Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow and rebooted itself a couple times?


  • Please log in to reply

#1
Faithsa

Faithsa

    Member

  • Member
  • PipPipPip
  • 190 posts

I am sure my pc needs to be cleaned out but I'm uncertain of all the details involved and would love someone to walk me through it.  It just rebooted itself again unexpectedly.  This is maybe the second time in as many weeks?  I would appreciate any help I can get. 

I'm running Windows 7 Professional.

 

Thank you,

Sabrina


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

What is the make and model of the computer ? Over heating can cause a reboot, Laptops can be subject to over heating if the vents get clogged.
Do you see a blue screen when it reboots ?

Please make sure you download this to the desktop.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
In your next reply post:
  • FRST.txt
  • Additions.txt
Thanks
Joe :)
  • 0

#3
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

This is a desktop that was originally custom built as a server and has an oversized case.  The harddrive was replaced this past summer.  I just ran the OTL.  Here is the Log: 

 

OTL logfile created on: 1/11/2015 8:02:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sabrina\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.23 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 23.75% Memory free
4.46 Gb Paging File | 2.40 Gb Available in Paging File | 53.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 766.25 Gb Free Space | 82.27% Space Free | Partition Type: NTFS
 
Computer Name: SABRINA-PC | User Name: Sabrina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/11 20:01:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Downloads\OTL.exe
PRC - [2015/01/09 13:07:30 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/17 13:07:06 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/07/11 16:14:20 | 000,118,272 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2014/07/11 15:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/12/06 09:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/12/06 09:47:20 | 000,662,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2013/12/06 09:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/09/12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/06/22 14:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\Sabrina\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
PRC - [2011/06/22 14:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\Sabrina\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
PRC - [2010/08/23 08:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/17 13:07:08 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/01 13:30:46 | 000,861,184 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
MOD - [2012/09/12 23:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/17 13:07:06 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/08/18 17:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/07/11 15:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2014/04/28 12:24:57 | 000,177,136 | ---- | M] (Coupons.com Inc.) [Auto | Running] -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe -- (CouponPrinterService)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/06 09:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/12/06 09:47:20 | 000,662,232 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/17 13:07:31 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/17 13:07:10 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/12/17 13:07:10 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/17 13:07:10 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/12/17 13:07:10 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/17 13:07:10 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/17 13:07:10 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/17 13:07:10 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/12/06 09:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/09/21 14:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 14:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/26 00:15:48 | 000,287,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/17 13:07:11 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.9_0\
CHR - Extension: No name found = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.6_0\
CHR - Extension: No name found = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/06/25 21:28:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF9B853-1BC6-4DD4-AF31-2700ECA4F5A4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/09 14:57:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LeapFrog
[2015/01/09 14:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
[2015/01/09 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog
[2015/01/09 14:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2014/12/17 13:07:13 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/17 13:07:10 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/16 14:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/11 19:56:54 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/11 19:56:54 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/11 19:54:50 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/11 19:54:50 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/11 19:54:50 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/11 19:48:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/11 19:48:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/11 19:48:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2015/01/11 19:48:43 | 1796,694,016 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/09 14:56:05 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/12/17 13:07:36 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/17 13:07:31 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/12/17 13:07:10 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/12/17 13:07:10 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/17 13:07:10 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/12/17 13:07:10 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/12/17 13:07:10 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/12/17 13:07:10 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/12/17 13:07:10 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/12/17 13:07:10 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/17 13:07:10 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/12/17 12:51:00 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/17 12:50:36 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2015/01/09 14:56:05 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/12/17 13:07:36 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/04/18 18:08:47 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/19 06:08:32 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVAST Software
[2014/05/23 09:42:48 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Garmin
[2014/06/04 13:15:06 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Leadertech
[2014/04/18 20:43:34 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice
[2014/04/18 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\TweakNow PowerPack
[2014/04/18 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\TweakNow PowerPack 2012
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#4
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
Ran by Sabrina (administrator) on SABRINA-PC on 11-01-2015 21:31:51
Running from C:\Users\Sabrina\Desktop
Loaded Profile: Sabrina (Available profiles: Sabrina & Hugh & Caleb and Ellie)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Logitech, Inc.) C:\Users\Sabrina\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Sabrina\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2175456564-3303761008-1419212204-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2175456564-3303761008-1419212204-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2175456564-3303761008-1419212204-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-2175456564-3303761008-1419212204-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-2175456564-3303761008-1419212204-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2175456564-3303761008-1419212204-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-18]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406", "hxxp://www.google.com", "hxxp://search.conduit.com/?ctid=CT3317127&SearchSource=48&CUI=UN36224443593107129&UM=2", "hxxp://mysearch.avg.com?cid={92F66936-9348-4EC0-B63B-0D9177942433}&mid=1d4d15f6c6416e4b8db9cb0750829da1-a8d76063693a0a3d646f63578c80f896143d272e&lang=en&ds=ts024&coid=avgtbdists&cmpid=&pr=sa&d=2014-03-06 14:21:01&v=18.0.0.248&pid=safeguard&sg=&sap=hp", "hxxp://www.google.com/", "hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtA0C0AyCyEtAtCyE0AtDtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2SyD0AtByDtDyEyD0EtG0EyB0EtAtG0F0FzyyCtG0FyCtCyCtGyByEtA0AtDzztA0C0ByCzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDzyzyyB0FyBtG0EtBzyyCtG0AzytCyDtG0CtCtBtDtGtDyB0C0B0BtD0CyD0Czz0AtD2Q&cr=1121179453&ir=", "hxxp://www.msn.com/?pc=AV01"
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Adblock Plus) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-22]
CHR Extension: (Avast SafePrice) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-20]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-05-22]
CHR Extension: (Google Wallet) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-17] (AVAST Software)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-17] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 21:31 - 2015-01-11 21:32 - 00013808 _____ () C:\Users\Sabrina\Desktop\FRST.txt
2015-01-11 21:30 - 2015-01-11 21:31 - 00000000 ____D () C:\FRST
2015-01-11 21:29 - 2015-01-11 21:29 - 02124288 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64.exe
2015-01-11 20:12 - 2015-01-11 20:12 - 00051902 _____ () C:\Users\Sabrina\Desktop\Extras.Txt
2015-01-11 20:11 - 2015-01-11 20:11 - 00057648 _____ () C:\Users\Sabrina\Desktop\OTL.Txt
2015-01-11 20:01 - 2015-01-11 20:01 - 00602112 _____ (OldTimer Tools) C:\Users\Sabrina\Desktop\OTL.exe
2015-01-09 14:57 - 2015-01-09 14:57 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2015-01-09 14:56 - 2015-01-09 14:56 - 00000950 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2015-01-09 14:55 - 2015-01-09 14:55 - 00005222 _____ () C:\Windows\DPINST.LOG
2015-01-09 14:55 - 2015-01-09 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2015-01-09 14:54 - 2015-01-09 14:55 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2015-01-09 14:54 - 2015-01-09 14:54 - 00000000 ____D () C:\ProgramData\Leapfrog
2015-01-09 14:53 - 2015-01-09 14:53 - 11873400 _____ (LeapFrog Enterprises, Inc.) C:\Users\Sabrina\Downloads\LeapFrogConnectSetup_LeapPadExplorer.exe
2014-12-31 15:13 - 2014-12-31 15:13 - 00595072 _____ () C:\Users\Sabrina\Downloads\Installation.exe
2014-12-25 10:08 - 2014-12-25 10:08 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 13:59 - 2014-12-17 13:59 - 17260371 _____ () C:\Users\Sabrina\Downloads\pics2 (1).zip
2014-12-17 13:07 - 2014-12-17 13:07 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-17 13:07 - 2014-12-17 13:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-17 13:07 - 2014-12-17 13:07 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-16 14:17 - 2014-12-16 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-11 19:56 - 2009-07-13 23:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 19:56 - 2009-07-13 23:45 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 19:54 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 19:52 - 2014-04-21 15:41 - 01072736 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 19:48 - 2014-06-04 13:14 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-11 19:48 - 2014-04-21 15:39 - 00010353 _____ () C:\Windows\setupact.log
2015-01-11 19:48 - 2014-04-18 20:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 19:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 18:06 - 2014-04-18 20:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-09 15:01 - 2014-11-12 22:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-09 15:01 - 2014-11-12 22:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 15:01 - 2014-04-18 19:16 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Adobe
2015-01-09 14:55 - 2014-05-23 09:42 - 00000000 ____D () C:\Program Files\DIFX
2015-01-06 13:20 - 2011-04-12 03:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-25 18:58 - 2014-08-06 08:32 - 00000000 ____D () C:\Users\Sabrina\Documents\Budgets
2014-12-25 12:03 - 2014-06-21 13:21 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Skype
2014-12-25 08:56 - 2014-10-23 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-25 08:56 - 2014-06-21 13:20 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 08:54 - 2014-07-02 22:53 - 00005015 _____ () C:\Windows\SecuniaPackage.log
2014-12-20 00:30 - 2014-04-21 15:59 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-12-17 13:08 - 2014-06-23 11:51 - 00010536 _____ () C:\Windows\PFRO.log
2014-12-17 13:07 - 2014-04-18 20:46 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-17 13:07 - 2014-04-18 20:46 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-17 13:07 - 2014-04-18 20:46 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-17 13:07 - 2014-04-18 20:46 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-17 13:07 - 2014-04-18 20:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-17 13:07 - 2014-04-18 20:46 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-17 13:07 - 2014-04-18 20:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-17 13:07 - 2014-04-18 20:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-17 12:51 - 2014-07-31 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 12:50 - 2014-07-31 19:38 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 12:50 - 2014-07-31 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-17 12:50 - 2014-07-31 19:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-12 04:54 - 2014-04-18 20:47 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\Hugh\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Hugh\AppData\Local\Temp\SIntf16.dll
C:\Users\Hugh\AppData\Local\Temp\SIntf32.dll
C:\Users\Hugh\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sabrina\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntf16.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntf32.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntfNT.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:43
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by Sabrina at 2015-01-11 21:32:49
Running from C:\Users\Sabrina\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\{B21D5938-6B90-408B-B827-92F6E0E11B48}) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - Canon Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TweakNow PowerPack (HKLM-x32\...\TweakNow PowerPack_is1) (Version: 4.3.1 - TweakNow.com)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
09-12-2014 23:21:49 Scheduled Checkpoint
17-12-2014 00:00:07 Scheduled Checkpoint
17-12-2014 13:05:59 avast! antivirus system restore point
25-12-2014 00:00:06 Scheduled Checkpoint
02-01-2015 00:00:05 Scheduled Checkpoint
09-01-2015 00:00:13 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-06-25 21:28 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C16920F-757D-482E-A9FE-E50F9974BB67} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-17] (AVAST Software)
Task: {245591B8-36A0-409F-9FBA-3CEFE70D261E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {58EA0F01-1391-4CED-9F0F-E8730E6246D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {80C40AB1-5D01-42E6-A746-7F5076BD5470} - \Speedial No Task File <==== ATTENTION
Task: {D798341E-B148-4880-B477-39E166B6F07C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA0714D0-395F-4052-BDCE-9DB688420952} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {E2F43C96-6C97-4FC0-ACDA-11F571BAEA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-01-11 16:30 - 2015-01-11 16:30 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-17 13:07 - 2014-12-17 13:07 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2014-12-12 04:54 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 04:54 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 04:54 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 04:54 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 04:54 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-2175456564-3303761008-1419212204-1005 - Administrator - Enabled)
Administrator (S-1-5-21-2175456564-3303761008-1419212204-500 - Administrator - Disabled)
Caleb and Ellie (S-1-5-21-2175456564-3303761008-1419212204-1004 - Limited - Enabled) => C:\Users\Caleb and Ellie
Guest (S-1-5-21-2175456564-3303761008-1419212204-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2175456564-3303761008-1419212204-1002 - Limited - Enabled)
Hugh (S-1-5-21-2175456564-3303761008-1419212204-1003 - Limited - Enabled) => C:\Users\Hugh
Sabrina (S-1-5-21-2175456564-3303761008-1419212204-1001 - Administrator - Enabled) => C:\Users\Sabrina
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2015 07:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 00:32:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/09/2015 11:01:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LeapFrogConnect.exe version 6.0.19.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 380
 
Start Time: 01d02c614d522714
 
Termination Time: 63
 
Application Path: C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe
 
Report Id:
 
Error: (01/09/2015 06:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/09/2015 02:45:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/08/2015 02:36:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/31/2014 00:32:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/30/2014 02:02:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: RPCRT4.dll, version: 6.1.7601.18532, time stamp: 0x53c3352a
Exception code: 0xc0020043
Fault offset: 0x0005d111
Faulting process id: 0xf5c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (12/30/2014 01:52:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 01:50:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: chrome.dll, version: 39.0.2171.95, time stamp: 0x54823ff4
Exception code: 0x4000001f
Fault offset: 0x004fd39c
Faulting process id: 0xd98
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
 
System errors:
=============
Error: (01/11/2015 07:49:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (01/11/2015 07:49:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (01/11/2015 07:48:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:48:31 PM on ‎1/‎11/‎2015 was unexpected.
 
Error: (01/09/2015 06:06:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (01/09/2015 06:06:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (01/09/2015 06:05:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:04:21 PM on ‎1/‎9/‎2015 was unexpected.
 
Error: (01/09/2015 02:55:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LeapFrog Connect Device Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/29/2014 10:35:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:34:34 PM on ‎12/‎29/‎2014 was unexpected.
 
Error: (12/25/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (12/25/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (01/11/2015 07:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 00:32:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/09/2015 11:01:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LeapFrogConnect.exe6.0.19.038001d02c614d52271463C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe
 
Error: (01/09/2015 06:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/09/2015 02:45:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/08/2015 02:36:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (12/31/2014 00:32:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (12/30/2014 02:02:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3RPCRT4.dll6.1.7601.1853253c3352ac00200430005d111f5c01d0246311f0c238C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\RPCRT4.dll77309abe-9056-11e4-9600-001cc03ca643
 
Error: (12/30/2014 01:52:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 01:50:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3chrome.dll39.0.2171.9554823ff44000001f004fd39cd9801d024615818b9ecC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dllbf35429c-9054-11e4-bc50-001cc03ca643
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 87%
Total physical RAM: 2284.62 MB
Available physical RAM: 291.92 MB
Total Pagefile: 4567.41 MB
Available Pagefile: 2265.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:766.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 259E449F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

When you get time make sure the desktop inside is not full of dust.

Not seeing much so far, let me review a bit closer and longer. In the mean time:

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
    • The AdwCleaner [S1].txt Log
    • The JRT.txt Log
    Thanks
    Joe :)

  • 0

#6
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

I just ran adwcleaner and when it was rebooting, it said shutting down forever then went to blue screen and i briefly caught "windows has detected a problem and is shutting down..."  Then it rebooted to the black screen with the reboot options of start windows normally, safe mode or (whatever the third option is).  I've not yet run the jrt.  It opened a pop up saying that windows had unexpectedly shut down upon restart after I selected start normally.


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Hold up on any more scans for the moment. Please do this next.

Lets see if we can see what's causing the Blue Screen

Download--> WhoCrashed
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
  • Put a tick in Accept then click on Next.
  • Put a tick in the Don't create a start menu folder then click Next.
  • Put a tick in Create a Desktop Icon.
  • then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish.
  • Click Analyze
  • It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it.
Copy and paste it into your next reply.
  • 0

#8
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

It didn't ask me to download the Debugger.

 

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Mon 1/12/2015 8:11:22 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\011215-18109-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x78A8A)
Bugcheck code: 0x1000009F (0x4, 0x258, 0xFFFFFA8001BA6040, 0xFFFFF80000B9C510)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Mon 1/12/2015 8:11:22 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x9F (0x4, 0x258, 0xFFFFFA8001BA6040, 0xFFFFF80000B9C510)
Error: DRIVER_POWER_STATE_FAILURE
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



 

Conclusion

2 crash dumps have been found and analyzed. No offending third party drivers have been found. Connsider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
 


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

See if you can run this fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406", "hxxp://www.google.com", "hxxp://search.conduit.com/?ctid=CT3317127&SearchSource=48&CUI=UN36224443593107129&UM=2", "hxxp://mysearch.avg.com?cid={92F66936-9348-4EC0-B63B-0D9177942433}&mid=1d4d15f6c6416e4b8db9cb0750829da1-a8d76063693a0a3d646f63578c80f896143d272e&lang=en&ds=ts024&coid=avgtbdists&cmpid=&pr=sa&d=2014-03-06 14:21:01&v=18.0.0.248&pid=safeguard&sg=&sap=hp", "hxxp://www.google.com/", "hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtA0C0AyCyEtAtCyE0AtDtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2SyD0AtByDtDyEyD0EtG0EyB0EtAtG0F0FzyyCtG0FyCtCyCtGyByEtA0AtDzztA0C0ByCzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDzyzyyB0FyBtG0EtBzyyCtG0AzytCyDtG0CtCtBtDtGtDyB0C0B0BtD0CyD0Czz0AtD2Q&cr=1121179453&ir=", "hxxp://www.msn.com/?pc=AV01"
2015-01-11 19:48 - 2014-06-04 13:14 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
C:\Users\Hugh\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Hugh\AppData\Local\Temp\SIntf16.dll
C:\Users\Hugh\AppData\Local\Temp\SIntf32.dll
C:\Users\Hugh\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sabrina\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntf16.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntf32.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntfNT.dll
Task: {80C40AB1-5D01-42E6-A746-7F5076BD5470} - \Speedial No Task File <==== ATTENTION

CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fixlog.txt
  • 0

#10
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts

what is FRST/FRST64?


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
It's on your desktop. Farber recovery scan tool that we downloaded.

index_zpsae74eeb3.png

Right click, run as administrator, click fix, post fixlog.txt that log will end up on desktop after fix is run.
frst.JPG
  • 0

#12
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015
Ran by Sabrina at 2015-01-12 16:09:15 Run:1
Running from C:\Users\Sabrina\Desktop
Loaded Profile: Sabrina (Available profiles: Sabrina & Hugh & Caleb and Ellie)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406", "hxxp://www.google.com", "hxxp://search.conduit.com/?ctid=CT3317127&SearchSource=48&CUI=UN36224443593107129&UM=2", "hxxp://mysearch.avg.com?cid={92F66936-9348-4EC0-B63B-0D9177942433}&mid=1d4d15f6c6416e4b8db9cb0750829da1-a8d76063693a0a3d646f63578c80f896143d272e&lang=en&ds=ts024&coid=avgtbdists&cmpid=&pr=sa&d=2014-03-06 14:21:01&v=18.0.0.248&pid=safeguard&sg=&sap=hp", "hxxp://www.google.com/", "hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtA0C0AyCyEtAtCyE0AtDtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2SyD0AtByDtDyEyD0EtG0EyB0EtAtG0F0FzyyCtG0FyCtCyCtGyByEtA0AtDzztA0C0ByCzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDzyzyyB0FyBtG0EtBzyyCtG0AzytCyDtG0CtCtBtDtGtDyB0C0B0BtD0CyD0Czz0AtD2Q&cr=1121179453&ir=", "hxxp://www.msn.com/?pc=AV01"
2015-01-11 19:48 - 2014-06-04 13:14 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
C:\Users\Hugh\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Hugh\AppData\Local\Temp\SIntf16.dll
C:\Users\Hugh\AppData\Local\Temp\SIntf32.dll
C:\Users\Hugh\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sabrina\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntf16.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntf32.dll
C:\Users\Sabrina\AppData\Local\Temp\SIntfNT.dll
Task: {80C40AB1-5D01-42E6-A746-7F5076BD5470} - \Speedial No Task File <==== ATTENTION
 
CMD: ipconfig /flushdns
hosts:
Emptytemp:
reboot:
end
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
Chrome StartupUrls deleted successfully.
C:\Windows\system32\Drivers\lvuvc.hs => Moved successfully.
C:\Users\Hugh\AppData\Local\Temp\CmdLineExt03.dll => Moved successfully.
C:\Users\Hugh\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Hugh\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Hugh\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Sabrina\AppData\Local\Temp\CmdLineExt03.dll => Moved successfully.
C:\Users\Sabrina\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Sabrina\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Sabrina\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C40AB1-5D01-42E6-A746-7F5076BD5470} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial => Key not found. 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 709.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:10:30 ====

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,
Note
Do not run junk-ware removal tool JRT

See if you can run Malwarebytes. This scan may take 45 mins or more.

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log
  • 0

#14
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/12/2015
Scan Time: 4:29:11 PM
Logfile: scanlog 1-12.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.12.09
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sabrina
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408290
Time Elapsed: 12 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.OutBrowse, C:\Users\Sabrina\Downloads\Installation.exe, Quarantined, [7e1ae410e4a5ff3764bceb1f738fa25e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello.

How is the computer now ? Are you still blue screening ?

I was wondering if Adwcleaner ever created a log file. Could you look to see if the log was created.

The Log would be located here:
C:\AdwCleaner\AdwCleaner[S1].txt
Open the adwcleaner folder on the C drive and look for the log.

If you cant find it you may run Adwcleaner again.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP