Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow computer with win 7 premium [Solved]


  • This topic is locked This topic is locked

#46
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK temps are good, the voltages are above my head so I ignore them any way :)

When the new slowdown commenced was it a gradual deterioration or an all in go ?

Have you received any further blue screens ?
  • 0

Advertisements


#47
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
all in for slowdown, and keep losing connection, the pop up that says internet explorer has stopped working. otherwise no blue screen since the thermal event
  • 0

#48
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that you have disable AOS in your browsers

Please download MiniToolBox, save it to your desktop and run it.
Posted Image
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

#49
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
avast add ons are disabled except 2 that say 64 bit will not let me disable them. below is text from mini tool box

MiniToolBox by Farbar Version: 23-01-2014
Ran by greg & jacki (administrator) on 24-02-2014 at 09:55:02
Running from "C:\Users\greg & jacki\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.mn.comcast.net.

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-53-4D-15
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-53-4D-15
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.mn.comcast.net.
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-53-4D-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:2:5600:4f8:41c0:a9c9:f560:3b3a(Preferred)
IPv6 Address. . . . . . . . . . . : 2601:2:5600:4f8:db6c:33bb:4b5b:29f9(Preferred)
Lease Obtained. . . . . . . . . . : Sunday, February 23, 2014 9:55:18 PM
Lease Expires . . . . . . . . . . : Wednesday, February 26, 2014 6:36:03 AM
Temporary IPv6 Address. . . . . . : 2601:2:5600:4f8:51df:af2e:d2bf:449b(Preferred)
Link-local IPv6 Address . . . . . : fe80::41c0:a9c9:f560:3b3a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, February 23, 2014 9:54:47 PM
Lease Expires . . . . . . . . . . : Monday, March 03, 2014 8:32:50 AM
Default Gateway . . . . . . . . . : fe80::7acd:8eff:fe0d:62a2%12
10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 322971074
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-03-62-DB-10-1F-74-17-57-8A
DNS Servers . . . . . . . . . . . : 2001:558:feed::2
2001:558:feed::1
75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : btoa06.dellswdlb.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 10-1F-74-17-57-8A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: cdns02.comcast.net
Address: 2001:558:feed::2

Name: google.com
Addresses: 2607:f8b0:4009:801::1005
74.125.225.70
74.125.225.66
74.125.225.65
74.125.225.73
74.125.225.71
74.125.225.69
74.125.225.67
74.125.225.78
74.125.225.64
74.125.225.68
74.125.225.72


Pinging google.com [2607:f8b0:4009:806::1007] with 32 bytes of data:
Reply from 2607:f8b0:4009:806::1007: time=20ms
Reply from 2607:f8b0:4009:806::1007: time=19ms

Ping statistics for 2607:f8b0:4009:806::1007:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 20ms, Average = 19ms
Server: cdns02.comcast.net
Address: 2001:558:feed::2

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=38ms TTL=47
Reply from 98.138.253.109: bytes=32 time=38ms TTL=47

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 38ms, Average = 38ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...40 25 c2 53 4d 15 ......Microsoft Virtual WiFi Miniport Adapter #2
13...40 25 c2 53 4d 15 ......Microsoft Virtual WiFi Miniport Adapter
12...40 25 c2 53 4d 14 ......Intel® Centrino® Wireless-N 6150
11...10 1f 74 17 57 8a ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.4 25
10.0.0.0 255.255.255.0 On-link 10.0.0.4 281
10.0.0.4 255.255.255.255 On-link 10.0.0.4 281
10.0.0.255 255.255.255.255 On-link 10.0.0.4 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 281 ::/0 fe80::7acd:8eff:fe0d:62a2
1 306 ::1/128 On-link
12 33 2601:2:5600:4f8::/64 On-link
12 281 2601:2:5600:4f8:41c0:a9c9:f560:3b3a/128
On-link
12 281 2601:2:5600:4f8:51df:af2e:d2bf:449b/128
On-link
12 281 2601:2:5600:4f8:db6c:33bb:4b5b:29f9/128
On-link
12 281 fe80::/64 On-link
12 281 fe80::41c0:a9c9:f560:3b3a/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/24/2014 08:18:19 AM) (Source: Application Hang) (User: )
Description: The program speedfan.exe version 4.47.0.386 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e94

Start Time: 01cf316b29e54827

Termination Time: 22604

Application Path: C:\Program Files (x86)\SpeedFan\speedfan.exe

Report Id: 6e154eca-9d5e-11e3-a810-101f7417578a

Error: (02/23/2014 09:54:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6345.0, time stamp: 0x4de7669e
Faulting module name: STacSV64.exe, version: 1.0.6345.0, time stamp: 0x4de7669e
Exception code: 0xc0000005
Fault offset: 0x0000000000020cec
Faulting process id: 0x480
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3


System errors:
=============
Error: (02/24/2014 06:21:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:21:37 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:21:35 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:21:35 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:21:14 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:20:44 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:19:15 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:19:12 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:19:12 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (02/24/2014 06:19:12 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (02/24/2014 08:18:19 AM) (Source: Application Hang)(User: )
Description: speedfan.exe4.47.0.3861e9401cf316b29e5482722604C:\Program Files (x86)\SpeedFan\speedfan.exe6e154eca-9d5e-11e3-a810-101f7417578a

Error: (02/23/2014 09:54:52 PM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.6345.04de7669eSTacSV64.exe1.0.6345.04de7669ec00000050000000000020cec48001cf311422ceb588C:\Program Files\IDT\WDM\STacSV64.exeC:\Program Files\IDT\WDM\STacSV64.exe69be1afa-9d07-11e3-a810-101f7417578a


CodeIntegrity Errors:
===================================
Date: 2013-11-27 06:50:32.327
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-27 06:50:32.327
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-27 06:50:32.312
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-27 06:50:32.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-27 06:50:32.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-27 06:50:32.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-26 16:37:44.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-26 16:37:44.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-26 16:37:44.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-26 16:37:44.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe SVG Viewer 3.0 (Version: 3.0)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
ATI Catalyst Install Manager (Version: 3.0.816.0)
Auslogics BoostSpeed (Version: 6.4.2.0)
Auslogics DiskDefrag (Version: 4.3.1.0)
avast! Free Antivirus (Version: 9.0.2013)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.6699)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.3.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1)
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon Personal Printing Guide (Version: 1.1.1.3)
Canon PowerShot SX130 IS Camera User Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0315.958.16016)
Catalyst Control Center Graphics Previews Common (Version: 2011.0315.958.16016)
Catalyst Control Center InstallProxy (Version: 2011.0315.958.16016)
Catalyst Control Center Localization All (Version: 2011.0315.958.16016)
Catalyst Control Center Profiles Mobile (Version: 2011.0315.958.16016)
CCC Help Chinese Standard (Version: 2011.0315.0957.16016)
CCC Help Chinese Traditional (Version: 2011.0315.0957.16016)
CCC Help Czech (Version: 2011.0315.0957.16016)
CCC Help Danish (Version: 2011.0315.0957.16016)
CCC Help Dutch (Version: 2011.0315.0957.16016)
CCC Help English (Version: 2011.0315.0957.16016)
CCC Help Finnish (Version: 2011.0315.0957.16016)
CCC Help French (Version: 2011.0315.0957.16016)
CCC Help German (Version: 2011.0315.0957.16016)
CCC Help Greek (Version: 2011.0315.0957.16016)
CCC Help Hungarian (Version: 2011.0315.0957.16016)
CCC Help Italian (Version: 2011.0315.0957.16016)
CCC Help Japanese (Version: 2011.0315.0957.16016)
CCC Help Korean (Version: 2011.0315.0957.16016)
CCC Help Norwegian (Version: 2011.0315.0957.16016)
CCC Help Polish (Version: 2011.0315.0957.16016)
CCC Help Portuguese (Version: 2011.0315.0957.16016)
CCC Help Russian (Version: 2011.0315.0957.16016)
CCC Help Spanish (Version: 2011.0315.0957.16016)
CCC Help Swedish (Version: 2011.0315.0957.16016)
CCC Help Thai (Version: 2011.0315.0957.16016)
CCC Help Turkish (Version: 2011.0315.0957.16016)
ccc-utility64 (Version: 2011.0315.958.16016)
CCleaner (Version: 4.09)
Chuzzle Deluxe (Version: 2.2.0.95)
Content Manager (Version: 2.70)
Coupon Printer for Windows (Version: 5.0.0.4)
CyberLink YouCam (Version: 3.5.1.3908)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
ESET Online Scanner v3
ESU for Microsoft Windows 7 (Version: 1.0.0)
Evernote v. 4.2.2 (Version: 4.2.2.3979)
Farm Frenzy (Version: 2.2.0.95)
FATE - The Traitor Soul (Version: 2.2.0.95)
Google Update Helper (Version: 1.3.22.5)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.9.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (Version: 4.0.45.1)
HP CoolSense (Version: 2.20.11)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Deskjet 3050A J611 series Basic Device Software (Version: 23.0.504.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 23.0.504.0)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.2.4)
HP MovieStore (Version: 1.0.047)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.3.5)
HP Photo Creations (Version: 1.0.0.5192)
HP Power Manager (Version: 1.4.4)
HP Product Detection (Version: 11.15.0009)
HP Quick Launch (Version: 2.5.2)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13231.3673)
HP Software Framework (Version: 4.1.13.1)
HP Support Assistant (Version: 7.4.45.4)
HP Update (Version: 5.002.007.004)
HPDiagnosticCoreDll (Version: 1.0.15.0)
IDT Audio (Version: 1.0.6345.0)
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Display Audio Driver (Version: 6.14.00.3074)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® PRO/Wireless Driver (Version: 16.01.1000.0494)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.30.0)
Intel® PROSet/Wireless Software (Version: 16.1.1)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.1000.0235)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.0000)
Junk Mail filter update (Version: 15.4.3502.0922)
Kits Configuration Installer (Version: 8.59.25584)
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Plus-HD-7.7 (Version: 1.34.1.29)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
PX Profile Update (Version: 1.00.1.)
Rapport (Version: 3.5.1304.46)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.83)
Recovery Manager (Version: 2.0.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.19.0)
RoxioNow Player (Version: 1.9.5.103)
SavingsBull (Version: 1.0.0.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.3 (Version: 6.3.107)
SlimDrivers (Version: 2.2.32705)
Slingo Supreme (Version: 2.2.0.95)
SpeedFan (remove only)
swMSM (Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.29.0)
System Requirements Lab for Intel (Version: 4.5.15.0)
Trusteer Endpoint Protection (Version: 3.5.1304.46)
Tweaking.com - Windows Repair (All in One) (Version: 2.1.0)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Validity WBF DDK (Version: 4.3.205.0)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
WhoCrashed 5.00
WildTangent Games App (HP Games) (Version: 4.0.5.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Software Development Kit (Version: 8.59.29750)
Windows Software Development Kit EULA (Version: 8.59.25584)
WPT Redistributables (Version: 8.59.29750)
WPTx64 (Version: 8.59.29722)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

Name: Validity Sensors (WBF) (PID=0018)
Description: Validity Sensors (WBF) (PID=0018)
Class Guid: {24619924-aa9e-486f-99f9-847a5986b6be}
Manufacturer: Validity Sensors, Inc.
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8139.86 MB
Available physical RAM: 5769.63 MB
Total Pagefile: 16277.91 MB
Available Pagefile: 13692.22 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:683.98 GB) (Free:457.22 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.36 GB) (Free:0.29 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

========================= Users: ========================================

User accounts for \\HP

Administrator greg & jacki Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

#50
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK go to control panel programs and features
Select Avast
On the left select change and press continue


Deselect the tick from browser protection
And press continue
Once done reboot and try the browser again for connectivity and speed

  • 0

#51
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
got home from work and the wife touched the space bar and poof....blue screen, I copy/paste the who crashed analysis below

System Information (local)
--------------------------------------------------------------------------------

computer name: HP
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
Hardware: HP Pavilion dv7 Notebook PC, Hewlett-Packard, 1659
CPU: GenuineIntel Intel® Core™ i5-2410M CPU @ 2.30GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 8535261184 total
VM: 2147352576, free: 1922269184




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Tue 02/25/14 12:04:12 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\022414-39780-01.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x2CAD1)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF880048D7AD1, 0xFFFFF8801E7D87B0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software SYSTEM_SERVICE_EXCEPTION



On Tue 02/25/14 12:04:12 AM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x2CAD1)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF880048D7AD1, 0xFFFFF8801E7D87B0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software SYSTEM_SERVICE_EXCEPTION




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

2 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

aswsnx.sys (avast! Virtualization Driver, AVAST Software)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

this morning i tried to log onto the web with IE, no luck, after about 6 minutes i cancelled and tried firefox, which logged on but very slowly, it took me 9 minutes to get logged onto this site and post this edit to yesterdays response

Edited by gregahoffman, 25 February 2014 - 07:03 AM.

  • 0

#52
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it looks as though for some reason your system does not like Avast. There have been a few instances of this but the developers have, as yet, been unable to find a cause

There are other free options around

AVG
Zone Alarm
Avira

Have a look at them and decide which will fit your requirements

Download the setup file to your desktop
Download Avast Uninstall Utility to your Desktop.
Uninstall Avast from the control panel
After the reboot run the Avastclear tool
Then install your new AV and let me know how that goes
  • 0

#53
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
essexboy, i can not get IE to work at all, i even tried the repair with tweaking windows. for no reason, i ran MBAM and had 52 PUP's, i removed them and ran avast with no infection found. i am now using firefox which i hate and keep getting all kinds of weird pop ups. i'll attach the MBAM log

Attached Files


  • 0

#54
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lots of adware there, I wonder where that came from

Lets have a look and remove it all

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#55
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
here is the adwcleaner log, and i am getting slammed with pop ups

# AdwCleaner v3.019 - Report created 25/02/2014 at 08:56:15
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : greg & jacki - HP
# Running from : C:\Users\greg & jacki\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Level Quality Watcher

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072280}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072280}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076680}
Key Deleted : HKCU\Software\installedbrowserextensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "14469180676d4846820543e81b489af6");

-\\ Google Chrome v

[ File : C:\Users\greg & jacki\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1261 octets] - [04/10/2013 17:52:28]
AdwCleaner[R1].txt - [1389 octets] - [12/12/2013 16:39:00]
AdwCleaner[R2].txt - [1154 octets] - [12/12/2013 16:56:32]
AdwCleaner[R3].txt - [1274 octets] - [17/12/2013 19:58:59]
AdwCleaner[R4].txt - [1395 octets] - [20/12/2013 12:18:23]
AdwCleaner[R5].txt - [3078 octets] - [24/12/2013 08:26:01]
AdwCleaner[R6].txt - [1627 octets] - [30/01/2014 09:06:52]
AdwCleaner[R7].txt - [2430 octets] - [25/02/2014 08:55:16]
AdwCleaner[S0].txt - [1289 octets] - [04/10/2013 17:53:08]
AdwCleaner[S1].txt - [1460 octets] - [12/12/2013 16:39:51]
AdwCleaner[S2].txt - [1216 octets] - [12/12/2013 16:57:24]
AdwCleaner[S3].txt - [1336 octets] - [17/12/2013 19:59:43]
AdwCleaner[S4].txt - [1456 octets] - [20/12/2013 12:19:12]
AdwCleaner[S5].txt - [3140 octets] - [24/12/2013 08:26:41]
AdwCleaner[S6].txt - [1688 octets] - [30/01/2014 09:07:35]
AdwCleaner[S7].txt - [2301 octets] - [25/02/2014 08:56:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2361 octets] ##########
  • 0

Advertisements


#56
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you have run OTL and we have cleaned it I will give you a programme which should stop most of that stuff being installed
  • 0

#57
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
here is the OTL.TXT file, i cannot find the extras file

OTL logfile created on: 02/25/14 9:56:17 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\greg & jacki\Desktop\Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

7.95 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 59.73% Memory free
15.90 Gb Paging File | 13.00 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.98 Gb Total Space | 454.45 Gb Free Space | 66.44% Space Free | Partition Type: NTFS
Drive D: | 14.36 Gb Total Space | 0.29 Gb Free Space | 2.03% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: greg & jacki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/12 09:00:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\greg & jacki\Desktop\Tools\OTL.exe
PRC - [2014/01/22 20:37:14 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/01/22 20:37:14 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/01 18:08:01 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/19 17:07:36 | 001,344,312 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/08 13:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/04/23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/14 14:19:41 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/14 14:19:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/12 08:00:59 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 08:00:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 08:00:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 08:00:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 08:00:17 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 08:00:14 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 07:59:53 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 07:59:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 07:59:43 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/04 06:14:49 | 001,125,592 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/07/17 10:51:24 | 003,377,904 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/07/17 10:50:38 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/07/17 10:50:08 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/07/17 10:49:16 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/07 18:14:05 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/12/07 18:14:04 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/10/01 01:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/30 20:22:58 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/01/30 20:17:08 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/25 08:48:22 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/25 07:09:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/22 20:37:14 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/19 05:01:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\greg & jacki\AppData\Local\Temp\7zS6589\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2013/04/19 14:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/07 18:26:33 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/25 09:06:47 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/01/22 20:37:26 | 000,316,312 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/11/25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/01 18:08:02 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2013/11/01 18:08:02 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/05/29 05:10:52 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/12/07 18:26:33 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/12/07 18:14:05 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 03:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/01 00:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/09 11:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 19:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 18:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/18 12:16:12 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/01/18 12:16:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/01/18 12:16:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/01/22 20:37:26 | 000,397,848 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/01/22 20:37:26 | 000,282,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/11/21 16:56:45 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\..\SearchScopes\{56871108-D3EF-4A6B-ADA9-5BC46D955DDF}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledAddons: 29abb661-0efc-4f64-8a89-b11430d434c4%409678608e-dc95-42b0-8db0-4ce126239776.com:0.93.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/11/15 15:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Extensions
[2013/07/17 15:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\extensions
[2014/02/24 21:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions
[2014/02/19 14:48:54 | 000,000,000 | ---D | M] ("Plus-HD-7.7") -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions\[email protected]126239776.com
[2014/02/24 21:49:56 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions\[email protected]
[2014/02/25 06:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions\[email protected]126239776.com\extensionData
[2014/02/25 06:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions\[email protected]126239776.com\extensionData\plugins
[2014/02/25 06:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions\[email protected]126239776.com\extensionData\userCode
[2014/02/25 08:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/25 08:48:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\greg & jacki\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgimceffoceigocablmjdpebeodphgc\11836.8391.4145_0\crossrider
CHR - Extension: No name found = C:\Users\greg & jacki\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgimceffoceigocablmjdpebeodphgc\11836.8391.4145_0\

O1 HOSTS File: ([2013/11/26 08:23:38 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Plus-HD-7.7) - {11111111-1111-1111-1111-110511071180} - C:\Program Files (x86)\Plus-HD-7.7\Plus-HD-7.7-bho64.dll File not found
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51A4B124-AFFA-46FD-B89F-CD561F6C9224}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BFE5F03-AFD3-482A-8B09-6BCCE730FC90}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9FFE1F0-DE37-46F9-BA8B-8666F94DF800}: DhcpNameServer = 150.100.2.6
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/25 09:18:02 | 000,000,000 | ---D | C] -- C:\Users\greg & jacki\AppData\Roaming\AVG2014
[2014/02/25 09:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/02/25 09:17:01 | 000,000,000 | ---D | C] -- C:\Users\greg & jacki\AppData\Roaming\TuneUp Software
[2014/02/25 09:16:45 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/02/25 09:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/02/25 09:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/02/25 09:08:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/02/25 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\greg & jacki\AppData\Local\MFAData
[2014/02/25 09:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/02/25 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\greg & jacki\AppData\Local\Avg2014
[2014/02/25 08:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/24 08:26:14 | 000,000,000 | ---D | C] -- C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014/02/19 14:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2014/02/19 14:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2014/02/19 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsbullFilter
[2014/02/19 14:47:55 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/19 12:03:05 | 000,000,000 | ---D | C] -- C:\perflogs
[2014/02/14 19:03:13 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/02/12 07:42:25 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 07:41:40 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 07:41:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 07:41:39 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 07:41:39 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 07:41:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 07:41:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 07:41:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 07:41:37 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 07:41:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 07:41:36 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 07:41:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 07:41:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 07:41:36 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 07:41:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 07:41:36 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 07:41:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 07:41:35 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 07:41:34 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 07:41:34 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 07:41:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 07:41:32 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 07:41:31 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 07:41:28 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 06:46:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 06:46:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 06:45:56 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 06:45:56 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 06:45:56 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 06:45:56 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 06:45:56 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 06:45:55 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 06:45:55 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 06:45:55 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 06:45:55 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 06:45:54 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 06:45:54 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 06:45:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 06:45:54 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 06:45:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 06:45:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 06:45:52 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 06:45:52 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 06:45:45 | 006,573,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/12 06:45:45 | 005,693,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/12 06:45:41 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 06:45:41 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/01/30 11:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magellan Content Manager
[2014/01/30 11:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Content Manager
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/25 10:01:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2014/02/25 09:54:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/25 09:50:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/25 09:40:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/25 09:17:02 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/02/25 09:14:10 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 09:14:10 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 09:06:52 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014/02/25 09:06:47 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/02/25 09:06:43 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/25 09:06:15 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/25 09:05:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014/02/25 09:02:33 | 000,001,207 | ---- | M] () -- C:\Users\greg & jacki\Desktop\avastclear.exe - Shortcut.lnk
[2014/02/25 08:51:13 | 000,001,723 | ---- | M] () -- C:\Users\greg & jacki\Desktop\avg_avct_stb_all_2014_4259_cm10.exe - Shortcut.lnk
[2014/02/25 08:04:25 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/25 08:04:25 | 000,662,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/25 08:04:25 | 000,122,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/25 08:04:04 | 000,000,288 | ---- | M] () -- C:\Users\greg & jacki\AppData\Roaming\.backup.dm
[2014/02/25 07:43:03 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/25 07:09:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/25 07:09:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/25 06:47:12 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForgreg & jacki.job
[2014/02/24 20:01:29 | 000,417,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/24 20:01:00 | 738,178,794 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/02/19 14:52:31 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/02/17 16:20:29 | 000,000,200 | ---- | M] () -- C:\Users\greg & jacki\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More (2).url
[2014/02/12 07:45:46 | 000,774,052 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/11 12:04:51 | 000,006,144 | ---- | M] () -- C:\Users\greg & jacki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/06 05:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 05:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 05:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 04:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 04:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 04:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 04:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 04:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 04:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 04:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 04:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 04:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 03:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 03:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 03:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 03:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 03:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 03:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 03:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 03:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 02:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 02:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/01/30 11:16:20 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Content Manager.lnk
[2014/01/29 17:26:35 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/25 09:17:02 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/02/25 09:02:33 | 000,001,207 | ---- | C] () -- C:\Users\greg & jacki\Desktop\avastclear.exe - Shortcut.lnk
[2014/02/25 08:51:13 | 000,001,723 | ---- | C] () -- C:\Users\greg & jacki\Desktop\avg_avct_stb_all_2014_4259_cm10.exe - Shortcut.lnk
[2014/02/25 08:04:04 | 000,000,288 | ---- | C] () -- C:\Users\greg & jacki\AppData\Roaming\.backup.dm
[2014/02/24 20:01:02 | 000,417,072 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/24 20:01:00 | 738,178,794 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/02/19 14:52:30 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/02/11 12:04:50 | 000,006,144 | ---- | C] () -- C:\Users\greg & jacki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/06 07:09:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/30 11:16:20 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Content Manager.lnk
[2014/01/11 15:42:34 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2014/01/09 11:24:35 | 000,774,052 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/26 08:19:20 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/10 15:17:05 | 000,000,095 | ---- | C] () -- C:\ProgramData\SAH_Install.ini
[2013/03/17 04:28:05 | 000,000,017 | ---- | C] () -- C:\Users\greg & jacki\AppData\Local\resmon.resmoncfg
[2012/11/25 21:01:33 | 000,017,408 | ---- | C] () -- C:\Users\greg & jacki\AppData\Local\WebpageIcons.db
[2012/11/25 19:39:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:09 | 014,176,256 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:56:00 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/17 16:44:59 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\Auslogics
[2014/02/25 09:05:31 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\AVAST Software
[2014/02/25 09:18:02 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\AVG2014
[2012/11/25 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\Blio
[2013/11/13 06:51:10 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\Dropbox
[2013/03/18 18:15:06 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\GlarySoft
[2013/03/12 18:25:20 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\IDT
[2013/03/30 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\KoshyJohn.com
[2013/08/10 15:17:03 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\ShopAtHome
[2012/11/25 19:05:13 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\Synaptics
[2014/02/25 09:17:01 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\TuneUp Software
[2013/03/17 18:18:09 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:23:48 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013/10/11 20:23:22 | 000,706,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012/10/18 14:33:06 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2012/10/18 14:29:01 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2012/10/18 13:35:04 | 000,256,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/18 14:31:54 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/10/31 22:33:48 | 000,559,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012/10/18 14:33:06 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012/10/18 14:34:06 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/10/18 14:32:53 | 000,223,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012/10/18 14:29:11 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< c:\program files (x86)\Google\Desktop >
[2009/07/13 23:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/11/25 19:42:11 | 000,000,270 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Messager.job
[2012/11/27 17:49:32 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/27 17:49:33 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/07/10 05:48:28 | 000,028,948 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/11/13 10:03:18 | 000,000,360 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForgreg & jacki.job
[2014/01/13 08:57:11 | 000,000,424 | ---- | C] () -- C:\Windows\Tasks\SlimDrivers Startup.job
[2014/02/06 07:09:06 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 2090-E7D5
Directory of C:\
07/13/09 11:08 PM <JUNCTION> Documents and Settings [D:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/09 11:08 PM <JUNCTION> Application Data [D:\ProgramData]
07/13/09 11:08 PM <JUNCTION> Desktop [D:\Users\Public\Desktop]
07/13/09 11:08 PM <JUNCTION> Documents [D:\Users\Public\Documents]
07/13/09 11:08 PM <JUNCTION> Favorites [D:\Users\Public\Favorites]
07/13/09 11:08 PM <JUNCTION> Start Menu [D:\ProgramData\Microsoft\Windows\Start Menu]
07/13/09 11:08 PM <JUNCTION> Templates [D:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/09 11:08 PM <SYMLINKD> All Users [D:\ProgramData]
07/13/09 11:08 PM <JUNCTION> Default User [D:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/09 11:08 PM <JUNCTION> Application Data [D:\Users\Default\AppData\Roaming]
07/13/09 11:08 PM <JUNCTION> Cookies [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/09 11:08 PM <JUNCTION> Local Settings [D:\Users\Default\AppData\Local]
07/13/09 11:08 PM <JUNCTION> My Documents [D:\Users\Default\Documents]
07/13/09 11:08 PM <JUNCTION> NetHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/09 11:08 PM <JUNCTION> PrintHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/09 11:08 PM <JUNCTION> Recent [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/09 11:08 PM <JUNCTION> SendTo [D:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/09 11:08 PM <JUNCTION> Start Menu [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/09 11:08 PM <JUNCTION> Templates [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/09 11:08 PM <JUNCTION> Application Data [D:\Users\Default\AppData\Local]
07/13/09 11:08 PM <JUNCTION> History [D:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/09 11:08 PM <JUNCTION> Temporary Internet Files [D:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/09 11:08 PM <JUNCTION> My Music [D:\Users\Default\Music]
07/13/09 11:08 PM <JUNCTION> My Pictures [D:\Users\Default\Pictures]
07/13/09 11:08 PM <JUNCTION> My Videos [D:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\greg & jacki
11/25/12 07:00 PM <JUNCTION> Application Data [C:\Users\greg & jacki\AppData\Roaming]
11/25/12 07:00 PM <JUNCTION> Cookies [C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\Cookies]
11/25/12 07:00 PM <JUNCTION> Local Settings [C:\Users\greg & jacki\AppData\Local]
11/25/12 07:00 PM <JUNCTION> My Documents [C:\Users\greg & jacki\Documents]
11/25/12 07:00 PM <JUNCTION> NetHood [C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/25/12 07:00 PM <JUNCTION> PrintHood [C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/25/12 07:00 PM <JUNCTION> Recent [C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\Recent]
11/25/12 07:00 PM <JUNCTION> SendTo [C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\SendTo]
11/25/12 07:00 PM <JUNCTION> Start Menu [C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\Start Menu]
11/25/12 07:00 PM <JUNCTION> Templates [C:\Users\greg & jacki\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\greg & jacki\AppData\Local
11/25/12 07:00 PM <JUNCTION> Application Data [C:\Users\greg & jacki\AppData\Local]
11/25/12 07:00 PM <JUNCTION> History [C:\Users\greg & jacki\AppData\Local\Microsoft\Windows\History]
11/25/12 07:00 PM <JUNCTION> Temporary Internet Files [C:\Users\greg & jacki\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\greg & jacki\Documents
11/25/12 07:00 PM <JUNCTION> My Music [C:\Users\greg & jacki\Music]
11/25/12 07:00 PM <JUNCTION> My Pictures [C:\Users\greg & jacki\Pictures]
11/25/12 07:00 PM <JUNCTION> My Videos [C:\Users\greg & jacki\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/09 11:08 PM <JUNCTION> My Music [D:\Users\Public\Music]
07/13/09 11:08 PM <JUNCTION> My Pictures [D:\Users\Public\Pictures]
07/13/09 11:08 PM <JUNCTION> My Videos [D:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
44 Dir(s) 489,683,279,872 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2012/10/18 14:33:06 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=F3EF088F45BE326B4EDAC8C1C5A35105 -- C:\Windows\SysNative\rpcss.dll
[2012/10/18 14:33:06 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=F3EF088F45BE326B4EDAC8C1C5A35105 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.22137_none_c867bef66daad40c\rpcss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >
  • 0

#58
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this will clear the rest... How is the computer performing with regards to speed ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
[2014/02/19 14:48:54 | 000,000,000 | ---D | M] ("Plus-HD-7.7") -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions\[email protected]126239776.com
[2014/02/24 21:49:56 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\greg & jacki\AppData\Roaming\Mozilla\Firefox\Profiles\ud7i34cd.default\extensions\[email protected]
O2:64bit: - BHO: (Plus-HD-7.7) - {11111111-1111-1111-1111-110511071180} - C:\Program Files (x86)\Plus-HD-7.7\Plus-HD-7.7-bho64.dll File not found
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
[2014/02/19 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsbullFilter
[2013/03/30 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\KoshyJohn.com
[2013/08/10 15:17:03 | 000,000,000 | ---D | M] -- C:\Users\greg & jacki\AppData\Roaming\ShopAtHome

:Files
c:\Users\greg & jacki\AppData\Local\Google\Chrome
C:\Program Files (x86)\Plus-HD-7.7

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Additional tool

This is a new programme which automatically unticks the majority of the unwanted bumf that you get when you download free programmes. I snaffled the instructions from one of the students :)

A small tool that may help when you download programmes

http://unchecky.com/

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder


Right click on the Unchecky_setupPosted Image or folder and choose to Run as Administrator

Once open click the Install button.

Posted Image

Then click on Finish

Posted Image

Unchecky is now installed and will help you keep unwanted check boxes unchecked ;)
  • 0

#59
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
trying to do the fix it locked up and gave me a blue screen. I then restarted in safe mode and otl again locked up. I restarted the machine and this is the text that came up once the machine started. I don't think the fix fully completed


Files\Folders moved on Reboot...
C:\Users\greg & jacki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\greg & jacki\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

and here is the who crashed analysis, looks like the last one is from an earlier time before I uninstalled avast

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Tue 02/25/14 4:36:55 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\022514-35771-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x74540)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800031CA8DE, 0xFFFFF880040475C0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 02/25/14 4:36:55 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: win32k.sys (win32k!W32pArgumentTable+0x7753A)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800031CA8DE, 0xFFFFF880040475C0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Tue 02/25/14 12:04:12 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\022414-39780-01.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x2CAD1)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF880048D7AD1, 0xFFFFF8801E7D87B0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys .
Google query: aswsnx.sys SYSTEM_SERVICE_EXCEPTION

Edited by gregahoffman, 25 February 2014 - 10:59 AM.

  • 0

#60
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have the popups ceased now, and how is the computer behaving ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP