Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Daughters laptop is seriously lagging


  • This topic is locked This topic is locked

#1
busymomof4kids

busymomof4kids

    Member

  • Member
  • PipPip
  • 39 posts
My daughters laptop is seriously lagging, any help would be greatly appreciated
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
busymomof4kids

busymomof4kids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Sarah (administrator) on SARAH-HP on 03-05-2015 15:56:28
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah (Available profiles: Sarah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Update\Install\{42D9A439-68FF-4377-8185-308E090EFCE6}\42.0.2311.135_chrome_installer.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Temp\CR_447B0.tmp\setup.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-03] (Google Inc.)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2014-09-15]
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2013-08-02]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2012-02-28]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.n...id=tbid09152014
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
BHO: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx64.dll [2013-12-11] ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-28] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll [2014-09-22] (WhiteSky)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll [2013-12-11] ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6C4E4336-ADC9-44E9-B695-60D3071EA01D}: [NameServer] 75.75.75.75,75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default
FF DefaultSearchUrl: 
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin HKU\S-1-5-21-2789968882-3570388344-1764720213-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2789968882-3570388344-1764720213-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\Extensions\idvaultaddon@whitesky [2014-09-15]
FF Extension: No Name - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\Extensions\temp [2014-09-15]
FF Extension: XFINITY Toolbar - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\5ppafeze.default\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-05-03]
 
Chrome: 
=======
CHR Profile: C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-27]
CHR Extension: (Skype Click to Call) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-02-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-09-18]
StartMenuInternet: Google Chrome - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2015-05-03] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140926.003\IDSvia64.sys [633560 2014-09-17] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.002\ENG64.SYS [129752 2014-09-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.002\EX64.SYS [2137304 2014-09-26] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 13:59 - 2015-05-03 14:02 - 02101248 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64 (3).exe
2015-05-03 13:59 - 2015-05-03 14:00 - 02101248 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64.exe
2015-05-03 09:00 - 2015-05-03 09:00 - 00000000 ____D () C:\Program Files (x86)\Valassis
2015-05-03 08:48 - 2015-05-03 08:49 - 02166416 _____ (Valassis) C:\Users\Sarah\Downloads\P@H_prod308-C7qKxUtE.exe
2015-05-03 08:45 - 2015-05-03 08:46 - 02166416 _____ (Valassis) C:\Users\Sarah\Downloads\P@H_prod308-KK4SMues.exe
2015-05-03 08:45 - 2015-05-03 08:45 - 00003528 _____ () C:\Windows\System32\Tasks\iolo System Checkup
2015-05-03 08:43 - 2015-05-03 08:44 - 00000000 ____D () C:\ProgramData\iolo
2015-05-03 08:43 - 2015-05-03 08:43 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-05-03 08:43 - 2015-05-03 08:43 - 00001179 _____ () C:\Users\Sarah\Desktop\System Checkup.lnk
2015-05-03 08:43 - 2015-05-03 08:43 - 00000000 ____D () C:\Program Files (x86)\iolo
2015-05-03 08:38 - 2015-05-03 08:40 - 07426712 _____ () C:\Users\Sarah\Downloads\SCUDownloader.exe
2015-05-03 08:16 - 2015-05-03 08:16 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 16:06 - 2012-01-05 21:36 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ID Vault
2015-05-03 16:04 - 2014-09-15 16:00 - 00020988 _____ () C:\Users\Sarah\Desktop\FRST.txt
2015-05-03 16:02 - 2014-09-15 15:24 - 00643642 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 15:57 - 2014-09-12 10:43 - 00000000 ____D () C:\FRST
2015-05-03 15:55 - 2014-09-28 19:53 - 02101248 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2015-05-03 15:55 - 2014-09-26 15:54 - 00000000 ____D () C:\Users\Sarah\Desktop\FRST-OlderVersion
2015-05-03 15:54 - 2012-01-05 21:38 - 00000000 ____D () C:\Users\Sarah\AppData\Local\ID Vault
2015-05-03 15:48 - 2014-09-15 16:18 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2015-05-03 15:48 - 2014-09-15 16:18 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
2015-05-03 15:48 - 2012-01-05 21:35 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2015-05-03 15:47 - 2014-09-15 16:18 - 00002201 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2015-05-03 15:47 - 2014-09-15 16:18 - 00002189 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2015-05-03 15:38 - 2011-12-25 13:53 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA.job
2015-05-03 15:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 15:37 - 2010-11-20 23:47 - 01724146 _____ () C:\Windows\PFRO.log
2015-05-03 15:37 - 2009-07-14 00:51 - 00082241 _____ () C:\Windows\setupact.log
2015-05-03 15:24 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 15:24 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 14:17 - 2014-09-12 10:44 - 00026651 _____ () C:\Users\Sarah\Downloads\FRST.txt
2015-05-03 08:58 - 2012-02-17 20:16 - 00000000 ____D () C:\Users\Sarah\AppData\Local\CrashDumps
2015-05-03 08:22 - 2011-12-25 13:53 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core.job
2015-05-03 08:17 - 2011-12-25 13:53 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA
 
==================== Files in the root of some directories =======
 
2013-10-19 10:25 - 2014-06-02 18:29 - 0003748 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-19 11:24 - 2014-09-15 13:55 - 0000151 _____ () C:\Users\Sarah\AppData\Roaming\WB.CFG
2013-10-19 11:24 - 2014-01-13 18:14 - 0000005 _____ () C:\Users\Sarah\AppData\Roaming\WBPU-TTL.DAT
2012-01-05 00:10 - 2012-01-05 00:10 - 0000236 _____ () C:\Users\Sarah\AppData\Local\LaunchHomeCenter.log
2013-08-02 16:26 - 2013-08-02 16:26 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 18:04
 
==================== End Of Log ============================

  • 0

#4
busymomof4kids

busymomof4kids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Sarah at 2015-05-03 16:07:35
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2789968882-3570388344-1764720213-500 - Administrator - Disabled)
Guest (S-1-5-21-2789968882-3570388344-1764720213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2789968882-3570388344-1764720213-1003 - Limited - Enabled)
Sarah (S-1-5-21-2789968882-3570388344-1764720213-1001 - Administrator - Enabled) => C:\Users\Sarah
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{72927D2A-ADEF-786D-91E3-06CEFD60D107}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PC HealthBoost 3.0.5 (HKLM-x32\...\PCHealthBoost_is1) (Version: 3.0.5 - Boost Software Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.07.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.1.17 - iolo technologies, LLC)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
XFINITY Toolbar (HKLM-x32\...\xfin_portal) (Version: 4.1.0.14 - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
17-09-2014 14:41:40 Windows Update
18-09-2014 06:29:34 Windows Update
27-09-2014 15:17:10 Windows Update
28-09-2014 20:32:50 Removed Java 7 Update 60
28-09-2014 20:35:44 Removed Java 7 Update 60
28-09-2014 20:59:15 Installed Java 7 Update 67 (64-bit)
03-05-2015 14:33:40 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-10-15 11:16 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {23C99716-438E-483F-BB05-277C3A9BF959} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {29E3AC1A-C7C8-45CB-8BD9-AE65DC28D23D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.)
Task: {36215A46-4F98-47E6-84EE-7164A4DA8810} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {37DCC5AE-E108-4B1D-AF4D-A5E8DBFA7D79} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2015-05-03] ()
Task: {5E601138-2C69-46BB-BB66-A45744F6450A} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6B7EB406-7624-400A-B6E5-F04783622ACE} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {768EBF20-99F2-4C76-B5FE-572358C6B7F2} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {96BF8A59-FA09-4DE7-997B-0076E665918B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {AFBC1ACA-DA6C-4CAB-A85C-A5BD44B0A46E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {C2A83697-7519-402A-80BD-BED9DF09BE05} - System32\Tasks\PCHB_WaitAndStartAfter => \PCHealthBoost.exe
Task: {CAA1668F-88DF-456F-8D53-877009DB860B} - \User_Feed_Synchronization-{9603BC86-A81E-4F00-97E9-24E3BAAE7AF6} No Task File <==== ATTENTION
Task: {EB124D1E-3B79-45E6-B479-04894E72DB69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001Core.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789968882-3570388344-1764720213-1001UA.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-06-17 01:20 - 2011-06-17 01:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-06-17 01:20 - 2011-06-17 01:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-17 01:08 - 2011-06-17 01:08 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 16:42 - 2011-06-17 16:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-16 14:02 - 2009-04-16 14:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-09-12 12:14 - 2014-09-03 23:01 - 01098056 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 12:14 - 2014-09-03 23:01 - 00174408 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 12:14 - 2014-09-03 23:01 - 08577864 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 12:14 - 2014-09-03 23:01 - 00331592 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 12:14 - 2014-09-03 23:01 - 01660232 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-22 16:30 - 2014-09-22 16:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2789968882-3570388344-1764720213-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{257BEA93-44F1-4EFC-8FE7-D8FE4E83F32D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{37F7D1FD-F66F-4608-B5AC-74F900F6E0B8}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{BF6CD862-F9AF-4DB1-9FFF-6458F9632095}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{F72CB198-A78D-4DE3-8923-17B2D90F4F03}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{373543E5-BA7B-45EC-BF0D-15EA125205AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B927E893-5945-4FD8-9A0B-822F522DB4A1}] => (Allow) LPort=2869
FirewallRules: [{2A6B30AD-3CC1-42E3-AA70-FC5B9C7FB543}] => (Allow) LPort=1900
FirewallRules: [{350BF55D-EA32-4378-9006-5E27F5D9CDB7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6D3559FA-E5DA-4DBD-A0DF-F5B0FC110EED}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{90A234B8-315D-446A-BE3D-947BA22AA9C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4581D128-4E94-4BDD-84AC-1A43FA39CCA2}] => (Allow) LPort=443
FirewallRules: [{1FDE346B-04A2-4AE7-98AC-116363358593}] => (Allow) LPort=443
FirewallRules: [{3CCD1014-E415-4FC7-9E2B-01F925CECE01}] => (Allow) LPort=37674
FirewallRules: [{D4CAE1E6-7066-4B65-BB0B-02E9CC797322}] => (Allow) LPort=37674
FirewallRules: [{CA652795-EB04-4C75-B074-AF6A1C6CCBDF}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{373E567C-2A26-42A6-8191-CD4D2A8261AA}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{BB2F45C3-4CDE-4C50-B4C3-25ECA69EDE21}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{C707BD98-743E-468A-BE01-6DC529F4C981}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{F47E7CD1-1873-4674-99F9-FF57358A8FD9}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{1EFFF066-8A65-454A-BC27-A718967E166A}] => (Allow) LPort=5353
FirewallRules: [{D38EA918-F999-4CFE-A2BE-61D178799F65}] => (Allow) LPort=9322
FirewallRules: [{A9AD2057-69D7-40EF-AB51-6A96A71DB7C6}] => (Allow) LPort=5353
FirewallRules: [{1368A328-FFD0-4F20-810F-0C20D9721A73}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{7E9B3960-CD60-43EB-BABC-60018D50CC71}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{56E1DC14-21B2-4AC0-A06E-C9CB164A5DF9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{735C9DE1-69C3-407D-817E-FF5B427DD5EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE2CE27C-1ADC-4D90-8BCB-88C3C11A38B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDB72B11-607D-4FEB-A531-C10C7B5357F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A282DC7F-EEC1-4FF1-BEDC-64CC7EF6A961}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{27C66848-27D7-42D5-AEE6-1DE9CE5773A3}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{513CC0D1-E819-4F4C-8216-E00289DB405E}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{0C8DA4C0-D066-4A7C-9CB3-131F31C3DCCE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{51C37CCC-AB95-4CEA-B293-785D6B15D4A3}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A91D0299-DC69-4452-9820-FCF0527E3182}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F71A346C-E757-40F8-89A3-8DC058A4DF88}] => (Allow) C:\Program Files (x86)\xfin_portal\dtuser.exe
FirewallRules: [{CA07058E-89C2-4F80-B899-6E45CE79E8AB}] => (Allow) C:\Program Files (x86)\xfin_portal\dtuser.exe
FirewallRules: [{AD6D85BA-1314-4D08-A482-477AA1F04D65}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{63DC7B57-F3E3-49B1-8F5A-DD6B82698FCF}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/03/2015 03:49:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile.
 
Error: (05/03/2015 03:49:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (05/03/2015 03:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 03:38:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (05/03/2015 03:38:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (05/03/2015 03:29:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile.
 
Error: (05/03/2015 03:29:33 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (05/03/2015 03:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 03:16:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (05/03/2015 03:16:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
 
System errors:
=============
Error: (05/03/2015 03:44:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (05/03/2015 03:40:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
%%2
 
Error: (05/03/2015 03:37:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:36:31 PM on ‎5/‎3/‎2015 was unexpected.
 
Error: (05/03/2015 03:18:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
%%2
 
Error: (05/03/2015 02:41:27 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (05/03/2015 02:40:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (05/03/2015 01:45:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (05/03/2015 08:06:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
 
Error: (09/28/2014 08:47:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
%%2
 
Error: (09/28/2014 08:17:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (05/03/2015 03:49:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile.
 
Error: (05/03/2015 03:49:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (05/03/2015 03:39:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 03:38:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (05/03/2015 03:38:36 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (05/03/2015 03:29:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile.
 
Error: (05/03/2015 03:29:33 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (05/03/2015 03:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 03:16:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (05/03/2015 03:16:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0061-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
 
==================== Memory info =========================== 
 
Processor: AMD C-50 Processor
Percentage of memory in use: 88%
Total physical RAM: 1642.91 MB
Available physical RAM: 192.84 MB
Total Pagefile: 3285.81 MB
Available Pagefile: 559.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:214.16 GB) (Free:153.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.56 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 16CC72E1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=214.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

How long have you been using Comcast ? There maybe additional unneeded security--> Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast). I'm looking into it and considering removing it as I don't see much Malware so far. Norton security should take care of everything without the need for additional security packages.

Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll No File
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
BHO-x32: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx.dll No File
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2789968882-3570388344-1764720213-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {CAA1668F-88DF-456F-8D53-877009DB860B} - \User_Feed_Synchronization-{9603BC86-A81E-4F00-97E9-24E3BAAE7AF6} No Task File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Post the
    fixlog.txt
    AdwCleaner [SO].TXT

  • 0

#6
busymomof4kids

busymomof4kids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

The laptop hasn't been used for a while, but we've had comcast for quite a while.  


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
OK,

Please do the other things requested, the fix and run adwCleaner and post the logs.
  • 0

#8
busymomof4kids

busymomof4kids

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

I'm trying to run the frst but it's not letting me.


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
OK.

Make sure you save the code in the code box to the desktop and name it fixlist.txt

Then
Right click on FRST to open;
index_zpsae74eeb3.png

Click the fix button;
frst.JPG

After fix has run a few seconds, look for fixlog.txt on your desktop.
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP