1B8AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{89ADA0F2-0C46-4DC7-9244-1058ADC3DA00}.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJoellen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-04-20 04:13 - 2009-02-27 21:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
2011-04-20 04:13 - 2009-02-19 19:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-772605068-1663628801-3090605291-500 -> Administrator - Disabled - Status: Degraded)
Guest (S-1-5-21-772605068-1663628801-3090605291-501 -> Limited - Disabled - Status: Degraded)
HomeGroupUser$ (S-1-5-21-772605068-1663628801-3090605291-1002 -> Limited - Enabled - Status: OK)
Joellen (S-1-5-21-772605068-1663628801-3090605291-1000 -> Administrator - Enabled - Status: OK) => C:\Users\Joellen

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 06:42:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1198

Start Time: 01cfd9e2d0750604

Termination Time: 156

Application Path: C:\Users\Joellen\Desktop\dds.com

Report Id:

Error: (09/26/2014 06:23:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e7c

Start Time: 01cfd9e024d3af75

Termination Time: 0

Application Path: C:\Users\Joellen\Desktop\dds.com

Report Id:

Error: (09/26/2014 06:13:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a5c

Start Time: 01cfd9dbf98f94cf

Termination Time: 0

Application Path: C:\Users\Joellen\Desktop\dds.com

Report Id:

Error: (09/26/2014 05:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1840

Start Time: 01cfd9da99ca8ddf

Termination Time: 0

Application Path: C:\Users\Joellen\Downloads\dds.com

Report Id:

Error: (09/26/2014 00:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2014 01:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/26/2014 00:18:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 10:48:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 09:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

System errors:
=============
Error: (09/26/2014 00:49:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/26/2014 00:49:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:46:55 PM on ‎9/‎26/‎2014 was unexpected.

Error: (09/26/2014 09:48:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (09/26/2014 08:29:20 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 08:29:10 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 08:29:00 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 08:28:50 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (09/26/2014 00:17:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/25/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (09/25/2014 10:47:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:45:04 PM on ‎9/‎25/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (09/26/2014 06:42:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.1119801cfd9e2d0750604156C:\Users\Joellen\Desktop\dds.com

Error: (09/26/2014 06:23:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.12e7c01cfd9e024d3af750C:\Users\Joellen\Desktop\dds.com

Error: (09/26/2014 06:13:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.12a5c01cfd9dbf98f94cf0C:\Users\Joellen\Desktop\dds.com

Error: (09/26/2014 05:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dds.com2012.11.20.1184001cfd9da99ca8ddf0C:\Users\Joellen\Downloads\dds.com

Error: (09/26/2014 00:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2014 01:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/26/2014 00:18:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 10:48:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 09:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF)

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600S CPU @ 2.80GHz
Percentage of memory in use: 66%
Total physical RAM: 8174.54 MB
Available physical RAM: 2722.32 MB
Total Pagefile: 16347.25 MB
Available Pagefile: 11352.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1385.69 GB) (Free:994.66 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.48 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Joellen (administrator) on JOELLEN-HP on 26-09-2014 19:03:44
Running from C:\Users\Joellen\Desktop
Loaded Profile: Joellen (Available profiles: Joellen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apricorn) C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVCM.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apricorn) C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
HKU\S-1-5-21-772605068-1663628801-3090605291-1000\...\MountPoints2: {da0afe8d-b1dd-11e0-b87e-e069958d31c5} - J:\unlock.exe autoplay=true
HKU\S-1-5-21-772605068-1663628801-3090605291-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-772605068-1663628801-3090605291-1000\$ac4e1da0b1b31fd6d68092d262c633d8\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe -update activex
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART-ER.lnk
ShortcutTarget: SMART-ER.lnk -> C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER.exe (Apricorn)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/sch/ebayadvsearch/?rt=nc
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {EC2F27A6-B3A7-44D4-843C-9815A218BEF9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {EC2F27A6-B3A7-44D4-843C-9815A218BEF9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com ] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-05-17]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SMART-ERService; C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER Service.exe [69632 2007-06-04] (Apricorn) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Western Digital Technologies) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 19:03 - 2014-09-26 19:04 - 00019078 _____ () C:\Users\Joellen\Desktop\FRST.txt
2014-09-26 19:02 - 2014-09-26 19:03 - 00000000 ____D () C:\FRST
2014-09-26 18:57 - 2014-09-26 18:57 - 02108928 _____ (Farbar) C:\Users\Joellen\Desktop\FRST64.exe
2014-09-26 18:35 - 2014-09-26 18:35 - 00688992 ____R (Swearware) C:\Users\Joellen\Desktop\dds.com
2014-09-26 08:28 - 2014-09-26 08:28 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{938A3FFE-B0DD-4F38-81F4-4FF1B2AA9598}
2014-09-25 18:45 - 2014-09-25 18:45 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A5D48C46-4F55-47A7-B079-A5F2E597E483}
2014-09-24 22:54 - 2014-09-24 22:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{2861F21E-3B2E-4730-BFB6-37F6D042F764}
2014-09-24 10:23 - 2014-09-24 10:24 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{93311B44-BA5F-446A-B882-DE11A3194EE1}
2014-09-23 14:55 - 2014-09-23 14:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{516377B2-3447-469B-88DD-2E277B0BB91D}
2014-09-23 12:29 - 2014-09-23 12:29 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{E3721974-C993-49D7-98D6-27BC43AEDE79}
2014-09-22 22:43 - 2014-09-22 22:43 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{61D59652-81C1-4FE5-8703-0DAA8E77C0B6}
2014-09-22 08:22 - 2014-09-22 08:22 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{0BD8F765-E9E6-4069-AE15-8E951928250E}
2014-09-21 14:11 - 2014-09-21 14:12 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{7DEFDDCA-C5B9-4491-B71C-11E2C56EC4CD}
2014-09-20 23:52 - 2014-09-20 23:52 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{6D1B23E6-04B4-4F2F-8BC6-0211419FC484}
2014-09-20 10:35 - 2014-09-20 10:35 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D14E23A3-CE45-46F0-9256-4CF965CF2F05}
2014-09-19 16:14 - 2014-09-19 16:14 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D018C90B-C84B-4F18-9E82-B86CE47818FF}
2014-09-19 01:15 - 2014-09-19 01:15 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{4961141D-9D1B-4F70-8F9D-FB4ACBE25656}
2014-09-18 09:03 - 2014-09-18 09:03 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{F8FD7AC9-6F6E-4375-A0FD-EA82025F68CB}
2014-09-17 12:15 - 2014-09-17 12:15 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{FAECF297-B5FA-4068-8A6C-8CB483F33B1F}
2014-09-16 23:53 - 2014-09-16 23:53 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{AC3938CA-003A-4C82-9EE0-A605188ECBA5}
2014-09-16 11:52 - 2014-09-16 11:52 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{9D069F99-5C67-4DFF-B793-88F419F8757E}
2014-09-15 23:10 - 2014-09-15 23:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{060DF96C-335B-4F0C-A610-21757EC3260C}
2014-09-15 22:54 - 2014-09-18 18:06 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2014-09-15 09:02 - 2014-09-15 09:02 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{CCA23A61-2B75-4D81-AB14-7DE539CFEB11}
2014-09-15 00:41 - 2014-09-15 00:41 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{FC5E7974-9D71-4667-9C54-3E65D473EF34}
2014-09-14 12:10 - 2014-09-14 12:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{659865E8-2CEB-43E9-BC91-135741087D89}
2014-09-13 23:33 - 2014-09-13 23:33 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{4D9EFA65-C7A5-4FAC-9064-780B9FC010B2}
2014-09-13 11:04 - 2014-09-13 11:04 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D85BD238-6C71-4E8F-8238-B30ED4CA7A3B}
2014-09-12 16:48 - 2014-09-12 16:48 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A8FDF811-EE0D-4D5B-967F-DEDEE4A3CB8B}
2014-09-12 13:58 - 2014-09-12 13:58 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{64AE8A54-5093-4D9A-8795-86694164E997}
2014-09-12 00:55 - 2014-09-12 00:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{15E05FA6-B470-4ED4-A1B6-EB305EE2B2E9}
2014-09-11 12:26 - 2014-09-11 12:26 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{482D0531-55F9-4E4C-BBD1-91D8FBBBCF99}
2014-09-10 12:07 - 2014-09-10 12:07 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{DACE4988-710E-47B8-85C5-628A71A9672A}
2014-09-09 21:05 - 2014-09-09 21:05 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{6F8D5060-3D96-498D-AF1A-4B4363523260}
2014-09-09 08:59 - 2014-09-09 08:59 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{CD27989C-7F4D-452F-9F82-1354E404819D}
2014-09-08 18:46 - 2014-09-08 18:46 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{1EF3D394-B38C-4E39-B8A2-D453D0DD13EA}
2014-09-08 06:19 - 2014-09-08 06:19 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A2D4605C-9307-43DA-83AD-FA1342B69E02}
2014-09-07 12:48 - 2014-09-07 12:48 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{DF96D145-9703-456D-B4D0-725C35FEB5F1}
2014-09-06 13:09 - 2014-09-06 13:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{EC61BF4C-DC4B-41D7-9C35-8621144FB58B}
2014-09-06 00:42 - 2014-09-06 00:42 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{3A4DDB6E-43E5-4718-9E6F-8328571A7294}
2014-09-05 12:15 - 2014-09-05 12:16 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{99567531-1F71-4CD2-A617-475409684C6B}
2014-09-04 15:40 - 2014-09-04 15:41 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{50A8CF66-B483-4E00-9BB8-BBE6E2A2C7CA}
2014-09-04 03:31 - 2014-09-04 03:31 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{48F749EC-6C39-44C6-A299-CA50DBBA3999}
2014-09-03 13:02 - 2014-09-03 13:02 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{F83E54D3-4E1A-4170-A51B-3532891E0B65}
2014-09-02 20:40 - 2014-09-02 20:40 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{55C1C7CA-DCD9-4EBD-B1E1-7CF95EE44615}
2014-09-02 08:06 - 2014-09-02 08:07 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{7A4779D4-7890-4D20-A416-E7F54F660327}
2014-09-01 13:33 - 2014-09-01 13:33 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{65FA8911-BAE6-4077-941B-8BB6BF6586B7}
2014-09-01 00:16 - 2014-09-01 00:16 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{84863774-9BC2-4B32-BDDC-7294BDFA0720}
2014-08-31 04:06 - 2014-08-31 04:06 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A51DAF75-38D9-4F5F-A0B4-F499F1F3AE61}
2014-08-30 13:18 - 2014-08-30 13:18 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{2EDF0D1B-8D1B-4844-86A1-A7251DEB005D}
2014-08-29 21:55 - 2014-08-29 21:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{BA4F9CE5-33D8-4576-9E99-09561B8F9C8F}
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{66E167A5-7DF6-41F6-B5A9-9177F3914BC8}
2014-08-28 21:09 - 2014-08-28 21:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{3F8BB77E-579F-4E40-8E2C-B985BE0EFC87}
2014-08-27 12:14 - 2014-08-27 12:14 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{9C416E17-B15F-49C7-9A19-70060F2EA137}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 12:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:53 - 2011-07-14 23:06 - 01902097 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 12:49 - 2013-06-02 23:01 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-09-26 12:49 - 2013-01-22 02:52 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-09-26 12:49 - 2011-04-20 04:20 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-26 12:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 12:49 - 2009-07-13 23:51 - 00058447 _____ () C:\Windows\setupact.log
2014-09-26 11:25 - 2011-07-14 23:07 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-09-26 02:11 - 2011-10-28 20:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-26 02:11 - 2011-07-15 13:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-25 21:05 - 2011-07-19 01:17 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\SoftGrid Client
2014-09-25 00:33 - 2011-07-17 23:32 - 00000000 ____D () C:\Users\Joellen\AppData\Local\CrashDumps
2014-09-23 21:16 - 2012-02-05 19:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-23 02:04 - 2014-05-30 02:06 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJoellen
2014-09-23 02:04 - 2014-05-30 02:06 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJoellen.job
2014-09-22 00:08 - 2009-07-14 00:13 - 00780156 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 10:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 18:06 - 2014-07-17 07:46 - 00000000 ____D () C:\ProgramData\Virtualized Applications
2014-09-15 23:09 - 2011-07-19 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2014-09-15 23:02 - 2012-04-22 15:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 23:02 - 2011-07-24 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-28 18:19 - 2011-07-19 01:17 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\TP

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-772605068-1663628801-3090605291-1000\$ac4e1da0b1b31fd6d68092d262c633d8

Some content of TEMP:
====================
C:\Users\Joellen\AppData\Local\Temp\avguidx.dll
C:\Users\Joellen\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Joellen\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Joellen\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Joellen\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Joellen\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Joellen\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Joellen\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Joellen\AppData\Local\Temp\Resource.exe
C:\Users\Joellen\AppData\Local\Temp\sp53904.exe
C:\Users\Joellen\AppData\Local\Temp\sp54931.exe
C:\Users\Joellen\AppData\Local\Temp\sp58915.exe
C:\Users\Joellen\AppData\Local\Temp\sp64126.exe
C:\Users\Joellen\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Joellen\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Joellen\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Joellen\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Joellen\AppData\Local\Temp\~Unta13.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0528384 ____A (Microsoft Corporation) 897248AC2316B2C22589E01549B821F6

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 01:03

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 27 September 2014 - 01:59 PM

Hi there,

please run Combofix:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 27 September 2014 - 02:31 PM

Hi,

 

I've read your above instructions and was looking at the guide on using Combofix.  The one problem that I may encounter if I try to download and use the Combofix.exe is that if it is unable to install the Windows Recovery Console and I have to manually install the Windows Recovery Console for Windows 7 I will be unable to do that since Windows 7 came preinstalled on my computer from HP and I do not have a Windows 7 DVD to use to install it.  In addition, my dvd drive on my computer is broken and unusable.  Is there a different download besides Combofix that we can use to get the information that you need ???   Please let me know.  Thanks so much for getting back to me so quickly it is truly appreciated. 


Edited by prestonjjrtr, 27 September 2014 - 02:33 PM.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 28 September 2014 - 05:58 AM

The part with the Windows Recovery Console applies to Windows XP only. Just execute Combofix. :)

#5 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 28 September 2014 - 11:55 AM

Thanks so much, I'll run Combofix later tonight and post the log.  Really appreciate your help !



#6 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 28 September 2014 - 08:39 PM

Hi again,  I downloaded Combofix and followed all of the directions.  I disabled the Windows Firewall and all of the components for AVG, closed all my windows and started using Combofix. I right clicked it, and ran as Administrator.  It started the process by backing up the Windows Registry and then closed its window and completely disappeared. I waited for 5 minutes and the internet was never disconnected and the blue screen that should come up saying scanning for infections never came up. I checked the Task Manager to see if Combofix was running and it wasn't listed at all. Not sure what is going on. I did not use the computer during this 5 minutes of time that I waited and I didn't use the mouse either.  I just let it do its thing.  Let me know what to try next



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 29 September 2014 - 02:04 AM

  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#8 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 30 September 2014 - 12:31 PM

I tried running the FRST search but the search will start and then just hang and the program will not complete and stops responding.  I even disabled my AVG software and all components and tried running it again, but it still hangs. 



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 30 September 2014 - 03:56 PM

Then we switch to the Recovery Environment:


Step 1

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Step 2

Start your computer in the System Recovery Options again and open FRST.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When the search is finished a log file (Search.txt) is save on your flash drive.
    Copy and paste it in your next reply.


#10 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 01 October 2014 - 09:14 PM

I have not had a chance to run the last instructions yet, but I plan to do it on Friday night or Saturday. Just wanted to give you an update. Thanks !



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 02 October 2014 - 04:07 AM

That's ok, thanks for letting me know.

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 13 October 2014 - 03:05 PM

I haven't heard from you for some time.
Do you still need help?

#13 prestonjjrtr

prestonjjrtr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 October 2014 - 05:44 PM

Yes, I still need help, sorry it has taken so long.  I'll try to run the frst in safe mode on Tuesday night and post.  Thanks so much, talk soon



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 14 October 2014 - 04:50 AM

Ok. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users