Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unused registry keys effecting performance?


  • Please log in to reply
30 replies to this topic

#1 enimen2

enimen2

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 04:19 PM

Been having problems with my cpu running too high and high memory, its been giving me a headache trying to find the culprit or all the culprits. Thought it may be virus or maleware but i kinda got that taken care of or still in the process in another thread. Today i decided to redownload cc cleaner and avg tuneup. Was gonna run some before and after tests to see if i could get some results. Avg tuneup is pretty good, used it before to disable certain programs from running or to turn them off if they go idle for a certain amount of time. Well i ran cc cleaner 1st, did a file cleanup. 

 

Computer is a HP Pavilon p6207c 

Pentium R Dual Core CPU E5300 @ 2.60 GHZ  2.60GHZ

RAM 5GB

WIndows 7 home premium 64 bit SP1

 

Lately theres been abnormaly high cpu usage as well as RAM, before (which i really wouldnt say was normal but compared to now alot better) was on idle with nothing open just the desktop screen CPU 1-10%

RAM was about 2.5GB

Lately its been alot higher, on idle just on desktop no programs open it will fluctuate very often and rapidly, where as before not to much fluctuation except in the 1-10% range. Now it goes from 1- 75% or more. And the RAM has been up into the 3.8GB or higher range. Havnt added really any new programs, Actually been taking some off, Most of the ones i do add are games that dont run on startup and only when i play them. Suprisingly enough for how bad the usage is on idle i can still play half life 2 which is very demanding on the intel R gma 31/33, the half life game im using has been modified some way which is why i can play it on here, the original and demo are unplayable.

 

Theres been some items in my startup folder that ive been trying to get rid of, Realplayer cloud used to be installed and i got rid of it yet its still in the startup. I hate how you can uninstall a program and files are still left behind. I tried going to the folder it said it was located at but there was nothing there. Finally i figured out that using cc cleaner i can open it in regedit. This is where the actuall files were, why it said a different location i dont know. But after deleting them i noticed a nice decrease in RAM. While deleting i only had mbam running a custom scan, google chrome and cc cleaner open. CPU usage was minorly effected, it went from around 70% lowest point to hitting 67-68% every so often. The Ram went from 3.8 - about 2.8 GB. Currently its gone back up to about 2.90GB - 3.10GB.

 

I guess you could say im wondering if those left behind registry keys are really effecting the computer that much. And if so why are they left behind. Was also disabling some startup programs as well, which wernt really the problem since they were running before i started having issues but realized they really didnt need to be running anyway. Ones like igfx tray and persistance for the intel chip. I do have one in there for the java updater that im unsure if i should remove it. What would you guys suggest on that one?


Edited by enimen2, 23 May 2015 - 04:21 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 23 May 2015 - 04:24 PM

Hi enimen2 :)

warning.gifPC Booster/Tune-Up Program Warning!
"PC Booster/Tune Up" programs are part of the worst programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they'll often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a "broke" system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need. Here's a few examples:
  • Cleaning temporary files: TFC (standalone executable), CCleaner (installed), Cleanmgr.exe (in-built);
  • Managing start-up entries: Autoruns (standalone executable), CCleaner (installed), Task Manager and Registry (in-built);
  • Driver Updater: Not needed, all you need is to go on your manufacturer website so you'll be sure to get the right, official, working drivers for your computer or hardware;
  • Registry Cleaner/Defragger: Completely useless and also dangerous;
  • Disk Defragging: Disk Defrag (in-built), O&O Disk Defrag (installed), Defraggler (installed);
  • Powerful uninstaller: Not needed, only needed when you have to make sure a program is completely uninstalled. Revo Uninstaller have a portable version you can use;
  • "Enhanced" Task Manager: Procexp (standalone executable), Process Hacker (portable or installed);
  • "Active security": Any Antivirus and Antimalware can beat that, easily. These programs aren't made to replace Antivirus or Antimalware products and shouldn't be seen as such;
  • Repair Hard Drive issues: Simple chkdsk /r command under Windows (in-built);
Having such program installing on your system will just bloat it down and you have more chances to have issues by using them than without. These products are advertised as a program that can solve all your issues, remove every malware, speed up your computer performance over 100%, etc. The truth is that there's not a single program that can do that. First of all, these programs aren't made to remove virus and malware, leave this in the hands of Antivirus and Antimalware, period. Secondly, there's so many kind of issues under Windows that there's not a single program that can address them all. If you think that BSOD (Blue Screen of Death) issues can be solved by opening a program and clicking on a "Fix" button, then I'm sorry to tell you but, you're wrong. Also, you cannot boost the performance of a hardware over it's hardware capabilities. Of course you can overclock some components, like your CPU, RAM and GPU, but these aren't done via these programs, but via your BIOS interface. I could recommend you a program for every feature these programs advertise, and also tell you exactly in detail why most of them are completely useless, such as Registry cleaner (dangerous to use), and driver updater (dangerous to use, and also completely useless, it'll not improve your system performance). In the end, buying such programs is the exact same as being scammed (because this is what it is, a pure scam) and using one of these programs will result you in having a system less performant than prior to using it.

Relevant articles if you want to read more about PC Boosters/Optimizers and why they are useless:warning.gifRegistry Cleaners Warning!
Registry Cleaners are known to be harmful to the system and should not be used for any reason there is. It's a known fact that using Registry Cleaners can easily break a Windows installation, to the point where a complete reinstallation might be needed. Here's a few myths about using these programs, and why they are just plainly false.
  • "Using a Registry Cleaner will improve a system's performance" - False. The Windows Registry is a big database which contains information on everything present on the system, from the boot settings to how your programs looks when you open them. There's so many entries in it that cleaning even thousands of them isn't enough to boost a system performance. Also, there's no studies, tests, benchmarks, etc. which shows that using Registry Cleaners actually improve a system speed;
  • "Using a Registry Cleaner will fix all your errors" - False. Using a Registry Cleaner won't fix any problems at all. In fact, it have more chances to create them if anything. There's no program that can fix every problems in a simple click, and there probably never will. If you have an error, it's better to troubleshoot that error in particuliar by finding what's causing it and fixing it than using a software that might give you more errors;
  • "If you don't use a Registry Cleaner, you'll leave a door open for malware" - False. It is rare that malware will actually hijack orpheans keys and keypairs in the Registry to create persistence or install themself. They'll usually create their own keys/keypairs since they have been instructed (coded) to do so, and the creator cannot expect every system he'll infect to have leftover keys. Also, pretty much only Reg Loading Points in the Registry would be of any interest for a malware to hijack, and these are usually occupied already, or quickly deleted when empty;
  • Registry Cleaners aren't Registry Defraggers - These are two different kind of software who have two distinct function each.
  • On a last note, there's a lot of Registry Cleaners out here that won't create a back-up of your Registry before applying the changes they make. Which means that if you use them and clean entries that prevents Windows to reboot after, locking you out of your computer, you won't be able to restore a precedent Registry back-up via the Recovery PE. This means that if you can't fix the boot issue after that, you'll most likely be forced to reinstall Windows;
Registry Cleaners were used back in the days by developers who were using a OLE-schema for their applications. They used these to clean the Registry after uninstalling their programs, just in case there was traces of it left behind that could affect a reinstallation. These were back in the Windows 95 and Windows 98 days and this practice isn't in effect anymore. Therefore, there's no reason for you to use such programs and quite a few to avoid them instead.

Here's more articles on Registry Cleaners that are worth a read if you want to learn more about them and why you shouldn't use them.This being said we should get more information on your system in order to assist you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      wNeKMCX.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Xirw

Xirw

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 23 May 2015 - 04:36 PM

I know its not my topic and im not supposed to reply but I just had to mention something about this:------> "Using a Registry Cleaner will fix all your errors" - False. Using a Registry Cleaner won't fix any problems at all.

 

Even though I do agree with that statement but I have to give credit where credit is due. On a vmware machine I had a folder on my desktop that was corrupt I believe and my virtual Windows 8 already thought it was "deleted" so I could not delete the folder off my desktop in any way. I tried everything from Malwarebytes FileASSASSIN to trying to wipe the file from the hard drive to literally everything and it would not go.

 

I used CCleaners registry cleaner, scanned, I unchecked all except to the path issue and fixed it. Believe it or not it worked and I was able to delete the folder. So I wouldn't say reg cleaners are a complete lost cause.


Edited by tg1489, 23 May 2015 - 04:36 PM.


#4 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 05:03 PM

Having issues downloading that file using both chrome and IE, chrome keeps saying download failed or failed to download because it cant scan for virus's. Which in settings the phishing is turned off, IE keeps saying file access denied. Any suggestions?



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 23 May 2015 - 05:05 PM

I suggest you to disable your Antivirus for the time of the download and run of MiniToolBox as it can be blocked by it. If it doesn't work, let me know.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 05:22 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by TRISHA ECKARD (administrator) on 23-05-2015 at 15:31:56
Running from "C:\Users\TRISHA ECKARD\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: NY587AA-ABA p6207c Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/23/2015 01:18:51 PM) (Source: MsiInstaller) (User: TRISHECKARD-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (05/23/2015 01:18:49 PM) (Source: MsiInstaller) (User: TRISHECKARD-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (05/23/2015 01:18:15 PM) (Source: MsiInstaller) (User: TRISHECKARD-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (05/23/2015 01:13:38 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {37faa98e-9113-4fd3-b302-bc80a3d8107c}
 
Error: (05/23/2015 00:37:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: hpzsetup.exe, version: 13.0.445.0, time stamp: 0x4a735848
Faulting module name: hpzsetup.exe, version: 13.0.445.0, time stamp: 0x4a735848
Exception code: 0xc000000d
Fault offset: 0x0009d2ac
Faulting process id: 0xe1c
Faulting application start time: 0xhpzsetup.exe0
Faulting application path: hpzsetup.exe1
Faulting module path: hpzsetup.exe2
Report Id: hpzsetup.exe3
 
Error: (05/23/2015 01:44:09 AM) (Source: MsiInstaller) (User: TRISHECKARD-PC)
Description: Product: HPPhotosmartEssential -- Error 1706. An installation package for the product HPPhotosmartEssential cannot be found. Try the installation again using a valid copy of the installation package 'HPPhotosmartEssential.msi'.
 
Error: (05/23/2015 01:43:21 AM) (Source: MsiInstaller) (User: TRISHECKARD-PC)
Description: Product: HPPhotosmartEssential -- Error 1706. An installation package for the product HPPhotosmartEssential cannot be found. Try the installation again using a valid copy of the installation package 'HPPhotosmartEssential.msi'.
 
Error: (05/23/2015 01:28:19 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {044855bb-3078-4cad-adcd-34dc33aca049}
 
Error: (05/22/2015 09:55:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: DrvInst.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2c6
Faulting module name: hpzids40.dll, version: 10.0.0.76, time stamp: 0x47300173
Exception code: 0xc000000d
Fault offset: 0x000000000002117d
Faulting process id: 0xc1c
Faulting application start time: 0xDrvInst.exe0
Faulting application path: DrvInst.exe1
Faulting module path: DrvInst.exe2
Report Id: DrvInst.exe3
 
Error: (05/22/2015 09:21:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: DrvInst.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2c6
Faulting module name: hpzids40.dll, version: 10.0.0.76, time stamp: 0x47300173
Exception code: 0xc000000d
Fault offset: 0x000000000002117d
Faulting process id: 0xd5c
Faulting application start time: 0xDrvInst.exe0
Faulting application path: DrvInst.exe1
Faulting module path: DrvInst.exe2
Report Id: DrvInst.exe3
 
 
System errors:
=============
Error: (05/23/2015 01:46:52 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/23/2015 01:46:26 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/23/2015 01:44:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2015 01:43:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2015 01:42:33 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2015 01:42:33 AM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (05/23/2015 01:41:11 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/23/2015 01:41:08 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (05/23/2015 01:36:48 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/23/2015 01:34:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (05/23/2015 01:18:51 PM) (Source: MsiInstaller)(User: TRISHECKARD-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/23/2015 01:18:49 PM) (Source: MsiInstaller)(User: TRISHECKARD-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/23/2015 01:18:15 PM) (Source: MsiInstaller)(User: TRISHECKARD-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/23/2015 01:13:38 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {37faa98e-9113-4fd3-b302-bc80a3d8107c}
 
Error: (05/23/2015 00:37:29 PM) (Source: Application Error)(User: )
Description: hpzsetup.exe13.0.445.04a735848hpzsetup.exe13.0.445.04a735848c000000d0009d2ace1c01d0958fe4bf70bdC:\Users\TRISHA ECKARD\Desktop\Hp Printer Install Software\fullextract\OJJ4500_Full_13\hpzsetup.exeC:\Users\TRISHA ECKARD\Desktop\Hp Printer Install Software\fullextract\OJJ4500_Full_13\hpzsetup.exe25478564-0183-11e5-91d3-90e6ba1ce441
 
Error: (05/23/2015 01:44:09 AM) (Source: MsiInstaller)(User: TRISHECKARD-PC)
Description: Product: HPPhotosmartEssential -- Error 1706. An installation package for the product HPPhotosmartEssential cannot be found. Try the installation again using a valid copy of the installation package 'HPPhotosmartEssential.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/23/2015 01:43:21 AM) (Source: MsiInstaller)(User: TRISHECKARD-PC)
Description: Product: HPPhotosmartEssential -- Error 1706. An installation package for the product HPPhotosmartEssential cannot be found. Try the installation again using a valid copy of the installation package 'HPPhotosmartEssential.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/23/2015 01:28:19 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {044855bb-3078-4cad-adcd-34dc33aca049}
 
Error: (05/22/2015 09:55:31 PM) (Source: Application Error)(User: )
Description: DrvInst.exe6.1.7600.163854a5bc2c6hpzids40.dll10.0.0.7647300173c000000d000000000002117dc1c01d09514b06078fbC:\Windows\system32\DrvInst.exeC:\Windows\system32\hpzids40.dllefd60c10-0107-11e5-b5a7-90e6ba1ce441
 
Error: (05/22/2015 09:21:25 PM) (Source: Application Error)(User: )
Description: DrvInst.exe6.1.7600.163854a5bc2c6hpzids40.dll10.0.0.7647300173c000000d000000000002117dd5c01d0950feca64bbeC:\Windows\system32\DrvInst.exeC:\Windows\system32\hpzids40.dll2c4ddbb9-0103-11e5-8d8e-90e6ba1ce441
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-30 18:03:44.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-30 18:03:44.647
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:23.272
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:23.131
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.882
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.676
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.540
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.228
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
4500_Help (HKLM-x32\...\{572F2A62-70CD-4429-8758-6D4D6DC696E1}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! Browser Configuration (HKLM-x32\...\AT&T Yahoo! Browser Configuration) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (HKLM-x32\...\{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{0A5825FD-0FB7-4e45-9037-858D463F2943}) (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{2951A232-69BA-4925-BB9A-CEEB72B18B4F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocMgr (HKLM-x32\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life Decay PC 1.0 (HKLM-x32\...\Half-Life Decay PC_is1) (Version:  - Vyacheslav Dzhura and Denys Zhatov)
Half-Life: Before (HKLM-x32\...\Steam App 261980) (Version:  - Andrii Vintsevych)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
J4500 (HKLM-x32\...\{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}) (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.140 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
ProductContext (HKLM-x32\...\{6697D99E-E550-4498-B793-4A8DD8A1821F}) (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.154 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 62%
Total physical RAM: 5110.23 MB
Available physical RAM: 1939.3 MB
Total Pagefile: 10218.66 MB
Available Pagefile: 6213.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.61 MB
 
========================= Partitions: =====================================
 
1 Drive c: (HP) (Fixed) (Total:453.76 GB) (Free:314.12 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.9 GB) (Free:2.13 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\TRISHECKARD-PC
 
Administrator            Guest                    TRISHA ECKARD            
 
 
**** End of log ****

Edited by enimen2, 23 May 2015 - 05:32 PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 23 May 2015 - 05:28 PM

You can uninstall the following programs:
  • AT&T Yahoo! Browser Configuration;
  • Coupon Printer for Windows;
  • Google Toolbar for Internet Explorer;
Did you try using the Sophos Virus Removal Tool lately?

Also, follow these instructions below.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Go on ge.tt and upload the Autoruns file you saved;
  • Once done, post the download URL of your uploaded file in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 05:45 PM

The programs you listed if it was my computer i would get rid of them but its my moms computer and my sister uses those. As far as the sophos yea i ran it the other day, had a thread open to try and clean out any possible infection, and the helper thought it was done, i didint think so so i downloaded a bunch of tools from this site including sophos and it found some issues in a portable photoshop app. When it scanned and finished i clicked clean, after that on the results page it said cleaned items 0, so i figured something went wrong, reran the scan and nothing came up. I still have the logs though but in the logs it says they were cleaned so not sure about that.


Edited by enimen2, 23 May 2015 - 05:47 PM.


#9 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 05:56 PM

http://ge.tt/4HgzayG2/v/0?c



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 23 May 2015 - 06:09 PM

Delete the entries below. To delete an entry, right-click on it and select Delete.

2j7sdII.png
dreSg2B.png
05kZJp3.png
J6M014D.png

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 06:20 PM

Ok deleted them, theres only one yellow entry left the rdpclip. Were those all things that were still starting up?


Edited by enimen2, 23 May 2015 - 06:20 PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 23 May 2015 - 06:27 PM

Windows still tried to load them, despite the fact that the file they were fetching couldn't be found, yes. Normally, your RAM should sit at around 2GB (or a bit more) when your system is idle. Can you confirm that?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 06:33 PM

right now its at 3.2 but mbam is still running as well as chrome. Mbam should be finishing up shortly, custom scan usually takes a lil over 4 hrs. When it gets done ill reboot and let you know what its at or should i do it without reboot?



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 23 May 2015 - 06:35 PM

Right now, I want you to uninstall Google Chrome, and install the 64-bits version of it. This version will take a lot less RAM and CPU than the 32-bits version which you currently have, and it should help lower the overall RAM and CPU usage on your system. To download the 64-bits version of it, go on the Google Chrome website below, select Download Chrome for another platform and select Windows 8/7 64bit.

https://www.google.com/chrome/browser/desktop/index.html

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 PM

Posted 23 May 2015 - 07:05 PM

Got it, after uninstalling chrome it dropped to about 2.8 right now its about 3.4






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users