[DonnaB]

Same response with both commands

[Advertisements]

Ooops! For shame!! Think I got it! I didn't configure the settings correctly in Rufus as displayed in the image on the page where I found those instructions I linked you to on how to create the bootable USB. I'm at the desktop now. Need to contact my friend to get her password. I'll keep you informed.

Thank you for your continued guidance.

Back in due time......

[DonnaB]

Ooops! For shame!! Think I got it! I didn't configure the settings correctly in Rufus as displayed in the image on the page where I found those instructions I linked you to on how to create the bootable USB. I'm at the desktop now. Need to contact my friend to get her password. I'll keep you informed.

Thank you for your continued guidance.

Back in due time......

[Essexboy]

You are actually in ?  Was it chkdsk that fixed it ?

[DonnaB]

Yeah! I'm in using the USB. It's functioning as if I am not using the USB. Found cmd.exe, entered chkdsk C: /r, rebooted into USB and right off the bat it went into chkdsk and completed 100% in seconds flat. I didn't see any stages that it went through.

Where would I find a log for chkdsk??

Going to remove the USB and see what happens.

[Essexboy]

Sleepydude made a little programme

Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• A message about checking Windows Event Log will pop-up. Click OK.
• Wait patiently until a notepad window will open. This won't take long.
• The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.

Please include the content of this file in your next reply.

[DonnaB]

Egads! Duh!! I knew that.

Can't express in words how much I love that program.

[SleepyDude]

Hi Donna,

 

Yeah! I'm in using the USB. It's functioning as if I am not using the USB. Found cmd.exe, entered chkdsk C: /r, rebooted into USB and right off the bat it went into chkdsk and completed 100% in seconds flat. I didn't see any stages that it went through.

Where would I find a log for chkdsk??

Going to remove the USB and see what happens.

 

Did you check what is on the C: drive? I'm suspecting you could have created a boot flash drive with freedos, that will not work for what you need,..

[DonnaB]

Wow! It's as if chkdsk didn't even run. No events documented.

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 7/13/2014 9:24:51 AM >------
No Events found for Winlogon, Chkdsk or Wininit!

@Sleepydude,

What would I be looking for on the C: drive? I see nothing. The laptop is booting normally now though once I open Chrome all "bleep" breaks lose. Ads pop up everywhere, tabs open when I click on links in other tabs. Conduit search has taken over, etc. etc. Having a hard time getting to where I need to go to download programs. I am not W8 user friendly, at all, anmd I am having a hard time finding my way around the OS. This thing is a real mess. I'll need to check for infections.

[Essexboy]

Use FRST from the recovery console USB .. I will PM the entire canned

[SleepyDude]

Wow! It's as if chkdsk didn't even run. No events documented.

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 7/13/2014 9:24:51 AM >------
No Events found for Winlogon, Chkdsk or Wininit!

@Sleepydude,

What would I be looking for on the C: drive? I see nothing. The laptop is booting normally now though once I open Chrome all "bleep" breaks lose. Ads pop up everywhere, tabs open when I click on links in other tabs. Conduit search has taken over, etc. etc. Having a hard time getting to where I need to go to download programs. I am not W8 user friendly, at all, anmd I am having a hard time finding my way around the OS. This thing is a real mess. I'll need to check for infections.

 

Donna forget my last post. It seems chkdsk worked because you have it working

 

Not sure if running chkdsk from the RE will record the result to the Windows Event Logs or not, many times I got this error "failed to transfer logged messages to the event log with status 50" on RE.

 

I'm not surprised if my script didn't find any record on the Windows Event log.
 

Edited by SleepyDude, 13 July 2014 - 09:16 AM.
typo

[DonnaB]

You're correct. No log is documented when ran from within the RE. I've used FRST in RE a few times to run chkdsk and sfc via the cmd.exe and had to have the OP jot down the info to share with me the results.

Back soon. It's going to take me a bit of time to work on Essexboy's request.

[DonnaB]

I have no idea how I got there, but I finally found myself within the system recovery. Here is the log.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by SYSTEM on MININT-SMU9CTF on 13-07-2014 12:27:37
Running from E:\
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GamingWonderland Home Page Guard 64 bit] => "C:\PROGRA~2\GAMING~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-07-08] (Hewlett-Packard)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-06] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-24] (Microsoft Corporation)
S2 LMIRescue_d241719e-d1fb-42f7-aaf9-4db5c97ee885; "C:\Users\EVELYN~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe" -service -sid d241719e-d1fb-42f7-aaf9-4db5c97ee885 [X]

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-02-01] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 12:27 - 2014-07-13 12:27 - 00000000 ____D () C:\FRST
2014-07-13 08:31 - 2014-07-13 08:31 - 00000000 ____H () C:\Users\Evelyn Sass\BIT7B95.tmp
2014-07-13 07:12 - 2014-07-13 07:12 - 00006500 _____ () C:\Users\Evelyn Sass\Desktop\AdwCleaner[R1].txt
2014-07-13 07:11 - 2010-08-30 05:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-13 07:07 - 2014-07-13 07:08 - 01348263 _____ () C:\Users\Evelyn Sass\Downloads\adwcleaner_3.215.exe
2014-07-13 06:24 - 2014-07-13 06:24 - 00000328 _____ () C:\Users\Evelyn Sass\Desktop\ListChkdskResult.txt
2014-07-13 06:23 - 2014-07-13 06:23 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult (1).exe
2014-07-13 06:22 - 2014-07-13 06:23 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult.exe

==================== One Month Modified Files and Folders =======

2014-07-13 12:27 - 2014-07-13 12:27 - 00000000 ____D () C:\FRST
2014-07-13 09:17 - 2014-03-19 18:29 - 00000370 _____ () C:\Windows\Tasks\HPCeeScheduleForEvelyn Sass.job
2014-07-13 09:17 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 09:04 - 2013-02-10 14:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-13 09:03 - 2013-05-23 14:25 - 00000000 ____D () C:\Users\Evelyn Sass\Documents\Youcam
2014-07-13 09:02 - 2013-05-24 17:39 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 09:01 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru
2014-07-13 08:36 - 2013-05-24 17:39 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 08:31 - 2014-07-13 08:31 - 00000000 ____H () C:\Users\Evelyn Sass\BIT7B95.tmp
2014-07-13 08:31 - 2014-03-19 18:29 - 00003196 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEvelyn Sass
2014-07-13 08:31 - 2013-02-10 13:29 - 00000000 ____D () C:\users\Evelyn Sass
2014-07-13 08:18 - 2012-07-25 23:28 - 00890992 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-13 07:52 - 2013-02-10 13:36 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0DCFC0F3-0165-41C1-855A-0159D69776AE}
2014-07-13 07:12 - 2014-07-13 07:12 - 00006500 _____ () C:\Users\Evelyn Sass\Desktop\AdwCleaner[R1].txt
2014-07-13 07:11 - 2014-02-18 17:42 - 00000000 ____D () C:\AdwCleaner
2014-07-13 07:08 - 2014-07-13 07:07 - 01348263 _____ () C:\Users\Evelyn Sass\Downloads\adwcleaner_3.215.exe
2014-07-13 06:24 - 2014-07-13 06:24 - 00000328 _____ () C:\Users\Evelyn Sass\Desktop\ListChkdskResult.txt
2014-07-13 06:23 - 2014-07-13 06:23 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult (1).exe
2014-07-13 06:23 - 2014-07-13 06:22 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult.exe
2014-07-13 06:05 - 2013-02-12 13:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-13 06:02 - 2013-02-12 13:39 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-13 05:52 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-07-13 05:39 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-07-13 05:34 - 2014-01-14 17:07 - 00001901 _____ () C:\Windows\setupact.log
2014-07-13 05:32 - 2014-01-16 20:22 - 00555560 _____ () C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\Evelyn Sass\AppData\Local\Temp\1392371628_the_wedownload_manager.exe
C:\Users\Evelyn Sass\AppData\Local\Temp\Extract.exe
C:\Users\Evelyn Sass\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Evelyn Sass\AppData\Local\Temp\msvcp110.dll
C:\Users\Evelyn Sass\AppData\Local\Temp\msvcr110.dll
C:\Users\Evelyn Sass\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Evelyn Sass\AppData\Local\Temp\SP63599.exe
C:\Users\Evelyn Sass\AppData\Local\Temp\sp64126.exe
C:\Users\Evelyn Sass\AppData\Local\Temp\SP65795.exe
C:\Users\Evelyn Sass\AppData\Local\Temp\sqlite3.dll
C:\Users\Evelyn Sass\AppData\Local\Temp\UninstallHPSA.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-06-15 00:05:09
Restore point made on: 2014-07-13 07:19:07

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 1634.27 MB
Available physical RAM: 1080.06 MB
Total Pagefile: 1634.27 MB
Available Pagefile: 1088.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive a: (WINRE) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS
Drive c: () (Fixed) (Total:273.93 GB) (Free:242.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Repair disc Windows Developer Pr) (Removable) (Total:7.45 GB) (Free:7.2 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C2C9F703)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 010F82CB)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)


LastRegBack: 2014-07-13 06:39

==================== End Of Log ============================

[Essexboy]

That log does not look to bad Donna, did you manage to run AdwCleaner in normal mode ?

Download the attached fixlist.txt to the same USB location as FRST
[attachment=71599:fixlist.txt]
Run FRST as before and press Fix
A log will be generated on the USB
Could you post that and the run FRST from normal windows (include the additions check)

[DonnaB]

Sorry for the delay. Had to research Airplane Mode, how to turn it off and turn in the Wi-Fi thingy. I have very little control here. For no reason the thinker orb will spin as if something is running and takes forever to stop. Real pain. Ms. Evelyn had me clean all the adware back at the beginning of the year and it was nothing like this. I even have specific words that are double underlined in previous posts above.

I was unable to get the fix to work from the RE. All the log consisted of was ==== End of Fixlog ====, so I had to run it in normal mode. The FRST.txt and Additions.txt that you requested be run in normal mode is posted below as well.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014

Ran by Evelyn Sass at 2014-07-13 15:20:54 Run:4
Running from C:\Users\Evelyn Sass\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
2014-07-13 08:31 - 2014-07-13 08:31 - 00000000 ____H () C:\Users\Evelyn Sass\BIT7B95.tmp
C:\PROGRA~2\GAMING~2
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

*****************

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"C:\Users\Evelyn Sass\BIT7B95.tmp" => File/Directory not found.
"C:\PROGRA~2\GAMING~2" => File/Directory not found.

=========  DEL %TEMP%\*.* /F /S /Q =========

Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\1392371628_the_wedownload_manager.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\au-descriptor-1.7.0_51-b13.xml
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\au-descriptor-1.7.0_55-b14.xml
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\au-descriptor-1.7.0_60-b19.xml
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\avg-8f40f541-00b8-4557-af0b-ef6527492957.tmp.html
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Extract.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HP ActiveCheck Local Mode.msi
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPSAActionItems.xml
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPSA_Install_918157562.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPSA_Uninstall.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPSFdetectEXE.cab
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPSFfixEXE.cab
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPSFUpdaterEXE.cab
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPWarrantyChecker_updateCode.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\inet.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\JavaDeployReg.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\java_install_sp.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\jinstall.cfg
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\jusched.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\LICENSE.TXT
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Microsoft.VC90.CRT.manifest
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\MSIf0f17.LOG
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\MSIf7c1a.LOG
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\msvcp110.dll
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\msvcr110.dll
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nsa1770.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nsh12F1.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nsm6205.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nsm6EB.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nsmF3B9.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nss1CA3.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nss8D1C.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nss972B.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\nsvFA6E.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pc-decrapifier.db3
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pc-decrapifier.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-ar-removed.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-comments.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-desktop.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-feedback.zip
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-found.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-machine.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-reg-run.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-reg-uninstall.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-reg-user-run.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\pcdc-version.txt
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\SP63599.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\sp64126.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\SP65795.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\sqlite3.dll
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\StructuredQuery.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\The weDownload ManagerInstaller_1393114268.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\UninstallHPSA.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\winstore.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\wlsEFE7.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\wlsF380.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\WMIBios.inf
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\~DF005DE546A12C298E.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\~DF4338BD1874C0E433.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\~DF4934EDEB6342FA86.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\~DF5B343094B6DB1DBB.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\~DF68D2D92073739634.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\~DF6927ACE5DAB2F223.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\~DFF0DCF3588A1F95F9.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\3448_16005\crl-set
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\3448_16005\manifest.fingerprint
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\3448_16005\manifest.json
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\3448_32532\ChromeRecovery.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\3448_32532\GoogleUpdateSetup.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\3448_32532\manifest.fingerprint
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\3448_32532\manifest.json
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Ceement\install.cmd
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Ceement\lg.ini
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Ceement\src\setup.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Interop.TaskScheduler.dll
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Resources\Images\HwUpgrades\Upgrade_CPC.png
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat15B8.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat1674.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat1FDC.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat2079.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat41A.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat43C0.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat43DE.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat443D.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat443E.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat444E.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat446E.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat447E.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat44DD.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat44FD.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat48E0.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat491F.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat5EF.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat649B.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat6670.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat67D.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat6F1D.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat6FE9.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat712D.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat72E3.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat861.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat8A23.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat8A2E.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat8A43.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat8C32.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\dat9F50.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datA116.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datB365.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datB3EF.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datB48C.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datB51B.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datCA44.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datCB9B.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datCC77.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datCEAB.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datCF48.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datD75E.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datD962.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datDA27.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datDE65.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datDEF2.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE06B.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE54C.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE553.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE564.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE574.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE594.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE5B5.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE5C5.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE7D3.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE844.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE854.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE865.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datE875.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datEA1C.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datEA99.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datEAC9.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datEADA.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datEB29.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datF166.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datF299.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datF336.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datF998.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datF9E7.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datF9F8.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datFA08.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datFA28.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\datFA49.tmp
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\JavaDeployReg.log
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\{EC23F6C0-639C-40B5-935C-61EDF1DA83FC}.blogthis
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF16B67879B13CDBA4.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF1744648A37741F5A.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF30A409D0193E5D65.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF324CA613E0AB9E66.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF328D5BBC8D4A8EF1.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF3719C747CBA255DB.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF375CBDDA6E2575EE.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF3CA227101531A008.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF3D28C4DB4CD5B06B.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF4065391FFE0A36FB.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF490A8001759CD368.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF4ACB39CECD317842.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF58028E9E16F2FF07.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF59B20B140B29ED5E.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF644F0D79543A1BE9.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF6D25C0D37ABB2405.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF725A07C638B4C84B.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF72E1D4924ED3D367.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF76DAC39668709FC9.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF7F307E331446D684.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF7F32049262BA5A51.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF84E87266C88DAA78.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DF935F1A0CF9341DFF.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFA3FB1C3AA7CE586A.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFAFF48BACB517D86D.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFB000AF899B64E625.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFB43985C33EDE4A61.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFB6D95AE8F8B998BF.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFBAF604CE96D10BC3.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFC228FDCB9AF49897.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFC6E1F95A47065B12.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFCAEF2D2E02FBE4BE.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFCBDB4D897460C00F.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFCD698CB01F665F9B.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFCDE06763FD599013.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFD97FDAFFF3F18003.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFE3AED0807074566B.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFE5C0416E3E15854F.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFEA595F28F301596D.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFF27DA179DBE8A63B.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\Low\~DFF29C8746287FFB78.TMP
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\uninstaller-WTA-64055638-7fff-4896-851e-decb0a43dee9\Uninstaller.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\x64\HPWarrantyIDDll.dll
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\x86\HPWarrantyIDDll.dll
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\{1C766F14-DDEA-4C1E-8F95-7F7C4C18EB98}\ISBEW64.exe
Deleted file - C:\Users\EVELYN~1\AppData\Local\Temp\{C81956B2-2F83-4448-8FF6-8EA3B917B346}\ISBEW64.exe

========= End of CMD: =========

=========  RD /S /Q %TEMP% =========

C:\Users\EVELYN~1\AppData\Local\Temp\~DF4934EDEB6342FA86.TMP - Access is denied.
C:\Users\EVELYN~1\AppData\Local\Temp\~DF5B343094B6DB1DBB.TMP - Access is denied.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog ====



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by Evelyn Sass (administrator) on EVELYN on 13-07-2014 15:28:43
Running from C:\Users\Evelyn Sass\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GamingWonderland Home Page Guard 64 bit] => "C:\PROGRA~2\GAMING~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-07-08] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll No File
BHO: a2zLyrics-16 - {11111111-1111-1111-1111-110411411168} - C:\Program Files (x86)\a2zLyrics-16\a2zLyrics-16-bho64.dll No File
BHO: The weDownload Manager - {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Save Valet - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll No File
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 99.196.99.99 99.197.99.99

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: ArcadeParlor - C:\Users\Evelyn Sass\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-11-13]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6C55A5CC-7AE5-4B8E-84BA-80ACF8E780E4&SSPV=
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6C55A5CC-7AE5-4B8E-84BA-80ACF8E780E4&SSPV="
CHR NewTab: "chrome-extension://amfclgbdpgndipgoegfpkkgobahigbcl/redirect.html"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.condui...rchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (ArcadeParlor) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2013-11-13]
CHR Extension: (YouTube) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-24]
CHR Extension: (Google Search) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-24]
CHR Extension: (a2zLyrics-16) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfocabhmkfcdibnkgogpaclhgblhnemn [2013-10-20]
CHR Extension: (We-Care Reminder) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (couponpeak) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohpblbaekcpbmnmcjpkcdecgpbjgfdbm [2013-12-21]
CHR Extension: (Gmail) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-24]
CHR Extension: (eeAsytosshop) - C:\ProgramData\edocehkojjnboekfgkcpedjmebgcpkpm\ [2013-05-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-06] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 LMIRescue_d241719e-d1fb-42f7-aaf9-4db5c97ee885; "C:\Users\EVELYN~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe" -service -sid d241719e-d1fb-42f7-aaf9-4db5c97ee885 [X]

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-02-01] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-13 15:28 - 2014-07-13 15:29 - 00016311 _____ () C:\Users\Evelyn Sass\Desktop\FRST.txt
2014-07-13 15:27 - 2014-07-13 15:28 - 00000000 ____D () C:\FRST
2014-07-13 15:26 - 2014-07-13 15:26 - 00003196 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEvelyn Sass
2014-07-13 15:26 - 2014-07-13 15:26 - 00000370 _____ () C:\Windows\Tasks\HPCeeScheduleForEvelyn Sass.job
2014-07-13 15:19 - 2014-07-13 10:37 - 02086912 _____ (Farbar) C:\Users\Evelyn Sass\Desktop\FRST64.exe
2014-07-13 10:12 - 2014-07-13 10:12 - 00006500 _____ () C:\Users\Evelyn Sass\Desktop\AdwCleaner[R1].txt
2014-07-13 10:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-13 10:07 - 2014-07-13 10:08 - 01348263 _____ () C:\Users\Evelyn Sass\Downloads\adwcleaner_3.215.exe
2014-07-13 09:24 - 2014-07-13 09:24 - 00000328 _____ () C:\Users\Evelyn Sass\Desktop\ListChkdskResult.txt
2014-07-13 09:23 - 2014-07-13 09:23 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult (1).exe
2014-07-13 09:22 - 2014-07-13 09:23 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult.exe

==================== One Month Modified Files and Folders =======

2014-07-13 17:45 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-13 15:29 - 2014-07-13 15:28 - 00016311 _____ () C:\Users\Evelyn Sass\Desktop\FRST.txt
2014-07-13 15:29 - 2012-07-26 02:28 - 00890992 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 15:28 - 2014-07-13 15:27 - 00000000 ____D () C:\FRST
2014-07-13 15:28 - 2013-02-10 17:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-13 15:26 - 2014-07-13 15:26 - 00003196 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEvelyn Sass
2014-07-13 15:26 - 2014-07-13 15:26 - 00000370 _____ () C:\Windows\Tasks\HPCeeScheduleForEvelyn Sass.job
2014-07-13 15:25 - 2013-05-23 17:25 - 00000000 ____D () C:\Users\Evelyn Sass\Documents\Youcam
2014-07-13 15:25 - 2013-02-10 16:29 - 00000000 ____D () C:\Users\Evelyn Sass
2014-07-13 15:24 - 2013-05-24 20:39 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 15:22 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 15:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-13 14:59 - 2014-01-31 17:02 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-13 11:36 - 2013-05-24 20:39 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 10:52 - 2013-02-10 16:36 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0DCFC0F3-0165-41C1-855A-0159D69776AE}
2014-07-13 10:37 - 2014-07-13 15:19 - 02086912 _____ (Farbar) C:\Users\Evelyn Sass\Desktop\FRST64.exe
2014-07-13 10:12 - 2014-07-13 10:12 - 00006500 _____ () C:\Users\Evelyn Sass\Desktop\AdwCleaner[R1].txt
2014-07-13 10:11 - 2014-02-18 20:42 - 00000000 ____D () C:\AdwCleaner
2014-07-13 10:08 - 2014-07-13 10:07 - 01348263 _____ () C:\Users\Evelyn Sass\Downloads\adwcleaner_3.215.exe
2014-07-13 09:24 - 2014-07-13 09:24 - 00000328 _____ () C:\Users\Evelyn Sass\Desktop\ListChkdskResult.txt
2014-07-13 09:23 - 2014-07-13 09:23 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult (1).exe
2014-07-13 09:23 - 2014-07-13 09:22 - 00197679 _____ () C:\Users\Evelyn Sass\Downloads\ListChkdskResult.exe
2014-07-13 09:05 - 2013-02-12 16:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-13 09:02 - 2013-02-12 16:39 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-13 08:52 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-13 08:39 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-13 08:34 - 2014-01-14 20:07 - 00001901 _____ () C:\Windows\setupact.log
2014-07-13 08:32 - 2014-01-16 23:22 - 00555560 _____ () C:\Windows\PFRO.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-13 09:39

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014

Ran by Evelyn Sass at 2014-07-13 15:31:53
Running from C:\Users\Evelyn Sass\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
couponpeak (HKLM-x32\...\{7C28DF4D-53DB-2913-830C-A43B46EAC005}) (Version:  - couponpaeakk) <==== ATTENTION
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
eeAsytosshop (HKLM-x32\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version:  - eAAsytoshop)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Game Downloader (HKLM-x32\...\Game Downloader) (Version: 3.9 - Dev-Fire)
GamingWonderland Internet Explorer Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.10 - TUGUU SL) <==== ATTENTION
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Program starter 2.0.5 (HKLM-x32\...\Program starter_is1) (Version: 2.0.5 - AB-Tools.com)
PssdTToPPng (HKLM-x32\...\{B68681D0-1A63-CE52-50A1-99E07C95321D}) (Version:  - PsodToPNg)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Software Updater version 1.8.3 (HKLM-x32\...\Software Updater_is1) (Version: 1.8.3 - Air Software) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

15-06-2014 08:04:02 Scheduled Checkpoint
13-07-2014 15:18:09 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 00:26 - 2014-02-22 11:57 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0BDBE0DC-ACFA-44CD-8CBE-6F5DAABAFD8A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {0CBC2594-33FB-493B-9010-FD36769675E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0DE70578-3D27-4199-934A-DAE1DDD0AC2E} - System32\Tasks\HPCeeScheduleForEvelyn Sass => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {145BA0CA-290F-49D5-86B9-4DDC06377983} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C964107-2CB4-4A97-947E-529F41B1725B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3D751F76-5336-4042-82AB-7B75BD0E5139} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {4FC8A68F-2D3F-42E0-9286-36FE62975B9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {540CF7AD-BCA9-419D-BD09-26547DF5CC66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6434E50D-CF53-466B-BD56-12FA4C72BA10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {791A65AD-87DC-4724-8ADB-A9D6EC8688C0} - \SpeedUpMyPC No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8277F4F-1B88-4290-A6A8-447A98B69D1E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {CBF98F44-7647-4AFD-B244-10546A1C713D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-06-06] (Realtek Semiconductor)
Task: {D5F9ED5A-0010-4A1F-A326-4DEE250F5752} - \spmonitor No Task File <==== ATTENTION
Task: {E12AC48E-8E51-45AE-8E7C-23A570447302} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {E215F2D7-3CBB-4190-A86B-739F08F8CAB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {E40B625E-3845-4502-A39A-0C2B2090D40D} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForEvelyn Sass.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 15:09 - 2012-08-06 15:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-12-05 16:00 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 16:00 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 16:01 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 16:01 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 16:00 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 16:01 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_d241719e-d1fb-42f7-aaf9-4db5c97ee885 => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2014 00:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16084

Error: (07/13/2014 00:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16084

Error: (07/13/2014 00:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2014 00:12:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x928
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (07/13/2014 11:23:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15819

Error: (07/13/2014 11:23:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15819

Error: (07/13/2014 11:23:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2014 11:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/13/2014 11:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/13/2014 11:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (07/13/2014 03:22:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Rescue (d241719e-d1fb-42f7-aaf9-4db5c97ee885) service failed to start due to the following error:
%%2

Error: (07/13/2014 03:15:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Rescue (d241719e-d1fb-42f7-aaf9-4db5c97ee885) service failed to start due to the following error:
%%2

Error: (07/13/2014 03:15:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:59:42 PM on ‎7/‎13/‎2014 was unexpected.

Error: (07/13/2014 02:59:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Rescue (d241719e-d1fb-42f7-aaf9-4db5c97ee885) service failed to start due to the following error:
%%2

Error: (07/13/2014 02:59:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:36:21 PM on ‎7/‎13/‎2014 was unexpected.

Error: (07/13/2014 02:36:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Rescue (d241719e-d1fb-42f7-aaf9-4db5c97ee885) service failed to start due to the following error:
%%2

Error: (07/13/2014 02:36:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:34:40 PM on ‎7/‎13/‎2014 was unexpected.

Error: (07/13/2014 02:35:37 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212254851149648

Error: (07/13/2014 02:23:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Rescue (d241719e-d1fb-42f7-aaf9-4db5c97ee885) service failed to start due to the following error:
%%2

Error: (07/13/2014 00:17:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Rescue (d241719e-d1fb-42f7-aaf9-4db5c97ee885) service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (07/13/2014 00:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16084

Error: (07/13/2014 00:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16084

Error: (07/13/2014 00:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2014 00:12:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea1992801cf9ebd9a60a782C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exed8baf454-0ab0-11e4-bec0-8434978f6ced

Error: (07/13/2014 11:23:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15819

Error: (07/13/2014 11:23:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15819

Error: (07/13/2014 11:23:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2014 11:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

Error: (07/13/2014 11:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15631

Error: (07/13/2014 11:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 1634.27 MB
Available physical RAM: 460.79 MB
Total Pagefile: 2210.27 MB
Available Pagefile: 630.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.93 GB) (Free:242.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows Developer Pr) (Removable) (Total:7.45 GB) (Free:7.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C2C9F703)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 010F82CB)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Essexboy]

Donna you will have to manually reset Chrome search and home pages .. But it should behave a little better after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
BHO: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll No File
BHO: a2zLyrics-16 - {11111111-1111-1111-1111-110411411168} - C:\Program Files (x86)\a2zLyrics-16\a2zLyrics-16-bho64.dll No File
BHO: The weDownload Manager - {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll No File
BHO: Save Valet - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll No File
CHR Extension: (a2zLyrics-16) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfocabhmkfcdibnkgogpaclhgblhnemn [2013-10-20]
CHR Extension: (We-Care Reminder) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-07-13]
CHR Extension: (couponpeak) - C:\Users\Evelyn Sass\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohpblbaekcpbmnmcjpkcdecgpbjgfdbm [2013-12-21]
CHR Extension: (eeAsytosshop) - C:\ProgramData\edocehkojjnboekfgkcpedjmebgcpkpm\ [2013-05-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
couponpeak (HKLM-x32\...\{7C28DF4D-53DB-2913-830C-A43B46EAC005}) (Version: - couponpaeakk) <==== ATTENTION
CWA Reminder by We-Care.com v4.1.24.3 (HKLM-x32\...\{0228288D-975E-42F7-9993-E91A82E6BBD9}) (Version: 4.1.24.3 - We-Care.com)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
eeAsytosshop (HKLM-x32\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version: - eAAsytoshop)
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.10 - TUGUU SL) <==== ATTENTION
Software Updater version 1.8.3 (HKLM-x32\...\Software Updater_is1) (Version: 1.8.3 - Air Software) <==== ATTENTION
Task: {791A65AD-87DC-4724-8ADB-A9D6EC8688C0} - \SpeedUpMyPC No Task File <==== ATTENTION
Task: {D5F9ED5A-0010-4A1F-A326-4DEE250F5752} - \spmonitor No Task File <==== ATTENTION
Task: {E40B625E-3845-4502-A39A-0C2B2090D40D} - \BonanzaDealsUpdate No Task File <==== ATTENTION
S2 LMIRescue_d241719e-d1fb-42f7-aaf9-4db5c97ee885; "C:\Users\EVELYN~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe" -service -sid d241719e-d1fb-42f7-aaf9-4db5c97ee885 [X]
C:\Program Files (x86)\Plus-HD-1.3
C:\Program Files (x86)\a2zLyrics-16
C:\Program Files (x86)\The weDownload Manager

CMD: ipconfig /release
CMD: netsh int ip reset
CMD: ipconfig /renew
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.