Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running slow! Memory usage high. windows 7 32 bit [Solved

slow computer memory usage high

  • This topic is locked This topic is locked

#1
uFinditEazy!

uFinditEazy!

    Member

  • Member
  • PipPip
  • 82 posts

Hello, My computer is running very poorly. It lags out when doing simple tasks such as ebay. I ran spybot, after scan and fix it does run a little better but still struggles. I know this is not a power house of a computer but hate to ditch it for a new one. Please help. Thanks. Robert


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi and welcome to Geeks to Go. If you are still in need of assistance, please follow the instructions at the following link to post logs. Thank you.

http://www.geekstogo...cleaning-guide/


  • 0

#3
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by my computer (administrator) on MYCOMPUTER-PC on 04-05-2015 15:22:07
Running from C:\Users\my computer\Downloads
Loaded Profiles: my computer (Available profiles: my computer)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TuneUp Software GmbH) C:\Windows\System32\TuneUpDefragService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\my computer\Downloads\FRST (1).exe
(Farbar) C:\Users\my computer\Downloads\FRST (1).exe
dditional scan result of Farbar Recovery Scan Tool (x86) Version: 02-05-2015
Ran by my computer at 2015-05-04 15:23:53
Running from C:\Users\my computer\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-234656105-2877930101-3625912627-500 - Administrator - Disabled)
Guest (S-1-5-21-234656105-2877930101-3625912627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-234656105-2877930101-3625912627-1002 - Limited - Enabled)
my computer (S-1-5-21-234656105-2877930101-3625912627-1000 - Administrator - Enabled) => C:\Users\my computer
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Ai Charger (HKLM\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-234656105-2877930101-3625912627-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Free YouTube to DVD Converter version 3.1.44.820 (HKLM\...\Free YouTube to DVD Converter_is1) (Version: 3.1.44.820 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A14B04 - )
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 76 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (Version: 6.0.19.19317 - LeapFrog) Hidden
Learning Essentials for Microsoft Office (HKLM\...\{B348E585-E872-41DF-8234-E2D49917CFBB}) (Version: 1.1 - Microsoft)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2007 (HKLM\...\{07041881-E9B4-4DF6-A845-CAAFD093E477}) (Version: 2007 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Ultra Edition (HKLM\...\{2D7D9D86-923A-41A8-919F-437332AB1033}) (Version: 7.02.2760 - Nero AG)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2211.0 - CyberLink Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.8002 - TuneUp Software)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{07C0DADC-9519-493D-B635-88A1A8A71998}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\VideoFilter\CL264dec.ax (CyberLink Corp.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{1ADD57B8-A7A9-4518-B9B5-862590FF9EB4}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\VideoFilter\DXdec.ax (DivXNetworks, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{78766964-0000-0010-8000-00AA00389B71}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\VideoFilter\DXdec.ax (DivXNetworks, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{D12E285B-3B29-4416-BA8E-79BD81D193CC}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\VideoFilter\CL264dec.ax (CyberLink Corp.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-234656105-2877930101-3625912627-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
16-04-2015 09:57:30 Windows Update
17-04-2015 03:00:27 Windows Update
22-04-2015 13:32:25 Windows Update
22-04-2015 13:35:01 avast! antivirus system restore point
28-04-2015 10:13:55 Windows Update
01-05-2015 17:00:20 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {375A1543-C1DE-46F3-89D9-9DFA558B3F76} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {46223CBC-4A1A-4F1C-AB4D-EA912D0096B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4697241C-8546-41F4-93B6-41305EE65823} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {4730E9AC-8AE0-4607-815F-F16EBD151C33} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {537575FB-69D4-4A84-8EFC-FCEBFECCF2A1} - System32\Tasks\1-Click Maintenance => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29] ()
Task: {66833EF9-9986-4097-98D5-560858E7EE50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {690187B1-4C4C-47AB-9A1E-8D7F2080A4EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {75B69CB0-FFCC-4EDE-A59C-2FE896B08D98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {7B79F749-4259-4122-BB4C-4DF30C01CEC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9DF48FB4-81F5-4418-8D16-5F073E0D967C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {A19643B2-40FF-49CC-BD90-A612112456DF} - System32\Tasks\hpUrlLauncher.exe_{15F6B43F-BEA7-46CB-A948-9D811E55CA60} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {B3614787-56BE-40EE-AACF-8458CDD04E71} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {B55F8E74-21CB-4DE7-BEDE-EF9FC0FE6D9B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EA03C9D9-6D48-4970-9149-9BD045D7C628} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {F0FD9364-3EB3-4737-B8E2-0E204E4B6D92} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {F8CC04DA-273C-4ECD-9FF4-7B7C90B8E7FC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\1-Click Maintenance.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-16 18:19 - 2015-04-16 18:19 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041601\algo.dll
2015-04-28 11:21 - 2015-04-28 11:21 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15042800\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-18 10:58 - 2005-08-08 13:54 - 00167936 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2015-03-14 11:45 - 2015-03-14 11:45 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2015-04-17 03:38 - 2015-04-17 03:38 - 00098816 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32api.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00110080 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\pywintypes27.dll
2015-04-17 03:38 - 2015-04-17 03:38 - 00364544 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\pythoncom27.dll
2015-04-17 03:38 - 2015-04-17 03:38 - 00045568 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\_socket.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 01161216 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\_ssl.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00320512 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32com.shell.shell.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00713216 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\_hashlib.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 01175040 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._core_.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00805888 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._gdi_.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00811008 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._windows_.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 01062400 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._controls_.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00735232 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._misc_.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00682496 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\pysqlite2._sqlite.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00128512 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\_elementtree.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00127488 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\pyexpat.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00087552 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\_ctypes.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00119808 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32file.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00108544 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32security.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00007168 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\hashobjs_ext.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00167936 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32gui.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00018432 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32event.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00038912 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32inet.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00011264 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32crypt.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00070656 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._html2.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00027136 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\_multiprocessing.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00020480 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\_yappi.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00035840 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32process.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00686080 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\unicodedata.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00122368 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._wizard.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00024064 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32pipe.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00010240 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\select.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00025600 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32pdh.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00525640 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\windows._lib_cacheinvalidation.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00017408 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32profile.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00022528 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\win32ts.pyd
2015-04-17 03:38 - 2015-04-17 03:38 - 00078336 _____ () C:\Users\my computer\AppData\Local\Temp\_MEI25922\wx._animate.pyd
2014-07-18 14:39 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\my computer\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-18 14:39 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\my computer\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-04-28 11:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-28 11:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-28 11:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-28 11:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-28 11:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\my computer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{48638311-C8C7-4DFF-B854-F86AA235A775}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{68014176-FFDF-4FA6-9F0B-BB057FF16D91}] => (Allow) C:\Program Files\Microsoft Office\Office12\outlook.exe
FirewallRules: [{7B531727-F3BF-443D-9AD9-68754821B77E}] => (Allow) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{D9443E91-1720-4141-BD63-CA361151C88C}] => (Allow) C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{BC26407A-4104-4620-8C4C-CFB10548CC13}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{110584AF-5ADA-450C-9448-AB967B298A19}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{65276E0E-6820-47CD-BFC6-C0056F3E5056}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{F327F5E8-0A3F-4CC7-B5EC-B564C707E623}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A6A2381C-7CE4-4C18-B04E-03316DEF8C3B}] => (Allow) C:\Users\my computer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8B8D2777-1A45-47D3-BD56-D6953622A920}] => (Allow) C:\Users\my computer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{DD47C3FB-90D2-4B1E-B934-8E57F306D710}C:\users\my computer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\my computer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{7FF6AE91-98C6-4461-A661-E05951DAC6AB}C:\users\my computer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\my computer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E9ED2023-FDAA-4522-9142-30A1F686B672}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0575DC9B-F1CF-4E15-A3E7-675EA5EA85B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{749225AA-5009-4DB2-B8D5-B97E4920DCC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C620C4EA-B9BA-405C-8AD7-31841C135E1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E631B753-2CC7-41C8-851F-753B4C716BAC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{44956051-9184-41F0-848B-4D9F2156B888}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5570770B-4978-4B6A-B916-0F403AAD24BC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{C9D566AE-1CD4-43F9-9C6E-3BFBBDF15544}] => (Allow) C:\Program Files\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{E52501AF-0CBF-4235-9856-DDABC49EFC02}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/01/2015 05:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7347
 
Error: (05/01/2015 05:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7347
 
Error: (05/01/2015 05:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/01/2015 05:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6349
 
Error: (05/01/2015 05:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6349
 
Error: (05/01/2015 05:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/01/2015 05:48:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5335
 
Error: (05/01/2015 05:48:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5335
 
Error: (05/01/2015 05:48:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/01/2015 05:48:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4336
 
 
System errors:
=============
Error: (05/04/2015 02:44:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/03/2015 03:15:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/03/2015 02:24:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/03/2015 02:19:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/03/2015 02:02:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (05/03/2015 01:48:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/03/2015 01:19:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (05/03/2015 01:13:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (05/03/2015 01:10:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/03/2015 00:57:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/30/2014 08:28:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 625 seconds with 300 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 75%
Total physical RAM: 1918.33 MB
Available physical RAM: 478.13 MB
Total Pagefile: 4809.8 MB
Available Pagefile: 1208.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.05 GB) (Free:95.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D3E7605C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

It appears that your FRST log got cut off. Can you please re-post? It should be in your Downloads folder. I did get the full Addition log so thank you.
 
A couple things to start.
 
 
Spybot Search & Destroy
I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.
 
Having only 2GB of memory on your machine I think it's very important to remove this software.

immunize.JPG
 
 
Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 45.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
8u45.JPG
 
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 7 Update 76
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u45-windows-i586.exe or jre-8u45-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).

 

 

I'll await the full FRST log before continuing on. Thank you.


  • 0

#5
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by my computer (administrator) on MYCOMPUTER-PC on 04-05-2015 15:22:07
Running from C:\Users\my computer\Downloads
Loaded Profiles: my computer (Available profiles: my computer)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TuneUp Software GmbH) C:\Windows\System32\TuneUpDefragService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\my computer\Downloads\FRST (1).exe
(Farbar) C:\Users\my computer\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6b06d088-a2d4-471f-b5ab-4d415aa40920.exe [183232 2015-04-22] (AVAST Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-22] (Google Inc.)
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\...\MountPoints2: {412acc7b-db81-11e2-a9a1-001e0ba70c54} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\...\MountPoints2: {9faf9b4e-78d1-11e2-abd5-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\...\MountPoints2: {de53b910-081b-11e4-bd73-001e0ba70c54} - E:\AutoRun.exe
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\my computer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-12-23] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-234656105-2877930101-3625912627-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-234656105-2877930101-3625912627-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-234656105-2877930101-3625912627-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\user.js [2015-04-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Profile: C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-27]
CHR Extension: (Google Drive) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-27]
CHR Extension: (YouTube) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27]
CHR Extension: (Google Search) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27]
CHR Extension: (Avast SafePrice) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-13]
CHR Extension: (Avast Online Security) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Gmail) - C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKU\S-1-5-21-234656105-2877930101-3625912627-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-23] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-12] (AVAST Software)
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [307968 2013-02-18] (TuneUp Software GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\System32\drivers\AiCharger.sys [13952 2012-03-22] (ASUSTek Computer Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-08-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-04 15:22 - 2015-05-04 15:22 - 00017945 _____ () C:\Users\my computer\Downloads\FRST.txt
2015-05-04 15:20 - 2015-05-04 15:20 - 01140736 _____ (Farbar) C:\Users\my computer\Downloads\FRST (1).exe
2015-05-04 15:17 - 2015-05-04 15:22 - 00000000 ____D () C:\FRST
2015-05-04 15:15 - 2015-05-04 15:16 - 01140736 _____ (Farbar) C:\Users\my computer\Downloads\FRST.exe
2015-04-28 11:00 - 2015-04-28 12:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-28 11:00 - 2015-04-28 11:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-28 11:00 - 2015-04-28 11:00 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-28 11:00 - 2015-04-28 11:00 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-28 11:00 - 2015-04-28 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-28 11:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-04-28 10:20 - 2015-04-28 10:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\my computer\Downloads\spybot-2.4 (1).exe
2015-04-28 10:17 - 2015-04-28 10:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\my computer\Downloads\spybot-2.4.exe
2015-04-26 17:34 - 2015-04-26 17:34 - 00995722 _____ () C:\Users\my computer\Downloads\attachments (23).zip
2015-04-26 17:33 - 2015-04-26 17:33 - 00903070 _____ () C:\Users\my computer\Downloads\attachments (22).zip
2015-04-26 17:32 - 2015-04-26 17:32 - 00870786 _____ () C:\Users\my computer\Downloads\attachments (21).zip
2015-04-26 17:18 - 2015-04-26 17:18 - 00981747 _____ () C:\Users\my computer\Downloads\attachments (20) (2).zip
2015-04-26 17:17 - 2015-04-26 17:17 - 00981747 _____ () C:\Users\my computer\Downloads\attachments (20) (1).zip
2015-04-26 17:12 - 2015-04-26 17:12 - 00981747 _____ () C:\Users\my computer\Downloads\attachments (20).zip
2015-04-23 21:08 - 2015-04-23 21:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-22 13:38 - 2015-04-22 13:38 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-22 13:38 - 2015-04-22 13:38 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-22 13:38 - 2014-12-23 22:28 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\asw472E.tmp
2015-04-22 13:38 - 2014-12-23 22:28 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5122.tmp
2015-04-22 13:38 - 2014-12-23 22:27 - 00206248 _____ () C:\Windows\system32\Drivers\asw53A2.tmp
2015-04-22 13:38 - 2014-12-23 22:27 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\asw55C5.tmp
2015-04-22 13:38 - 2014-12-23 22:27 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4A99.tmp
2015-04-22 13:38 - 2014-12-23 22:27 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4D97.tmp
2015-04-22 13:38 - 2014-12-23 22:27 - 00049944 _____ () C:\Windows\system32\Drivers\asw4DF6.tmp
2015-04-22 13:38 - 2014-12-23 22:27 - 00024184 _____ () C:\Windows\system32\Drivers\asw4D0A.tmp
2015-04-16 10:01 - 2015-03-22 20:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 10:01 - 2015-03-22 20:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 10:01 - 2015-03-22 20:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 10:01 - 2015-03-22 20:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 10:01 - 2015-03-22 20:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 10:01 - 2015-03-22 20:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 10:01 - 2015-03-22 20:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 10:01 - 2015-03-22 19:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 10:00 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 10:00 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 10:00 - 2015-03-16 22:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 10:00 - 2015-03-16 22:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 10:00 - 2015-03-16 21:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 10:00 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 10:00 - 2015-03-16 21:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 10:00 - 2015-03-16 21:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 10:00 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 10:00 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 09:59 - 2015-03-16 21:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 09:59 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 09:59 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 09:59 - 2015-03-16 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 09:59 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 09:59 - 2015-03-16 21:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 09:59 - 2015-03-16 21:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 09:59 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 09:59 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 09:59 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 09:59 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 09:59 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 09:59 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 09:58 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 09:58 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 09:58 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 09:58 - 2015-03-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 09:58 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 09:58 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 09:58 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 09:58 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 09:58 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 09:58 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 09:58 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 09:58 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 09:58 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 09:58 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 09:58 - 2015-03-12 20:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 09:58 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 09:58 - 2015-03-12 20:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 09:58 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 09:58 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 09:58 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 09:58 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 09:58 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 09:58 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 09:58 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 09:58 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 09:58 - 2015-03-12 19:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 09:58 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 09:58 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 09:58 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 09:58 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 09:58 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 09:57 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 09:57 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 09:57 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 09:57 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 09:57 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 09:57 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-07 18:49 - 2015-04-07 18:49 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2015-04-07 18:48 - 2015-04-07 18:48 - 00000916 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2015-04-07 18:48 - 2015-04-07 18:48 - 00000000 ____D () C:\Program Files\DIFX
2015-04-07 18:47 - 2015-04-07 18:48 - 00005092 _____ () C:\Windows\DPINST.LOG
2015-04-07 18:47 - 2015-04-07 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2015-04-07 18:47 - 2015-04-07 18:47 - 00000000 ____D () C:\ProgramData\Leapfrog
2015-04-07 18:47 - 2015-04-07 18:47 - 00000000 ____D () C:\Program Files\LeapFrog
2015-04-07 18:46 - 2015-04-07 18:46 - 11873400 _____ (LeapFrog Enterprises, Inc.) C:\Users\my computer\Downloads\LeapFrogConnectSetup_LeapPadExplorer.exe
2015-04-05 03:01 - 2015-04-06 20:44 - 00000000 ___SD () C:\Windows\system32\GWX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-04 15:21 - 2013-07-22 10:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 15:00 - 2013-02-18 11:26 - 00000498 _____ () C:\Windows\Tasks\1-Click Maintenance.job
2015-05-04 14:59 - 2014-03-06 21:00 - 00000350 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-05-04 14:59 - 2013-02-17 00:17 - 01761197 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 14:53 - 2013-07-22 10:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 14:44 - 2013-02-18 11:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-01 17:31 - 2009-07-13 21:39 - 00065147 _____ () C:\Windows\setupact.log
2015-04-28 15:24 - 2013-07-22 10:54 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 12:29 - 2009-07-13 21:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 12:29 - 2009-07-13 21:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 10:13 - 2014-03-29 13:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 17:07 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-22 15:22 - 2015-03-07 11:30 - 00000000 ____D () C:\Users\my computer\AppData\Local\WinZip
2015-04-22 15:22 - 2015-03-07 11:30 - 00000000 ____D () C:\ProgramData\WinZip
2015-04-22 15:21 - 2011-04-11 19:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-22 14:13 - 2013-02-18 11:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-22 13:38 - 2014-05-09 17:03 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-22 13:38 - 2014-01-10 10:33 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-22 13:38 - 2014-01-10 10:33 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-22 13:38 - 2014-01-10 10:33 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-22 13:38 - 2014-01-10 10:33 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-22 13:38 - 2014-01-10 10:33 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-22 13:38 - 2014-01-10 10:33 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-22 13:37 - 2014-01-10 10:33 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-18 10:57 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-04-18 10:14 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 03:45 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-17 03:39 - 2014-01-19 10:15 - 00000000 ___RD () C:\Users\my computer\Google Drive
2015-04-17 03:37 - 2010-11-20 14:48 - 00046734 _____ () C:\Windows\PFRO.log
2015-04-17 03:37 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 03:35 - 2014-12-11 04:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 03:35 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-17 03:19 - 2013-09-04 07:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-17 03:04 - 2013-07-22 11:05 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-17 03:04 - 2010-11-20 14:01 - 00773912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 10:37 - 2013-02-18 11:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-16 10:37 - 2013-02-18 11:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-05 10:03 - 2013-02-16 23:25 - 00000000 ____D () C:\Users\my computer
2015-04-05 09:41 - 2014-08-27 07:49 - 00000000 ___RD () C:\Users\my computer\Dropbox
2015-04-05 09:41 - 2014-08-26 11:41 - 00000000 ____D () C:\Users\my computer\AppData\Roaming\Dropbox
 
==================== Files in the root of some directories =======
 
2014-03-06 21:10 - 2014-03-06 21:10 - 0033193 _____ () C:\Users\my computer\AppData\Roaming\UserTile.png
2013-06-13 08:01 - 2013-06-13 08:01 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-24 00:55
 
==================== End Of Log ============================
Could you enlighten me on what type of memory to purchase? Thank you

  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Could you enlighten me on what type of memory to purchase? Thank you

 

Sure. A very good site you can go to is Crucial.com. The site will scan your machine to determine what type of memory you currently have in your system and provide you options to upgrade. Try this and let me know if you have questions or still need assistance on this.

 

 

 

OK, things look fairly clean. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   253bytes   77 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#3 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

 

Items for your next post

1. FRST Fix log

2. AdwCleaner log

3. Security Check log


  • 0

#7
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

ok, I am struggling with the first step. How do i get the fix inside farbar?

I also purchased 4gigs of memory. Thanks for that!


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

You want to download the fixlist.txt to your desktop. Also make sure that FRST.exe is on your desktop. So move it from your downloads folder and put it on your desktop. Then double-click to open FRST.exe and then click the fix button.


  • 0

#9
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

I have them both on my desktop and am still struggling. its says no fix found. Is frst farbar?


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I believe you are using Google Chrome as your internet browser. Here is what I suggest. Delete FRST and fixlist off of your desktop and let's start from the beginning.

 

All tools that I have you download should be placed on the desktop unless otherwise stated. 
 
it's easiest if you configure your browser(s) to download any tools to the desktop by default.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

 

 

Now that this is set, let's do the following.

1. Download FRST and save to your desktop.

2. Download the attached fixlist.txt and save to your desktop.

3. Open up FRST and then click the Fix button

 


 

 

Attached Files


  • 0

Advertisements


#11
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by my computer at 2015-05-06 20:42:54 Run:1
Running from C:\Users\my computer\Desktop
Loaded Profiles: my computer (Available profiles: my computer)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
FF user.js: detected! => C:\Users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\user.js [2015-04-05]
HKLM\...\Run: [] => [X]
wmic computersystem get manufacturer
wmic computersystem get model
EmptyTemp:
 
*****************
 
Restore point was successfully created.
C:\Users\my computer\AppData\Roaming\Mozilla\Firefox\Profiles\j30s7tgw.default\user.js => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
wmic computersystem get manufacturer => Error: No automatic fix found for this entry.
wmic computersystem get model => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 3.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:46:56 ====

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Perfect! Good Job. Move on to Step#2 & Step#3.


  • 0

#13
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
# AdwCleaner v4.203 - Logfile created 06/05/2015 at 20:56:23
# Updated 30/04/2015 by Xplode
# Database : 2015-05-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : my computer - MYCOMPUTER-PC
# Running from : C:\Users\my computer\Desktop\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[/!\] Not Deleted ( Junction ) : C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\my computer\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
 
*************************
 
AdwCleaner[R0].txt - [2232 bytes] - [06/05/2015 20:54:49]
AdwCleaner[S0].txt - [2112 bytes] - [06/05/2015 20:56:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2171  bytes] ##########

  • 0

#14
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2008   
 Java 7 Update 76  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (37.0.2) 
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

  • 0

#15
uFinditEazy!

uFinditEazy!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

I am done for the night. I will be back on tomorrow to do whatever you say is next. Thank you


  • 0






Similar Topics


Also tagged with one or more of these keywords: slow computer, memory usage high

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP