Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer crashes when not in Safe Mode [Closed]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK so what stage are we at currently

Are you still in clean boot mode ?

If so how is the computer behaving, have you noticed the lack of any programmes that were disabled ?
  • 0

Advertisements


#17
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Good Afternoon! I have to admit that I am not the best a screenshots but I did my best. I did try to post the screen shots but go this - 

An error occurred

You are not allowed to use that image extension on this community.

 

 

I have been in regular boot mode for about an hour with no crashes but my husband said it did crash on him in safe mode with networking.


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now have a fresh look to see if there is anything that can be changed

Download a fresh copy of FRST as it has been updated

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#19
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here is the new log.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Mom (administrator) on MOM-PC on 12-11-2014 14:55:19
Running from c:\Users\Mom\Downloads
Loaded Profile: Mom (Available profiles: Mom)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Mom\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-08] (AVAST Software)
HKLM\...\RunOnce: [PCDrProfiler] => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [102912 2008-09-09] (PC-Doctor, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\MountPoints2: {79f51818-c539-11dd-9c1a-002354132958} - L:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKLM-x32 - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.casualg...q={searchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.casualg...q={searchTerms}
SearchScopes: HKCU - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {6C9D2F79-E1FB-428C-8FBC-68FC01C533DD} URL = http://search.freeca...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll (Qualys, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3385600622-3777350188-503640899-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/armhelper.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default
FF Homepage: hxxp://www.aol.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pack.google.com/Google Updater;version=13 -> C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3385600622-3777350188-503640899-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: SlingHealth - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2010-12-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-25]
FF Extension: Qualys BrowserCheck - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-09-13]
FF Extension: Test Pilot - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2011-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-08]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-07-24]
CHR Extension: (avast! WebRep) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2011-07-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-08] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-26] (WildTangent)
S2 gupdate1c99932c93e7d83; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-07-21] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
S4 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [151552 2009-03-30] (Livescribe) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [295424 2011-04-08] (Puran Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-08] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [24576 2009-07-22] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 12:44 - 2014-11-08 22:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-11 19:39 - 2014-11-11 19:39 - 00000322 _____ () C:\Users\Mom\Downloads\fixlist.txt
2014-11-10 20:14 - 2014-11-10 20:14 - 02116096 _____ (Farbar) C:\Users\Mom\Downloads\FRST64(2).exe
2014-11-10 20:06 - 2014-11-10 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 17:52 - 2014-11-09 17:53 - 02116096 _____ (Farbar) C:\Users\Mom\Downloads\FRST64(1).exe
2014-11-08 22:35 - 2014-11-08 22:35 - 00003246 _____ () C:\Users\Mom\Desktop\malwarebytes.txt
2014-11-08 22:17 - 2014-11-12 12:45 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-08 22:17 - 2014-11-08 22:17 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\AVAST Software
2014-11-08 22:17 - 2014-11-08 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-08 22:16 - 2014-11-08 22:16 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-08 22:16 - 2014-11-08 22:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-08 22:05 - 2014-11-08 22:06 - 05004328 _____ (AVAST Software) C:\Users\Mom\Downloads\avast_free_antivirus_setup_online.exe
2014-11-08 21:36 - 2014-11-08 21:42 - 00620720 _____ () C:\Users\Mom\Downloads\avgremover.log
2014-11-08 21:36 - 2014-11-08 21:36 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mom\Downloads\avg_remover_stf_x64_2015_5501.exe
2014-11-07 14:37 - 2014-11-07 14:37 - 01375089 _____ () C:\Users\Mom\Downloads\AdwCleaner(2).exe
2014-11-07 14:24 - 2014-11-07 14:52 - 00000000 ____D () C:\AdwCleaner
2014-11-07 14:23 - 2014-11-07 14:23 - 01375089 _____ () C:\Users\Mom\Downloads\AdwCleaner(1).exe
2014-11-07 13:41 - 2014-11-07 13:41 - 00000162 ____H () C:\Users\Mom\Documents\~$ntal_Agreement_-_730_Allison.wps
2014-11-06 15:09 - 2014-11-06 15:12 - 00039029 _____ () C:\Users\Mom\Downloads\Addition.txt
2014-11-06 15:08 - 2014-11-12 14:55 - 00020518 _____ () C:\Users\Mom\Downloads\FRST.txt
2014-11-06 15:07 - 2014-11-12 14:55 - 00000000 ____D () C:\FRST
2014-11-06 15:07 - 2014-11-06 15:07 - 02114560 _____ (Farbar) C:\Users\Mom\Downloads\FRST64.exe
2014-11-06 14:38 - 2014-11-06 14:38 - 00091136 _____ () C:\Users\Mom\Documents\Rental_Agreement_-_730_Allison.wps
2014-11-06 14:20 - 2014-11-06 21:19 - 00000000 ____D () C:\Users\Mom\Desktop\2014_11_06
2014-11-06 11:25 - 2014-11-06 11:25 - 00271720 _____ () C:\Windows\Minidump\Mini110614-01.dmp
2014-11-06 09:58 - 2014-11-09 07:46 - 00003920 _____ () C:\Windows\PFRO.log
2014-11-05 21:14 - 2014-11-05 21:14 - 00000000 ____D () C:\SUPERDelete
2014-11-05 21:13 - 2014-11-07 14:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00001758 _____ () C:\Users\Mom\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-05 21:10 - 2014-11-05 21:12 - 20170344 _____ (SUPERAntiSpyware) C:\Users\Mom\Downloads\SAS_5305.EXE
2014-11-05 20:38 - 2014-11-05 20:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mom\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-05 20:21 - 2014-11-05 20:22 - 00271720 _____ () C:\Windows\Minidump\Mini110514-01.dmp
2014-11-03 19:39 - 2014-11-03 19:39 - 00001073 _____ () C:\Users\Mom\Desktop\730_Rental_application-1 - Shortcut.lnk
2014-11-01 09:04 - 2014-11-01 09:04 - 00078392 _____ () C:\Users\Mom\Desktop\OTL.Txt
2014-11-01 08:32 - 2014-11-01 09:34 - 00062188 _____ () C:\Users\Mom\Downloads\Extras.Txt
2014-11-01 08:31 - 2014-11-01 08:56 - 00078392 _____ () C:\Users\Mom\Downloads\OTL.Txt
2014-11-01 08:17 - 2014-11-01 08:17 - 00602112 _____ (OldTimer Tools) C:\Users\Mom\Downloads\OTL.exe
2014-10-26 09:53 - 2014-11-02 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-10-20 10:28 - 2014-09-27 17:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-20 10:28 - 2014-09-17 00:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-20 10:28 - 2014-09-16 10:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-20 10:23 - 2014-06-15 16:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 10:23 - 2014-06-15 16:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 10:22 - 2014-09-04 17:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-18 19:03 - 2014-10-18 19:04 - 00000000 ____D () C:\dcc39b12c2316342209602a298
2014-10-17 18:27 - 2014-10-17 18:27 - 00275960 _____ () C:\Windows\Minidump\Mini101714-01.dmp
2014-10-15 09:11 - 2014-09-19 18:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 09:11 - 2014-09-19 17:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 09:11 - 2014-09-19 17:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 09:11 - 2014-09-19 17:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 09:11 - 2014-09-19 17:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 09:11 - 2014-09-19 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 09:11 - 2014-09-19 17:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 09:11 - 2014-09-19 17:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 09:11 - 2014-09-19 17:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 09:11 - 2014-09-19 17:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 09:11 - 2014-09-19 17:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 09:11 - 2014-09-19 17:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 09:11 - 2014-09-19 16:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 09:11 - 2014-09-19 16:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 09:11 - 2014-09-19 16:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 09:11 - 2014-09-19 16:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 09:11 - 2014-09-19 16:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 09:11 - 2014-09-19 16:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 09:11 - 2014-09-19 16:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 09:11 - 2014-09-19 16:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 09:11 - 2014-09-19 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 09:11 - 2014-09-19 16:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 09:11 - 2014-09-19 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 09:11 - 2014-09-19 16:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 09:10 - 2014-09-19 17:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 09:10 - 2014-09-19 17:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 09:10 - 2014-09-19 17:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 09:10 - 2014-09-19 16:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 09:10 - 2014-09-19 16:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 09:10 - 2014-09-19 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 08:52 - 2014-10-15 08:52 - 00000000 __SHD () C:\found.000
2014-10-13 10:39 - 2014-10-13 10:39 - 00275960 _____ () C:\Windows\Minidump\Mini101314-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:51 - 2014-07-30 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 14:39 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 14:39 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 14:24 - 2014-06-09 19:39 - 01620180 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 14:17 - 2009-06-30 08:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 13:04 - 2012-09-17 20:59 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000UA.job
2014-11-12 12:51 - 2011-07-13 21:09 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7773CC6A-F13A-45CF-95B9-1FCA42AC7C7D}
2014-11-12 12:48 - 2006-11-02 06:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 12:45 - 2012-07-11 18:25 - 00003838 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-12 12:42 - 2009-06-30 08:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 12:39 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2014-11-12 12:39 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\system32\logishrd
2014-11-12 12:39 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 08:05 - 2014-09-26 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 22:09 - 2011-07-24 21:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-08 22:04 - 2012-09-17 20:59 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000Core.job
2014-11-08 21:37 - 2006-11-02 09:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-06 14:38 - 2008-11-19 20:40 - 00029764 _____ () C:\Users\Mom\AppData\Roaming\wklnhst.dat
2014-11-06 14:18 - 2008-11-19 20:39 - 00003570 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-06 11:25 - 2011-07-16 23:52 - 00000000 ____D () C:\Windows\Minidump
2014-11-06 11:24 - 2014-10-08 16:57 - 406287712 _____ () C:\Windows\MEMORY.DMP
2014-11-05 21:14 - 2008-09-06 02:38 - 00000000 ____D () C:\Program Files\AWS
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2013-02-03 18:17 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 20:10 - 2012-01-30 22:03 - 00001460 _____ () C:\Users\Mom\AppData\Local\d3d9caps64.dat
2014-11-04 10:08 - 2014-08-27 15:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-11-04 10:08 - 2014-06-09 20:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-04 10:08 - 2014-06-09 20:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 10:06 - 2012-01-31 20:20 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\HpUpdate
2014-11-03 10:41 - 2008-12-25 12:47 - 00000000 ____D () C:\Program Files (x86)\Ouba
2014-11-02 10:38 - 2011-12-15 13:12 - 00002152 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-11-02 10:38 - 2006-11-02 09:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-28 05:34 - 2009-10-03 00:48 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 11:12 - 2009-06-30 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 11:12 - 2009-06-30 08:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-26 09:53 - 2011-12-15 13:11 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-10-20 12:59 - 2014-08-01 19:03 - 00316192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 10:25 - 2009-03-10 19:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 19:08 - 2008-11-19 19:54 - 00000000 ____D () C:\Users\Mom
2014-10-18 19:04 - 2013-08-06 08:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 19:04 - 2006-11-02 06:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\chris.Mom-PC\jagex_runescape_preferences.dat
C:\Users\chris.Mom-PC\jagex_runescape_preferences2.dat


Some content of TEMP:
====================
C:\Users\Mom\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-12 13:06

==================== End Of Log ============================


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm looks clean, this will empty the temporary files and if you could follow up with a defragment of your drive http://www.dummies.c...-windows-7.html then let me know how it is running

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#21
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Mom at 2014-11-12 15:44:45 Run:2
Running from c:\Users\Mom\Downloads
Loaded Profile: Mom (Available profiles: Mom)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

{509B8883-BB31-4376-BBBB-A8F2B52BE700} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 579.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still running without crashes ?
  • 0

#23
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

At the moment, yes. Shall I just give it a workout in regular boot mode and report back if there are any crashes?


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please, give it a pressure test with multiple programmes open and surfing at the same time :)
  • 0

#25
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Well as they say, back to the drawing board. Last evening the computer froze. Meaning that the cursor froze. Then today, the computer crashed both in safe mode with networking and in regular boot mode. By crash, I mean the blue screen crash where the computer restarts itself after the crash.  I tried rebooting in safe mode after that and the cursor froze. At the moment I am in regular mode to post this message. I will run FRST again and post the result. I will also try to list the programs in the MSConfig start up. I hope trying to distinguish between crash and freeze hopefully will help. I really appreciate you sticking with me on this, Essexboy.


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have any minidumps in the following folder :

C:\windows\minidump

If so could you zip a few of them and attach to your next post
  • 0

#27
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here is the latest FRST. I can see minidumps but when I try to zip them I get this message. "File not found or No Read Permission". ~Onnaday

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Mom (administrator) on MOM-PC on 15-11-2014 16:31:04
Running from c:\Users\Mom\Downloads
Loaded Profile: Mom (Available profiles: Mom)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-08] (AVAST Software)
HKLM\...\RunOnce: [PCDrProfiler] => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [102912 2008-09-09] (PC-Doctor, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3385600622-3777350188-503640899-1000\...\MountPoints2: {79f51818-c539-11dd-9c1a-002354132958} - L:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKLM-x32 - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.casualg...q={searchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect...nType=tb50trie7
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.casualg...q={searchTerms}
SearchScopes: HKCU - {42702B0B-C9A6-45FF-A76A-3B84C4ACFC37} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {470627EC-50FE-4C12-9E97-781485EB3CF3} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {6C9D2F79-E1FB-428C-8FBC-68FC01C533DD} URL = http://search.freeca...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll (Qualys, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3385600622-3777350188-503640899-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/armhelper.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default
FF Homepage: hxxp://www.aol.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pack.google.com/Google Updater;version=13 -> C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3385600622-3777350188-503640899-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: SlingHealth - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2010-12-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-25]
FF Extension: Qualys BrowserCheck - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-09-13]
FF Extension: Test Pilot - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\1rakunje.default\Extensions\[email protected] [2011-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-08]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-07-24]
CHR Extension: (avast! WebRep) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2011-07-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-08] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-26] (WildTangent)
S2 gupdate1c99932c93e7d83; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-07-21] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
S4 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [151552 2009-03-30] (Livescribe) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [295424 2011-04-08] (Puran Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-08] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [24576 2009-07-22] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 16:30 - 2014-11-15 16:30 - 00000000 ____D () C:\Users\Mom\Downloads\FRST-OlderVersion
2014-11-13 10:03 - 2014-10-12 17:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 10:02 - 2014-09-18 18:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 10:02 - 2014-09-18 18:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 10:00 - 2014-08-11 20:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 10:00 - 2014-08-11 20:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 09:59 - 2014-10-09 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 09:59 - 2014-10-09 19:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 09:59 - 2014-10-09 17:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 09:59 - 2014-10-09 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 09:58 - 2014-10-17 19:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 09:58 - 2014-10-17 18:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 09:58 - 2014-10-09 19:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 09:58 - 2014-10-09 19:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 09:58 - 2014-10-09 19:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 09:58 - 2014-10-02 19:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 09:58 - 2014-10-02 19:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 09:58 - 2014-10-02 19:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 09:58 - 2014-10-02 19:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 09:58 - 2014-10-02 19:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 09:58 - 2014-10-02 19:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 09:58 - 2014-10-02 19:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 09:58 - 2014-10-02 17:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-13 09:51 - 2014-10-23 19:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 09:51 - 2014-10-23 18:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 09:50 - 2014-08-26 18:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 09:50 - 2014-08-26 18:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 09:50 - 2014-08-26 18:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 09:50 - 2014-08-26 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:03 - 2014-10-27 14:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:03 - 2014-10-27 14:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:03 - 2014-10-27 14:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:03 - 2014-10-27 14:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:03 - 2014-10-27 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:03 - 2014-10-27 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:03 - 2014-10-27 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 13:03 - 2014-10-27 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:03 - 2014-10-27 14:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:03 - 2014-10-27 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 13:03 - 2014-10-27 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:03 - 2014-10-27 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:03 - 2014-10-27 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:03 - 2014-10-27 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:03 - 2014-10-27 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 13:03 - 2014-10-27 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:03 - 2014-10-27 14:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:03 - 2014-10-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:03 - 2014-10-27 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 13:03 - 2014-10-27 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 13:03 - 2014-10-27 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 13:03 - 2014-10-27 13:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 13:03 - 2014-10-27 13:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 13:03 - 2014-10-27 13:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 13:03 - 2014-10-27 12:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 13:03 - 2014-10-27 12:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:03 - 2014-10-27 12:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 13:03 - 2014-10-27 12:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 13:03 - 2014-10-27 12:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 13:03 - 2014-10-27 12:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 13:03 - 2014-10-27 12:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 13:03 - 2014-10-27 12:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 13:03 - 2014-10-27 12:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 13:03 - 2014-10-27 12:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 13:03 - 2014-10-27 12:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 13:03 - 2014-10-27 12:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 13:03 - 2014-10-27 12:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 13:03 - 2014-10-27 12:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 13:03 - 2014-10-27 12:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 13:03 - 2014-10-27 12:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 13:03 - 2014-10-27 12:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 13:03 - 2014-10-27 12:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 12:44 - 2014-11-08 22:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-10 20:06 - 2014-11-10 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 22:35 - 2014-11-08 22:35 - 00003246 _____ () C:\Users\Mom\Desktop\malwarebytes.txt
2014-11-08 22:17 - 2014-11-12 12:45 - 00001829 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-08 22:17 - 2014-11-08 22:17 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\AVAST Software
2014-11-08 22:17 - 2014-11-08 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-08 22:16 - 2014-11-08 22:16 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-11-08 22:16 - 2014-11-08 22:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-08 22:16 - 2014-11-08 22:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-08 22:05 - 2014-11-08 22:06 - 05004328 _____ (AVAST Software) C:\Users\Mom\Downloads\avast_free_antivirus_setup_online.exe
2014-11-08 21:36 - 2014-11-08 21:42 - 00620720 _____ () C:\Users\Mom\Downloads\avgremover.log
2014-11-08 21:36 - 2014-11-08 21:36 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mom\Downloads\avg_remover_stf_x64_2015_5501.exe
2014-11-07 14:37 - 2014-11-07 14:37 - 01375089 _____ () C:\Users\Mom\Downloads\AdwCleaner(2).exe
2014-11-07 14:24 - 2014-11-07 14:52 - 00000000 ____D () C:\AdwCleaner
2014-11-07 14:23 - 2014-11-07 14:23 - 01375089 _____ () C:\Users\Mom\Downloads\AdwCleaner(1).exe
2014-11-07 13:41 - 2014-11-07 13:41 - 00000162 ____H () C:\Users\Mom\Documents\~$ntal_Agreement_-_730_Allison.wps
2014-11-06 15:09 - 2014-11-06 15:12 - 00039029 _____ () C:\Users\Mom\Downloads\Addition.txt
2014-11-06 15:08 - 2014-11-15 16:31 - 00019915 _____ () C:\Users\Mom\Downloads\FRST.txt
2014-11-06 15:07 - 2014-11-15 16:31 - 00000000 ____D () C:\FRST
2014-11-06 15:07 - 2014-11-15 16:30 - 02116608 _____ (Farbar) C:\Users\Mom\Downloads\FRST64.exe
2014-11-06 14:38 - 2014-11-06 14:38 - 00091136 _____ () C:\Users\Mom\Documents\Rental_Agreement_-_730_Allison.wps
2014-11-06 14:20 - 2014-11-06 21:19 - 00000000 ____D () C:\Users\Mom\Desktop\2014_11_06
2014-11-06 11:25 - 2014-11-06 11:25 - 00271720 _____ () C:\Windows\Minidump\Mini110614-01.dmp
2014-11-06 09:58 - 2014-11-12 15:52 - 00004784 _____ () C:\Windows\PFRO.log
2014-11-05 21:14 - 2014-11-05 21:14 - 00000000 ____D () C:\SUPERDelete
2014-11-05 21:13 - 2014-11-07 14:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00001758 _____ () C:\Users\Mom\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-05 21:13 - 2014-11-05 21:13 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-05 21:10 - 2014-11-05 21:12 - 20170344 _____ (SUPERAntiSpyware) C:\Users\Mom\Downloads\SAS_5305.EXE
2014-11-05 20:38 - 2014-11-05 20:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mom\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-05 20:21 - 2014-11-05 20:22 - 00271720 _____ () C:\Windows\Minidump\Mini110514-01.dmp
2014-11-03 19:39 - 2014-11-03 19:39 - 00001073 _____ () C:\Users\Mom\Desktop\730_Rental_application-1 - Shortcut.lnk
2014-11-01 09:04 - 2014-11-01 09:04 - 00078392 _____ () C:\Users\Mom\Desktop\OTL.Txt
2014-11-01 08:32 - 2014-11-01 09:34 - 00062188 _____ () C:\Users\Mom\Downloads\Extras.Txt
2014-11-01 08:31 - 2014-11-01 08:56 - 00078392 _____ () C:\Users\Mom\Downloads\OTL.Txt
2014-11-01 08:17 - 2014-11-01 08:17 - 00602112 _____ (OldTimer Tools) C:\Users\Mom\Downloads\OTL.exe
2014-10-26 09:53 - 2014-11-02 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-10-20 10:23 - 2014-06-15 16:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 10:23 - 2014-06-15 16:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-20 10:23 - 2014-06-13 12:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 10:23 - 2014-06-13 11:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 10:22 - 2014-09-04 17:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-18 19:03 - 2014-10-18 19:04 - 00000000 ____D () C:\dcc39b12c2316342209602a298
2014-10-17 18:27 - 2014-10-17 18:27 - 00275960 _____ () C:\Windows\Minidump\Mini101714-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 16:26 - 2011-07-13 21:09 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7773CC6A-F13A-45CF-95B9-1FCA42AC7C7D}
2014-11-15 16:22 - 2009-06-30 08:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 16:04 - 2012-09-17 20:59 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000UA.job
2014-11-15 15:57 - 2014-06-09 19:39 - 01750553 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 14:48 - 2014-07-30 20:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-15 14:08 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 14:08 - 2006-11-02 09:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 10:33 - 2009-06-30 08:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 10:17 - 2009-06-30 08:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 10:17 - 2009-06-30 08:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 10:08 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2014-11-15 10:08 - 2012-05-15 09:02 - 00000000 ____D () C:\Windows\system32\logishrd
2014-11-15 10:08 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 09:43 - 2012-07-11 18:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-14 20:46 - 2006-11-02 09:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 10:40 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\rescache
2014-11-13 10:22 - 2014-08-01 19:03 - 00316192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 10:22 - 2011-07-25 19:51 - 00004136 _____ () C:\Windows\system32\spsys.log
2014-11-13 10:01 - 2009-03-10 19:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 09:56 - 2013-08-06 08:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 09:51 - 2006-11-02 06:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-12 20:31 - 2006-11-02 06:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 08:05 - 2014-09-26 20:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 22:09 - 2011-07-24 21:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-08 22:04 - 2012-09-17 20:59 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3385600622-3777350188-503640899-1000Core.job
2014-11-06 14:38 - 2008-11-19 20:40 - 00029764 _____ () C:\Users\Mom\AppData\Roaming\wklnhst.dat
2014-11-06 14:18 - 2008-11-19 20:39 - 00003570 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-06 11:25 - 2011-07-16 23:52 - 00000000 ____D () C:\Windows\Minidump
2014-11-06 11:24 - 2014-10-08 16:57 - 406287712 _____ () C:\Windows\MEMORY.DMP
2014-11-05 21:14 - 2008-09-06 02:38 - 00000000 ____D () C:\Program Files\AWS
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2014-07-30 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 20:41 - 2013-02-03 18:17 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 20:10 - 2012-01-30 22:03 - 00001460 _____ () C:\Users\Mom\AppData\Local\d3d9caps64.dat
2014-11-04 10:08 - 2014-08-27 15:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-11-04 10:08 - 2014-06-09 20:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-04 10:08 - 2014-06-09 20:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 10:06 - 2012-01-31 20:20 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\HpUpdate
2014-11-03 10:41 - 2008-12-25 12:47 - 00000000 ____D () C:\Program Files (x86)\Ouba
2014-11-02 10:38 - 2011-12-15 13:12 - 00002152 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-11-02 10:38 - 2006-11-02 09:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-28 05:34 - 2009-10-03 00:48 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 09:53 - 2011-12-15 13:11 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-10-18 19:08 - 2008-11-19 19:54 - 00000000 ____D () C:\Users\Mom

Files to move or delete:
====================
C:\Users\chris.Mom-PC\jagex_runescape_preferences.dat
C:\Users\chris.Mom-PC\jagex_runescape_preferences2.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 10:23

==================== End Of Log =


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK there is probably useful information in those minidumps... So I will ask you to get them for me

Download and install Whocrashed

 

Capture.JPG

 

Run the programme and press the Analyse button

Once it has completed select File > Export

Save the log to your desktop and then post it here

 

The system appears to be malware free :)


  • 0

#29
onnaday

onnaday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Great news on being Malware free! Here is the crash dump analysis. I have been using the computer all day in regular boot mode with no crashes or freezes. That's also good news but hopefully the crash dump analysis will help figure out why the crashes and freezes are happening. ~Onnaday

 

Crash Dump Analysis


Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 11/6/2014 5:08:59 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002CAC4C2, 0xFFFFFA60046ACCA0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 10/16/2014 1:41:40 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini101714-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x57150)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002EE0BDE, 0xFFFFFA600B533EF0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Mon 10/13/2014 4:37:44 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini101314-01.dmp
This was probably caused by the following module: npfs.sys (Npfs+0xB0C5)
Bugcheck code: 0xC2 (0xD, 0xFFFFF88011195790, 0x7346704E, 0xFFFFFA8008DBBC00)
Error: BAD_POOL_CALLER
file path: C:\Windows\system32\drivers\npfs.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NPFS Driver
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Fri 10/10/2014 11:17:54 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini101014-02.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x57150)
Bugcheck code: 0xA (0x16A, 0xC, 0x0, 0xFFFFF80002C655BA)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Fri 10/10/2014 3:19:58 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini101014-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x57150)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002CB24C2, 0xFFFFFA600A57CF20, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 10/8/2014 10:54:52 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini100814-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x57150)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF80002C8CD25, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.





Conclusion

6 crash dumps have been found and analyzed. No offending third party drivers have been found. Connsider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


 


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That may be related to your video driver

Download Slimdrivers to your desktop
Install the programme and on completion run
On the first page select Start Scan
slimdriver.JPG

Once it has completed click the download link on the right hand side for Video/graphics driver only (you can only download one driver at a time)
slimdriverscan.JPG

Allow the creation of a restore point prior to downloading and installing.
The driver will now be downloaded and backed up for safety. A reboot will be required on completion

Now we need to wait to see if that helps
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP