Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow ... so slow. don't know what to do


  • This topic is locked This topic is locked
2 replies to this topic

#1 drunkchickens

drunkchickens

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 October 2015 - 01:53 AM

My computer and my internet is so slow. No matter what browser I use, pages that I typically go to now take forever to load if at all and it takes multiple tries for pages and downloads to go if at all. It was fine yesterday, so I don't know what happened. I did a lot of what was instructed in the Slow Computer/Browser post, but it didn't help. Probably not my internet connection as all my housemates' laptops/computers are running just fine. Programs aren't loading or just hanging ... and some/most websites never seem to stop loading ...

Thank you in advance!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 02
Ran by Irene (administrator) on SUGAR (11-10-2015 23:18:28)
Running from C:\Users\Irene\Downloads
Loaded Profiles: Irene (Available Profiles: Irene)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
Failed to access process -> FoxitReader.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Egnyte Inc.) C:\Program Files (x86)\Egnyte\Egnyte WebEdit\client.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msoia.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-12] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-24] (AVAST Software)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3275438446-2732290944-446374693-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-3275438446-2732290944-446374693-1002\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-3275438446-2732290944-446374693-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-3275438446-2732290944-446374693-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-24] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-25] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Egnyte WebEdit.lnk [2015-09-11]
ShortcutTarget: Egnyte WebEdit.lnk -> C:\Windows\Installer\{EC9FC5AD-CE6C-42D5-8940-CB79EAAFB80D}\egnyte_edit_icon.ico ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4A564FB8-3F8A-41C8-8906-73E64DC782A9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AC9DBA63-EB7C-462A-9A54-069609993B74}: [DhcpNameServer] 130.65.2.32 130.65.2.33 130.65.25.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3275438446-2732290944-446374693-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {D86F8B79-097A-49B0-86BE-78EA0A362FCF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D86F8B79-097A-49B0-86BE-78EA0A362FCF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3275438446-2732290944-446374693-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3275438446-2732290944-446374693-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3275438446-2732290944-446374693-1002 -> {D86F8B79-097A-49B0-86BE-78EA0A362FCF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-25] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2015-04-20] (Nuance Communications, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-03] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-25] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-25] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2015-04-20] (Nuance Communications, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-25] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\2h68gi27.default-1444587126710
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2015-04-20] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2015-04-20] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-3275438446-2732290944-446374693-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Irene\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-17] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\2h68gi27.default-1444587126710\searchplugins\dictionary.xml [2015-10-11]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\2h68gi27.default-1444587126710\Extensions\adblockpopups@jessehakanen.net.xpi [2015-10-11]
FF Extension: Ghostery - C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\2h68gi27.default-1444587126710\Extensions\firefox@ghostery.com.xpi [2015-10-11]
FF Extension: Fasterfox - C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\2h68gi27.default-1444587126710\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-10-11]
FF Extension: Adblock Plus - C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\2h68gi27.default-1444587126710\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-10]

Chrome:
=======
CHR HKU\S-1-5-21-3275438446-2732290944-446374693-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-24] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2015-04-20] (Nuance Communications, Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-12] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-24] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 Sftfs; C:\Windows\system32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\system32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\system32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-11 23:18 - 2015-10-11 23:18 - 00021716 _____ C:\Users\Irene\Downloads\FRST.txt
2015-10-11 23:15 - 2015-10-11 23:18 - 00000000 ____D C:\FRST
2015-10-11 23:15 - 2015-10-11 23:15 - 01699840 _____ (Farbar) C:\Users\Irene\Downloads\FRST.exe
2015-10-11 23:13 - 2015-10-11 23:13 - 02195968 _____ (Farbar) C:\Users\Irene\Downloads\FRST64.exe
2015-10-11 11:12 - 2015-10-11 11:12 - 00000000 ____D C:\Users\Irene\Desktop\Old Firefox Data
2015-10-10 22:55 - 2015-10-10 22:55 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2015-10-10 21:51 - 2015-10-10 22:57 - 00000000 ____D C:\Users\Irene\Desktop\10.12.15-10.14.15
2015-10-07 20:59 - 2015-10-07 20:59 - 00000000 ____D C:\Users\Public\Foxit Software
2015-10-02 12:12 - 2015-10-04 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 15:22 - 2015-09-30 15:29 - 459077320 _____ C:\Users\Irene\Downloads\9-30 Irene  117-A-Camera 09-30-2015 2-05-PM.mp4
2015-09-28 15:01 - 2015-09-28 15:10 - 357235612 _____ C:\Users\Irene\Downloads\ic 9.28.15  117-A-Camera 09-28-2015 1-53-PM.mp4
2015-09-26 13:54 - 2015-09-20 16:29 - 1311401695 _____ C:\Users\Irene\Desktop\KL Speech Sample.MP4
2015-09-24 23:03 - 2015-09-24 23:03 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-24 23:03 - 2015-09-24 23:03 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-21 15:01 - 2015-09-21 15:15 - 372898014 _____ C:\Users\Irene\Downloads\9.21.15 ic  117-A-Camera 09-21-2015 1-52-PM.mp4
2015-09-20 21:08 - 2015-09-20 21:08 - 00001950 _____ C:\Users\Irene\Desktop\LP & SOAP Notes.lnk
2015-09-19 21:24 - 2015-09-19 21:37 - 00000000 ____D C:\Users\Irene\Desktop\mom cooking
2015-09-19 21:24 - 2015-09-19 21:28 - 00000000 ____D C:\Users\Irene\Desktop\dad car
2015-09-18 13:11 - 2015-09-28 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-18 13:09 - 2015-09-28 21:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-15 18:27 - 2015-09-15 18:27 - 00000000 ____D C:\Program Files (x86)\HP
2015-09-15 17:13 - 2015-10-04 19:55 - 00000000 ____D C:\Users\Irene\Desktop\KAT Materials
2015-09-15 14:45 - 2015-09-15 14:45 - 00001545 _____ C:\Users\Irene\Downloads\10054638.acsm
2015-09-11 09:24 - 2015-10-11 22:44 - 00000000 ____D C:\Users\Irene\AppData\Local\EgnyteWebEdit
2015-09-11 09:24 - 2015-09-11 09:24 - 00000000 ____D C:\Users\Irene\AppData\Roaming\EgnyteWebEdit
2015-09-11 09:24 - 2015-09-11 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egnyte WebEdit
2015-09-11 09:24 - 2015-09-11 09:24 - 00000000 ____D C:\Program Files (x86)\Egnyte

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-11 23:19 - 2014-09-15 13:23 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-11 23:05 - 2014-09-08 20:27 - 02095946 _____ C:\Windows\WindowsUpdate.log
2015-10-11 23:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-11 22:55 - 2015-02-12 17:14 - 00000000 ____D C:\Users\Irene\.rainlendar2
2015-10-11 22:48 - 2014-09-08 20:37 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3275438446-2732290944-446374693-1002
2015-10-11 22:46 - 2014-09-15 13:23 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-11 22:45 - 2014-09-15 13:31 - 00000000 ___RD C:\Users\Irene\Google Drive
2015-10-11 22:37 - 2014-10-10 16:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-11 12:03 - 2014-09-15 13:23 - 00000000 ____D C:\Users\Irene\AppData\Local\Google
2015-10-11 12:03 - 2014-09-15 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-11 11:06 - 2014-10-10 16:17 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-10 23:00 - 2015-09-08 21:54 - 00000000 ____D C:\Users\Irene\Desktop\aphasia
2015-10-10 22:56 - 2015-07-26 16:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-10 22:48 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2015-10-10 17:40 - 2014-09-08 20:31 - 00000000 ____D C:\Users\Irene\AppData\Local\Packages
2015-10-08 07:59 - 2013-08-22 07:46 - 00030580 _____ C:\Windows\setupact.log
2015-10-08 07:59 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-08 07:58 - 2014-09-01 21:32 - 01915999 _____ C:\Windows\SysWOW64\rootpa.e2e
2015-10-08 07:58 - 2014-09-01 21:22 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-10-06 19:02 - 2014-09-10 09:09 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-10-06 13:26 - 2015-04-04 15:24 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-05 18:28 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-05 18:24 - 2015-04-04 15:24 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-04 14:57 - 2014-09-08 14:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-04 14:57 - 2014-03-18 02:44 - 00099228 _____ C:\Windows\PFRO.log
2015-10-04 14:55 - 2014-09-08 20:31 - 00000000 ____D C:\Users\Irene
2015-10-04 07:25 - 2014-09-15 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-03 17:37 - 2015-05-02 21:56 - 00000000 ____D C:\Users\Irene\Downloads\Tokyo Ghoul
2015-10-03 11:16 - 2015-06-07 15:09 - 00000000 ____D C:\Users\Irene\Desktop\Speech
2015-10-01 19:46 - 2015-05-05 19:08 - 00003158 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIrene
2015-10-01 19:46 - 2015-05-05 19:08 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForIrene.job
2015-09-30 09:15 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-29 21:02 - 2015-06-13 13:14 - 00000000 ____D C:\Users\Irene\AppData\Local\Foxit Reader
2015-09-26 14:31 - 2015-06-22 11:14 - 00000000 ____D C:\Users\Irene\Desktop\Books
2015-09-24 23:03 - 2014-10-10 16:16 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-24 23:03 - 2014-10-10 16:16 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-24 23:03 - 2014-10-10 16:16 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-24 23:03 - 2014-10-10 16:16 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-24 23:03 - 2014-10-10 16:16 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-24 23:03 - 2014-10-10 16:16 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-24 23:03 - 2014-10-10 16:16 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-24 23:03 - 2014-10-10 16:16 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-21 11:36 - 2014-10-10 16:57 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-19 19:51 - 2014-03-18 02:53 - 00957406 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-18 18:49 - 2013-08-22 07:44 - 00746744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-18 18:47 - 2014-09-08 20:36 - 00000000 ____D C:\Users\Irene\AppData\Roaming\SoftGrid Client
2015-09-18 13:10 - 2014-09-08 20:31 - 00000000 ____D C:\Users\Irene\AppData\Local\VirtualStore
2015-09-16 15:13 - 2014-09-15 13:23 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 15:13 - 2014-09-15 13:23 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 18:27 - 2014-05-06 00:56 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-09-15 18:26 - 2014-03-31 18:07 - 00000000 ____D C:\SWSetup
2015-09-15 13:20 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-14 18:18 - 2015-04-16 22:17 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 18:18 - 2015-04-16 22:17 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 13:07 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-09-12 18:35 - 2014-03-18 02:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 18:35 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-09-12 18:35 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\inetsrv
2015-09-12 18:35 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories =======

2015-06-24 18:00 - 2015-08-28 13:31 - 0001319 _____ () C:\Users\Irene\AppData\Roaming\SAS7_000.DAT
2015-03-20 20:16 - 2015-03-20 20:16 - 0007605 _____ () C:\Users\Irene\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Irene\AppData\Local\Temp\Extract.exe
C:\Users\Irene\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Irene\AppData\Local\Temp\mpam-dc93f6d9.exe
C:\Users\Irene\AppData\Local\Temp\SP71716.exe
C:\Users\Irene\AppData\Local\Temp\{85C7BED3-F438-4139-BFA1-60349EC24B85}-45.0.2454.85_chrome_installer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-06 14:40

==================== End of FRST.txt ============================

Attached Files


Edited by drunkchickens, 12 October 2015 - 11:57 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 17 October 2015 - 01:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/593185 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 22 October 2015 - 02:00 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users