Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HP G7 Win 7 Home Edition Slow on all browsers


  • This topic is locked This topic is locked
19 replies to this topic

#1 ktmlew

ktmlew

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 21 December 2014 - 10:17 AM

Will try to attach data. The CPU is obviously running too hot according to speccy scan. Fan issue? Title is a bit misleading. Meant browsers are very slow to load on initial start up. Chrome keeps kicking the "it's dead jim" error. Maybe just need to add memory? Have a free slot.
 
http://speccy.piriform.com/results/InsZvyD0qaEfPKzrMbbN5Rn
According to this it's NOT running too hot? Crap? How do you attach a file?
 
Toolkit report:
 
iniToolBox by Farbar  Version: 30-11-2014
Ran by  (administrator) on 21-12-2014 at 10:40:29
Running from "C:\Users\Gail Taylor\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/21/2014 07:39:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 08:04:09 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\15b5636e-8339-41c1-8c9f-1c28d7da70e6.dmp
 
Error: (12/20/2014 07:31:11 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0fb0aba8-41f9-4c48-af22-420da30e9ccd.dmp
 
Error: (12/20/2014 09:08:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 04:07:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 00:15:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2014 04:21:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2014 00:17:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2014 06:55:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 00:39:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/20/2014 07:21:04 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (12/16/2014 06:40:16 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:35:44 PM on ‎12/‎16/‎2014 was unexpected.
 
Error: (12/14/2014 07:15:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:09:13 PM on ‎12/‎12/‎2014 was unexpected.
 
Error: (11/21/2014 00:18:34 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (11/16/2014 09:28:44 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (11/16/2014 09:28:01 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/16/2014 09:27:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/16/2014 09:27:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/16/2014 09:27:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (11/16/2014 09:27:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/21/2014 07:39:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 08:04:09 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\15b5636e-8339-41c1-8c9f-1c28d7da70e6.dmp
 
Error: (12/20/2014 07:31:11 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0fb0aba8-41f9-4c48-af22-420da30e9ccd.dmp
 
Error: (12/20/2014 09:08:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 04:07:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/19/2014 00:15:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2014 04:21:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2014 00:17:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/18/2014 06:55:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 00:39:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
 
=========================== Installed Programs ============================
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9D1400EC-5703-3983-53B7-AEFB8BFD1CFA}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}) (Version: 2.2.8530 - K-NFB Reading Technology, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0210.0015.136 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0210.16.136 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HANTEK1008 Ver1.0.10 (HKLM-x32\...\HANTEK1008 Ver1.0.10) (Version: 1.0.10 - ODM)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
ScanTool (HKLM-x32\...\{BD4C5764-0DAF-4721-AF6E-6E556EA6E60A}) (Version: 10.0.3 - )
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 47%
Total physical RAM: 3560.37 MB
Available physical RAM: 1862.22 MB
Total Pagefile: 7118.91 MB
Available Pagefile: 4977.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.93 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:445.43 GB) (Free:385.25 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:20.03 GB) (Free:2.14 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\PICASSO-HP
 
Administrator                        Guest                    
                  
**** End of log ****
 
ComboFix 14-12-14.01 - Gail Taylor 12/21/2014  11:25:43.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3560.1829 [GMT -5:00]
Running from: c:\users\Gail Taylor\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-21 to 2014-12-21  )))))))))))))))))))))))))))))))
.
.
2014-12-21 16:32 . 2014-12-21 16:32 -------- d-----w- c:\users\Picasso\AppData\Local\temp
2014-12-21 16:32 . 2014-12-21 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-21 15:26 . 2014-12-21 15:26 -------- d-----w- c:\windows\system32\wbem\Framework
2014-12-21 15:02 . 2014-12-21 15:03 -------- d-----w- c:\program files\Speccy
2014-12-19 17:22 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A247D0F4-F713-4DE7-B725-1CC773F81507}\mpengine.dll
2014-12-17 18:26 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-17 18:26 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-11 04:12 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-11 04:12 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 17:21 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-03 17:32 . 2014-12-03 17:32 -------- d-----w- c:\users\Picasso\AppData\Local\SoftGrid Client
2014-12-03 17:32 . 2014-12-06 03:11 -------- d-----w- c:\users\Picasso\AppData\Roaming\SoftGrid Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 23:35 . 2014-10-31 20:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 23:35 . 2014-10-31 20:41 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 04:15 . 2014-06-14 00:02 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-24 19:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 16:42 . 2014-06-12 23:57 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-20 21:45 . 2014-11-20 21:45 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-20 21:45 . 2014-06-12 23:57 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-20 21:45 . 2014-06-12 23:57 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-20 21:45 . 2014-06-12 23:57 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-20 21:45 . 2014-06-12 23:57 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-20 21:45 . 2014-06-12 23:57 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-20 21:45 . 2014-06-12 23:57 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-20 21:45 . 2014-06-12 23:57 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-20 21:45 . 2014-11-20 21:45 43152 ----a-w- c:\windows\avastSS.scr
2014-11-17 03:03 . 2014-06-15 00:51 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-11 03:08 . 2014-11-19 17:12 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 17:12 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 17:12 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 17:12 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-10-31 20:53 . 2014-10-31 20:53 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-31 20:53 . 2014-10-31 20:53 319912 ----a-w- c:\windows\system32\javaws.exe
2014-10-31 20:53 . 2014-10-31 20:53 189352 ----a-w- c:\windows\system32\javaw.exe
2014-10-31 20:53 . 2014-10-31 20:53 189352 ----a-w- c:\windows\system32\java.exe
2014-10-29 00:33 . 2014-10-29 00:33 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-25 01:57 . 2014-11-13 22:46 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 22:46 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-13 22:44 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-13 22:44 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-13 22:47 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-13 22:47 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-13 22:46 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-13 22:47 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-13 22:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-13 22:47 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-13 22:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-13 22:46 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-13 22:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-13 22:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-13 22:47 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-13 22:45 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-13 22:47 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-13 22:47 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-13 22:47 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-13 22:47 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-13 22:47 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-13 22:47 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-13 22:47 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-13 22:47 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-10-01 16:11 . 2014-06-15 00:51 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 16:11 . 2014-06-15 00:51 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 16:11 . 2014-06-15 00:51 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-10-01 01:04 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 01:04 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 630912]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CPUZ136
*Deregistered* - cpuz136
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-31 23:35]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17 02:52]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17 02:52]
.
2014-12-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2014-06-13 18:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-20 21:45 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Gail Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5egr5hn6.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-21  11:35:35
ComboFix-quarantined-files.txt  2014-12-21 16:35
.
Pre-Run: 414,627,254,272 bytes free
Post-Run: 414,242,701,312 bytes free
.
- - End Of File - - F9D98895F7A00063C555A1E0CBF4491D
A36C5E4F47E84449FF07ED3517B43A31

Attached Files


Edited by hamluis, 21 December 2014 - 05:23 PM.
Merged, moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 24 December 2014 - 04:04 PM

Sorry for posting in the wrong forum (Win7). Also apparently screwed up by running so stuff before i was told to. That said...

 

Any chance I'm gonna get any help with this? 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 25 December 2014 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 December 2014 - 12:29 PM

Let's see if I got this right?

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/25/2014
Scan Time: 11:29:23 AM
Logfile: MalwareBytes log file.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.25.09
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: me
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381420
Time Elapsed: 12 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
________________________________________________________________-
 
# AdwCleaner v4.106 - Report created 25/12/2014 at 11:53:49
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gail Taylor - PICASSO-HP
# Running from : C:\Users\Gail Taylor\Downloads\adwcleaner_4.106.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\Gail Taylor\AppData\Roaming\registry mechanic
Folder Found : C:\Users\Picasso\AppData\Roaming\registry mechanic
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q=
 
{searchTerms}
[C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.ask.com/web?q=
 
{searchterms}&l=dis&o=HPNTDF
[C:\Users\Picasso\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q=
 
{searchTerms}
[C:\Users\Picasso\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2799 octets] - [25/12/2014 11:53:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2859 octets] ##########
________________________________________________________________________________
 
# AdwCleaner v4.106 - Report created 25/12/2014 at 12:02:38
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gail Taylor - PICASSO-HP
# Running from : C:\Users\Gail Taylor\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Gail Taylor\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Picasso\AppData\Roaming\registry mechanic
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q=
 
{searchTerms}
[C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q=
 
{searchterms}&l=dis&o=HPNTDF
[C:\Users\Picasso\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q=
 
{searchTerms}
[C:\Users\Picasso\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2971 octets] - [25/12/2014 11:53:50]
AdwCleaner[R1].txt - [3031 octets] - [25/12/2014 11:58:10]
AdwCleaner[S0].txt - [2627 octets] - [25/12/2014 12:02:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2687 octets] ##########
________________________________________________________________________________________
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014
Ran by Gail Taylor (administrator) on PICASSO-HP on 25-12-2014 12:08:44
Running from C:\Users\Gail Taylor\Desktop
Loaded Profile: Gail Taylor (Available profiles: Picasso & Gail Taylor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKU\S-1-5-21-2048417740-612696392-1165526044-1004\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST 
 
Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2048417740-612696392-1165526044-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2048417740-612696392-1165526044-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-2048417740-612696392-1165526044-1004\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?
 
SearchScopes: HKLM -> {EA973F7E-E8B6-4F14-8C02-8ABECD2FC70B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link
 
%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-
 
hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?
 
SearchScopes: HKLM-x32 -> {EA973F7E-E8B6-4F14-8C02-8ABECD2FC70B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link
 
%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2048417740-612696392-1165526044-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711
 
SearchScopes: HKU\S-1-5-21-2048417740-612696392-1165526044-1004 -> {EA973F7E-E8B6-4F14-8C02-8ABECD2FC70B} URL = 
 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro 
 
Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle 
 
Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST 
 
Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows 
 
Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle 
 
Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro 
 
Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro 
 
Devices)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Gail Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5egr5hn6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration
 
\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Gail Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\5egr5hn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-
 
2b9879e08c5d}.xpi [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-12]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\WidevineCDM
 
\1.4.6.703\_platform_specific\win_x64\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll No File
CHR Profile: C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014
 
-12-22]
CHR Extension: (Google Drive) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf 
 
[2014-11-16]
CHR Extension: (TV) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-11-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-16]
CHR Extension: (YouTube) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-
 
11-16]
CHR Extension: (Adblock Plus) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb 
 
[2014-12-20]
CHR Extension: (Google Search) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf 
 
[2014-11-16]
CHR Extension: (Avast Online Security) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\gomekmidlodglbbmalcneegieacbdmki [2014-11-16]
CHR Extension: (Dropbox) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-
 
11-16]
CHR Extension: (Google Wallet) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda 
 
[2014-11-16]
CHR Extension: (Gmail) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-
 
16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx 
 
[2014-11-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) [File not 
 
signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-20] (AVAST Software)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-20] ()
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 12:08 - 2014-12-25 12:09 - 00016673 _____ () C:\Users\Gail Taylor\Desktop\FRST.txt
2014-12-25 12:08 - 2014-12-25 12:08 - 00000000 ____D () C:\FRST
2014-12-25 12:07 - 2014-12-25 12:07 - 02122240 _____ (Farbar) C:\Users\Gail Taylor\Desktop\FRST64.exe
2014-12-25 12:05 - 2014-12-25 12:05 - 00002791 _____ () C:\Users\Gail Taylor\Desktop\AdwCleaner[S0].txt
2014-12-25 12:03 - 2014-12-25 12:03 - 00000314 _____ () C:\Windows\PFRO.log
2014-12-25 11:56 - 2014-12-25 11:56 - 00002971 _____ () C:\Users\Gail Taylor\Desktop\AdwCleaner[R0].txt
2014-12-25 11:52 - 2014-12-25 12:02 - 00000000 ____D () C:\AdwCleaner
2014-12-25 11:51 - 2014-12-25 11:51 - 00001270 _____ () C:\Users\Gail Taylor\Desktop\adwcleaner_4.106 - Shortcut.lnk
2014-12-25 11:50 - 2014-12-25 11:50 - 02173952 _____ () C:\Users\Gail Taylor\Downloads\adwcleaner_4.106.exe
2014-12-25 11:23 - 2014-12-25 11:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gail Taylor\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-25 11:20 - 2014-12-25 11:20 - 00003462 _____ () C:\Users\Gail Taylor\Desktop\BleepingComputer Help.txt
2014-12-22 16:44 - 2014-12-22 16:44 - 00015608 _____ () C:\Users\Gail Taylor\Downloads\OpenHardwareMonitor.Report.txt
2014-12-22 07:06 - 2014-12-25 12:04 - 00000448 _____ () C:\Windows\setupact.log
2014-12-22 07:06 - 2014-12-22 07:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 20:23 - 2014-12-21 20:23 - 00024066 _____ () C:\Users\Gail Taylor\Documents\cc_20141221_202307.reg
2014-12-21 11:35 - 2014-12-21 11:35 - 00020714 _____ () C:\ComboFix.txt
2014-12-21 11:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-21 11:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-21 11:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-21 11:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-21 11:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-21 11:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-21 11:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-21 11:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-21 11:21 - 2014-12-21 11:35 - 00000000 ____D () C:\Qoobox
2014-12-21 11:20 - 2014-12-21 11:34 - 00000000 ____D () C:\Windows\erdnt
2014-12-21 11:20 - 2014-12-21 11:20 - 05601641 ____R (Swearware) C:\Users\Gail Taylor\Downloads\ComboFix.exe
2014-12-21 10:40 - 2014-12-21 10:41 - 00024614 _____ () C:\Users\Gail Taylor\Downloads\Result.txt
2014-12-21 10:39 - 2014-12-21 10:39 - 00401920 _____ (Farbar) C:\Users\Gail Taylor\Downloads\MiniToolBox.exe
2014-12-21 10:27 - 2014-12-21 10:27 - 00015608 _____ () C:\Users\Gail Taylor\Desktop\OpenHardwareMonitor.Report.txt
2014-12-21 10:24 - 2014-12-21 10:24 - 00526371 _____ () C:\Users\Gail Taylor\Downloads\openhardwaremonitor-v0.6.0-beta.zip
2014-12-21 10:24 - 2014-12-21 10:24 - 00000000 ____D () C:\Users\Gail Taylor\Downloads\openhardwaremonitor-v0.6.0-beta
2014-12-21 10:03 - 2014-12-21 10:03 - 00000756 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-12-21 10:02 - 2014-12-21 10:03 - 00000000 ____D () C:\Program Files\Speccy
2014-12-21 10:02 - 2014-12-21 10:02 - 04845384 _____ (Piriform Ltd) C:\Users\Gail Taylor\Downloads\spsetup125.exe
2014-12-20 23:02 - 2014-12-20 23:02 - 00073100 _____ () C:\Users\Gail Taylor\Downloads\DML-20141204-090102.csv
2014-12-18 16:55 - 2014-12-18 16:55 - 00244104 _____ () C:\Users\Gail Taylor\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-18 12:43 - 2014-12-18 12:43 - 00000646 _____ () C:\Users\Gail Taylor\Desktop\Laura alternator.txt
2014-12-17 13:26 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:26 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 23:12 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 23:12 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 12:22 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 12:22 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 12:22 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 12:22 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 12:22 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 12:22 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 12:22 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 12:22 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 12:22 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 12:22 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 12:22 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 12:22 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 12:22 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 12:22 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 12:22 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 12:22 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 12:22 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 12:22 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 12:22 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 12:22 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 12:22 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 12:22 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 12:22 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 12:22 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 12:22 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 12:22 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 12:22 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 12:22 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 12:22 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 12:22 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 12:22 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 12:22 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 12:22 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 12:22 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 12:22 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 12:22 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 12:22 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 12:22 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 12:22 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 12:22 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 12:22 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 12:22 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 12:22 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 12:22 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 12:22 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 12:22 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 12:22 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 12:22 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 12:22 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 12:22 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 12:22 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 12:22 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 12:22 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 12:22 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 12:22 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 12:22 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 12:22 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 12:21 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 12:21 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 12:21 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 12:21 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 12:21 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 12:21 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 12:21 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 12:21 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 12:21 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 12:21 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 12:21 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 12:21 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 12:21 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 12:21 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-04 12:27 - 2014-12-04 12:27 - 00000757 _____ () C:\Users\Picasso\Desktop\DML-20141204-090102 - Shortcut.lnk
2014-12-03 18:59 - 2014-12-03 18:59 - 00112183 _____ () C:\Users\Gail Taylor\Desktop\DML-20141202-111602_002.csv
2014-12-03 18:38 - 2014-12-03 18:38 - 00265212 _____ () C:\Users\Gail Taylor\Desktop\DML-20141203-104643_001.csv
2014-12-03 12:32 - 2014-12-05 22:11 - 00000000 ____D () C:\Users\Picasso\AppData\Roaming\SoftGrid Client
2014-12-03 12:32 - 2014-12-03 12:32 - 00000000 ____D () C:\Users\Picasso\AppData\Local\SoftGrid Client
2014-12-03 12:31 - 2014-12-03 12:31 - 00265212 _____ () C:\Users\Picasso\Desktop\DML-20141203-104643.csv
2014-12-03 12:31 - 2014-12-03 12:31 - 00112183 _____ () C:\Users\Picasso\Desktop\DML-20141202-111602.csv
2014-12-03 12:31 - 2014-12-03 12:31 - 00002192 _____ () C:\Users\Picasso\Desktop\DML-20141203-104546.csv
2014-12-01 21:39 - 2014-12-01 21:40 - 00000000 ____D () C:\Users\Gail Taylor\Desktop\atih_installer_hd_s_e
2014-12-01 21:33 - 2014-12-01 21:38 - 270216728 _____ () C:\Users\Gail Taylor\Desktop\atih_installer_hd_s_e.zip
2014-11-26 12:53 - 2014-12-25 11:50 - 00641024 ___SH () C:\Users\Gail Taylor\Documents\Thumbs.db
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 12:07 - 2014-05-31 08:50 - 01486013 _____ () C:\Windows\WindowsUpdate.log
2014-12-25 12:06 - 2014-10-31 15:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-25 12:04 - 2014-11-16 21:52 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 12:04 - 2014-06-12 21:06 - 00000314 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-12-25 12:04 - 2012-05-23 05:21 - 00000000 ____D () C:\ProgramData\Temp
2014-12-25 12:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 11:57 - 2014-11-16 21:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 11:29 - 2014-06-14 19:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 11:26 - 2014-06-14 19:51 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-25 11:26 - 2014-06-14 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-25 09:28 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-
 
601632D005A0
2014-12-25 09:28 - 2009-07-13 23:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-
 
601632D005A0
2014-12-24 20:37 - 2014-06-12 20:46 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B74165FB-7433-49BE-AE6A-0983012D9B08}
2014-12-23 06:43 - 2014-06-12 19:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-21 20:20 - 2014-11-11 16:46 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-21 11:32 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-21 00:14 - 2014-06-24 22:24 - 00000000 ____D () C:\Users\Gail Taylor\AppData\Roaming\SoftGrid Client
2014-12-19 12:15 - 2014-07-24 15:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-18 16:56 - 2014-07-24 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 16:56 - 2014-07-24 15:02 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-18 16:56 - 2014-07-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-15 12:17 - 2014-05-31 08:54 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B81FA439-A4C1-49AF-BF51-B20A27288BE8}
2014-12-11 20:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 18:35 - 2014-10-31 15:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 18:35 - 2014-10-31 15:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 18:35 - 2014-10-31 15:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 18:34 - 2014-09-27 19:36 - 00000000 ____D () C:\Users\Gail Taylor\AppData\Local\Adobe
2014-12-11 17:59 - 2014-11-16 21:53 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 17:19 - 2014-11-14 16:32 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 12:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 23:21 - 2014-06-13 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 23:15 - 2014-06-13 19:02 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-04 12:22 - 2009-07-14 00:13 - 00782668 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 19:55 - 2009-07-14 00:08 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\Gail Taylor\AppData\Local\Temp\Quarantine.exe
C:\Users\Gail Taylor\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-16 13:12
 
==================== End Of Log ============================
 
___________________________________________________________________________________
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014
Ran by Gail Taylor at 2014-12-25 12:10:08
Running from C:\Users\Gail Taylor\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9D1400EC-5703-3983-53B7-AEFB8BFD1CFA}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}) (Version: 2.2.8530 - K-NFB Reading Technology, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HANTEK1008 Ver1.0.10 (HKLM-x32\...\HANTEK1008 Ver1.0.10) (Version: 1.0.10 - ODM)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - 
 
Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
ScanTool (HKLM-x32\...\{BD4C5764-0DAF-4721-AF6E-6E556EA6E60A}) (Version: 10.0.3 - )
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft 
 
Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
10-12-2014 23:10:59 Windows Update
12-12-2014 21:07:41 Windows Update
16-12-2014 16:36:55 Windows Update
17-12-2014 16:24:02 Windows Update
21-12-2014 11:22:50 ComboFix created restore point
23-12-2014 06:55:56 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-21 11:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {25AAD4BB-0DC8-41E3-9507-2205282A54DA} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic
 
\SULauncher.exe [2012-08-21] (PC Tools)
Task: {480CE429-8770-424E-A57F-8D533A9FE828} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
 
[2014-11-16] (Google Inc.)
Task: {5A772FE7-B3DF-4FC5-9940-D1788B761E82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files 
 
(x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {636C8A67-FE0B-47A5-A65A-27228005F3D1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7C08ED61-383B-4060-9D0F-B476DCB07A09} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform 
 
Ltd)
Task: {7D8C070F-9D2A-417A-B37E-509851B0CA27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe 
 
[2014-11-20] (AVAST Software)
Task: {84B68EFE-FE89-4727-B65A-287EF970C67E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] 
 
(CyberLink)
Task: {860CB3E3-38D6-4829-A938-E7AEC41E43E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash
 
\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {97F4D384-8BCB-4C21-A556-F42B712DEF9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
 
[2014-11-16] (Google Inc.)
Task: {FF96A45C-24BE-4ED9-8126-E998D58EBE81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files 
 
(x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-10 03:01 - 2012-02-10 03:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-11 17:59 - 2014-12-05 20:16 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 17:59 - 2014-12-05 20:16 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 17:59 - 2014-12-05 20:17 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 17:59 - 2014-12-05 20:16 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-25 09:22 - 2014-12-25 09:22 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122500\algo.dll
2014-12-25 12:04 - 2014-12-25 12:04 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122501\algo.dll
2014-11-20 16:45 - 2014-11-20 16:45 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1419211143
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2048417740-612696392-1165526044-500 - Administrator - Disabled)
Gail Taylor (S-1-5-21-2048417740-612696392-1165526044-1004 - Administrator - Enabled) => C:\Users\Gail Taylor
Guest (S-1-5-21-2048417740-612696392-1165526044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2048417740-612696392-1165526044-1006 - Limited - Enabled)
Picasso (S-1-5-21-2048417740-612696392-1165526044-1001 - Administrator - Enabled) => C:\Users\Picasso
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/25/2014 00:04:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 09:21:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2014 09:44:32 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports
 
\35545b55-79fd-4dc7-9b2c-2c9cca7db2ef.dmp
 
Error: (12/24/2014 03:54:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2014 06:58:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2014 09:13:42 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports
 
\bf3e0736-3d34-4202-8dc2-f0dbc2f52ec5.dmp
 
Error: (12/23/2014 07:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2014 00:11:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:55:38 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports
 
\6d9654a5-c070-42be-85bc-f94032d63849.dmp
 
Error: (12/22/2014 04:25:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/25/2014 00:03:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069
 
Error: (12/25/2014 00:03:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the 
 
following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/25/2014 00:03:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (12/25/2014 00:03:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/25/2014 00:02:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action 
 
will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/25/2014 00:02:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/25/2014 00:02:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/25/2014 00:02:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following 
 
corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/25/2014 00:02:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 
 
30000 milliseconds: Restart the service.
 
Error: (12/25/2014 00:02:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will 
 
be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (12/25/2014 00:04:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 09:21:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2014 09:44:32 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports
 
\35545b55-79fd-4dc7-9b2c-2c9cca7db2ef.dmp
 
Error: (12/24/2014 03:54:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2014 06:58:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2014 09:13:42 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports
 
\bf3e0736-3d34-4202-8dc2-f0dbc2f52ec5.dmp
 
Error: (12/23/2014 07:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2014 00:11:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 06:55:38 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.95;lang=;guid=A54E433325D04B929721A9D2673D7BDC;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports
 
\6d9654a5-c070-42be-85bc-f94032d63849.dmp
 
Error: (12/22/2014 04:25:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-21 11:32:09.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could 
 
not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might 
 
be malicious software from an unknown source.
 
  Date: 2014-12-21 11:32:09.101
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could 
 
not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might 
 
be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 56%
Total physical RAM: 3560.37 MB
Available physical RAM: 1531.87 MB
Total Pagefile: 7118.91 MB
Available Pagefile: 5055.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:445.43 GB) (Free:387.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.03 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 915B52F3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
 

 

 

While creating these files I had to do a reboot. Computer was kinda slow to load desktop. When Yahoo homepage came up it loaded in a "minimum" format. Just some text on left side of screen. Last night it was doing the "He's Dead Jim" error in Chrome. As I type Chrome shows up in task manager 5 times.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 25 December 2014 - 02:02 PM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2048417740-612696392-1165526044-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll No File
CHR Extension: (Google Wallet) - C:\Users\Gail Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-16]
S3 catchme; \??\C:\ComboFix\catchme.sys [X][/B]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 December 2014 - 06:04 PM

 

 

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Not following? Save in logs folder? Tried that and when attempt to run FRST it says fixlist.txt not found?



#7 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 December 2014 - 09:23 PM

Ran Security Check

 


 

Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 


#8 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 December 2014 - 10:23 PM

Not sure what this changed but so far it's working fine. Removed Registry Mechanic, and re-installed Java & Adobe Flash Player. But i haven't been keeping browser open very long. Need to let it stew for a while.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 26 December 2014 - 07:59 AM

You do not have Java on this computer.
It's not required if you do not need it.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

This topic will be kept open for 5 days it you need to return please do.

#10 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 December 2014 - 12:57 PM

My only question is about memory usage in task manager. Chrome sometimes uses in excess of 300k of ram on one "line". Chrome appears 7 times currently. How do I create a screenshot of task manager?



#11 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 December 2014 - 01:11 PM

Just re-booted...back to same crap. Very slow to load and browser "not responding". Loaded home page with minimal text. Will buy another laptop and take this one to shop. I'm out of patience.

 

PS: After watching several YouTube videos in a row, it is working fine. Main thing that has changed is memory usage isn't hanging now. When I go from site to site the memory changes where before it seemed to just keep climbing until browser was closed. Maybe it will be OK? 


Edited by ktmlew, 26 December 2014 - 05:33 PM.


#12 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 27 December 2014 - 05:39 PM

Chrome crashed again. i'll add some RAM and see what happens.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 AM

Posted 28 December 2014 - 08:03 AM

Check your Virtual Memory settings.

http://windows.microsoft.com/en-ca/windows/change-virtual-memory-size#1TC=windows-7

#14 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 28 December 2014 - 05:38 PM

 

Reset to max size and so far it's working great. Seems to have really perked the performance up too.



#15 ktmlew

ktmlew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 28 December 2014 - 10:59 PM

Just crashed again. One tab open checking bank balance. Site loaded for about 1 sec ond then black screen. I will put another 4 gig of RAM in soon. It's about 80% better than it was but still has an issue?
"He's Dead, Jim!"
Issue

You may see the “He’s Dead, Jim!” message if the operating system has terminated the tab’s process due to a lack of memory. Computers rely on memory to run programs. Low amounts of memory can cause programs to run slowly or stop running altogether.

Alternatively, if you terminated the process using Google Chrome's Task Manager, the system's task manager, or with a command line tool, this message will appear as well.

Solution

If the page wasn’t ended intentionally, reload the page to continue. If the message continues to appear, try closing inactive tabs or other programs to free up more memory.

Curious about the title? "He's dead, Jim!" is a reference from Star Trek to describe things that are unresponsive. Learn more about "He's dead, Jim!"

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users