1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Svchost.exe Extreme Memory Usage Crashes Computer When Computer Idle

Discussion in 'Virus & Other Malware Removal' started by prestonjjrtr, Sep 27, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    Svchost.exe Extreme Memory Usage Crashes Computer When Computer Idle
    I am currently experiencing a problem that started just a few days ago where the svchost.exe process keeps taking up memory on my computer even when the computer is idle and continues to grow to taking up to 99% of memory before it crashes/freezes the computer and it has to be restarted several times a day to clear the memory back down. However sometimes when I restart the computer within an hour or a couple of hours or sometimes less the memory will get exhausted again.

    One special note is that since my Windows 7 OS was preinstalled on my HP computer, I do not have access to the original Windows DVD and the DVD drive on my computer is currently broken and is unable to be used.

    I downloaded the TSG SysInfo tool and the FRST tool with the following results.

    I was able to download the FRST tool and I have the following results, so hopefully this will help someone to be able to help me with this problem it seems to be getting worse as time goes on eating up memory.

    Thanks for your help, time and efforts it is appreciated and here is the TSG SysInfo and the following 2 logs from FRST:


    Here is the TSG SysInfo

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 8
    RAM: 8174 Mb
    Graphics Card: AMD Radeon HD 6570, 1024 Mb
    Hard Drives: C: Total - 1418945 MB, Free - 1015688 MB; D: Total - 11750 MB, Free - 1437 MB;
    Motherboard: PEGATRON CORPORATION, 2AC2
    Antivirus: AVG Internet Security 2012, Updated and Enabled


    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2014
    Ran by Joellen at 2014-09-26 19:04:45
    Running from C:\Users\Joellen\Desktop
    Boot Mode: Normal
    ==========================================================
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: AVG Internet Security 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AS: AVG Internet Security 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 (Enabled) {621CC794-9486-F902-D092-0484E8EA828B}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ATI Catalyst Install Manager (HKLM\...\{9A6AD916-D45D-1D1C-E2C0-A0402F511999}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
    ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
    AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
    AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
    AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
    Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0113.2337.42366 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Czech (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Danish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help English (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help French (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help German (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Greek (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Italian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Korean (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Polish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Russian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    CCC Help Thai (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
    ccc-core-static (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
    ccc-utility64 (Version: 2011.0113.2337.42366 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.2615 - CyberLink Corp.)
    CyberLink PowerDVD 10 (x32 Version: 10.0.1.2615 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    H&R Block Standard 2011 (HKLM-x32\...\{5C52EC19-3B77-4B03-BBE8-E7F58ED92D73}) (Version: 11.01.6901 - HRB Technology, LLC.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
    HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.4 - Hewlett-Packard)
    HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
    HP Product Detection (HKLM-x32\...\{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}) (Version: 11.10.1000 - HP)
    HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
    Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
    HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
    Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
    Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
    Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SMART-ER (HKLM-x32\...\{AA3A6E2F-2A2D-43FC-9EBC-AB0FBA4B1DA7}) (Version: 2.0.0.4 - Apricorn)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.21 - WildTangent) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-772605068-1663628801-3090605291-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
    ==================== Restore Points =========================
    25-04-2014 07:42:04 Scheduled Checkpoint
    03-05-2014 07:42:09 Scheduled Checkpoint
    11-05-2014 07:56:58 Scheduled Checkpoint
    19-05-2014 07:14:07 Scheduled Checkpoint
    27-05-2014 07:45:39 Scheduled Checkpoint
    04-06-2014 07:34:40 Scheduled Checkpoint
    12-06-2014 06:57:33 Scheduled Checkpoint
    19-06-2014 07:35:34 Scheduled Checkpoint
    26-06-2014 07:58:28 Scheduled Checkpoint
    04-07-2014 06:22:02 Scheduled Checkpoint
    11-07-2014 06:22:48 Scheduled Checkpoint
    18-07-2014 07:06:28 Scheduled Checkpoint
    26-07-2014 07:41:59 Scheduled Checkpoint
    02-08-2014 12:53:27 Windows Update
    10-08-2014 05:52:35 Scheduled Checkpoint
    17-08-2014 08:02:49 Scheduled Checkpoint
    25-08-2014 05:38:57 Scheduled Checkpoint
    01-09-2014 07:42:19 Scheduled Checkpoint
    09-09-2014 10:36:06 Scheduled Checkpoint
    17-09-2014 07:38:27 Scheduled Checkpoint
    24-09-2014 07:50:47 Scheduled Checkpoint
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {03375BF4-FD5A-48E9-9C39-B82D8181D26E} - System32\Tasks\HPCeeScheduleForJoellen => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {09050E82-910C-4ECB-BA76-E9BB0B58A81A} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe [2009-02-27] ()
    Task: {18E22D66-7131-4A01-BDD7-EE8403E5DFE2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{89ADA0F2-0C46-4DC7-9244-1058ADC3DA00}.exe
    Task: {19DDD9B1-A1DC-42D3-9AD8-1D3CB6749946} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {2F09C407-EE2E-4D62-B0F5-88CADACC268A} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: {3BE86E4C-F291-46E8-BBC7-F97CDA75437E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {8E3C11C4-600B-4E27-BC2C-CA64681F2956} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {8E4AAF37-6EB1-4DD7-8B55-2A85040D2723} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)
    Task: {98133CAC-D151-4CD9-9043-658CED114553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)
    Task: {AEDD60B2-583A-467C-8B63-E030795CBBCB} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
    Task: {BBB23748-2A86-4834-A050-F6C8E49237D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {E2CF1F4A-6FD3-4196-BBA6-E11E7594462D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {EFB7AA85-32A2-4E3F-9383-708FF4E1B8AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{89ADA0F2-0C46-4DC7-9244-1058ADC3DA00}.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForJoellen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    ==================== Loaded Modules (whitelisted) =============
    2011-04-20 04:13 - 2009-02-27 21:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
    2011-04-20 04:13 - 2009-02-19 19:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
    MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    ========================= Accounts: ==========================
    Administrator (S-1-5-21-772605068-1663628801-3090605291-500 -> Administrator - Disabled - Status: Degraded)
    Guest (S-1-5-21-772605068-1663628801-3090605291-501 -> Limited - Disabled - Status: Degraded)
    HomeGroupUser$ (S-1-5-21-772605068-1663628801-3090605291-1002 -> Limited - Enabled - Status: OK)
    Joellen (S-1-5-21-772605068-1663628801-3090605291-1000 -> Administrator - Enabled - Status: OK) => C:\Users\Joellen
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (09/26/2014 06:42:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 1198
    Start Time: 01cfd9e2d0750604
    Termination Time: 156
    Application Path: C:\Users\Joellen\Desktop\dds.com
    Report Id:
    Error: (09/26/2014 06:23:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 2e7c
    Start Time: 01cfd9e024d3af75
    Termination Time: 0
    Application Path: C:\Users\Joellen\Desktop\dds.com
    Report Id:
    Error: (09/26/2014 06:13:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 2a5c
    Start Time: 01cfd9dbf98f94cf
    Termination Time: 0
    Application Path: C:\Users\Joellen\Desktop\dds.com
    Report Id:
    Error: (09/26/2014 05:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: 1840
    Start Time: 01cfd9da99ca8ddf
    Termination Time: 0
    Application Path: C:\Users\Joellen\Downloads\dds.com
    Report Id:
    Error: (09/26/2014 00:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/26/2014 01:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
    Error: (09/26/2014 00:18:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/25/2014 10:48:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/25/2014 09:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/25/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).
    System errors:
    =============
    Error: (09/26/2014 00:49:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Power service terminated with the following error:
    %%4203
    Error: (09/26/2014 00:49:27 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:46:55 PM on ‎9/‎26/‎2014 was unexpected.
    Error: (09/26/2014 09:48:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    Error: (09/26/2014 08:29:20 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (09/26/2014 08:29:10 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (09/26/2014 08:29:00 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (09/26/2014 08:28:50 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
    Description: A new BITS job could not be created. The current job count for the user Joellen-HP\Joellen (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
    Error: (09/26/2014 00:17:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Power service terminated with the following error:
    %%4203
    Error: (09/25/2014 10:47:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Power service terminated with the following error:
    %%4203
    Error: (09/25/2014 10:47:30 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:45:04 PM on ‎9/‎25/‎2014 was unexpected.
    Microsoft Office Sessions:
    =========================
    Error: (09/26/2014 06:42:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: dds.com2012.11.20.1119801cfd9e2d0750604156C:\Users\Joellen\Desktop\dds.com
    Error: (09/26/2014 06:23:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: dds.com2012.11.20.12e7c01cfd9e024d3af750C:\Users\Joellen\Desktop\dds.com
    Error: (09/26/2014 06:13:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: dds.com2012.11.20.12a5c01cfd9dbf98f94cf0C:\Users\Joellen\Desktop\dds.com
    Error: (09/26/2014 05:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: dds.com2012.11.20.1184001cfd9da99ca8ddf0C:\Users\Joellen\Downloads\dds.com
    Error: (09/26/2014 00:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/26/2014 01:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD _NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
    Error: (09/26/2014 00:18:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/25/2014 10:48:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/25/2014 09:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (09/25/2014 07:00:11 PM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF)
    ==================== Memory info ===========================
    Processor: Intel® Core™ i7-2600S CPU @ 2.80GHz
    Percentage of memory in use: 66%
    Total physical RAM: 8174.54 MB
    Available physical RAM: 2722.32 MB
    Total Pagefile: 16347.25 MB
    Available Pagefile: 11352.4 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:1385.69 GB) (Free:994.66 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.48 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ==================== End Of Log ============================



    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
    Ran by Joellen (administrator) on JOELLEN-HP on 26-09-2014 19:03:44
    Running from C:\Users\Joellen\Desktop
    Loaded Profile: Joellen (Available profiles: Joellen)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Apricorn) C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\WINDOWS LIVE\WLIDSVCM.EXE
    () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Apricorn) C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
    HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
    HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
    HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
    HKU\S-1-5-21-772605068-1663628801-3090605291-1000\...\MountPoints2: {da0afe8d-b1dd-11e0-b87e-e069958d31c5} - J:\unlock.exe autoplay=true
    HKU\S-1-5-21-772605068-1663628801-3090605291-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-772605068-1663628801-3090605291-1000\$ac4e1da0b1b31fd6d68092d262c633d8\n. ATTENTION! ====> ZeroAccess?
    HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe -update activex
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SMART-ER.lnk
    ShortcutTarget: SMART-ER.lnk -> C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER.exe (Apricorn)
    BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/sch/ebayadvsearch/?rt=nc
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM-x32 - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKCU - DefaultScope {EC2F27A6-B3A7-44D4-843C-9815A218BEF9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={ outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKCU - {26528B36-1695-4908-84F2-6E570AAAAB86} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKCU - {EC2F27A6-B3A7-44D4-843C-9815A218BEF9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={ outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\np HDPlg.dll (Hulu LLC)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected] ] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
    FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
    FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
    FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-05-17]
    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
    R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
    R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
    R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 SMART-ERService; C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER Service.exe [69632 2007-06-04] (Apricorn) [File not signed]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
    R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
    S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Western Digital Technologies) [File not signed]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-09-26 19:03 - 2014-09-26 19:04 - 00019078 _____ () C:\Users\Joellen\Desktop\FRST.txt
    2014-09-26 19:02 - 2014-09-26 19:03 - 00000000 ____D () C:\FRST
    2014-09-26 18:57 - 2014-09-26 18:57 - 02108928 _____ (Farbar) C:\Users\Joellen\Desktop\FRST64.exe
    2014-09-26 18:35 - 2014-09-26 18:35 - 00688992 ____R (Swearware) C:\Users\Joellen\Desktop\dds.com
    2014-09-26 08:28 - 2014-09-26 08:28 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{938A3FFE-B0DD-4F38-81F4-4FF1B2AA9598}
    2014-09-25 18:45 - 2014-09-25 18:45 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A5D48C46-4F55-47A7-B079-A5F2E597E483}
    2014-09-24 22:54 - 2014-09-24 22:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{2861F21E-3B2E-4730-BFB6-37F6D042F764}
    2014-09-24 10:23 - 2014-09-24 10:24 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{93311B44-BA5F-446A-B882-DE11A3194EE1}
    2014-09-23 14:55 - 2014-09-23 14:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{516377B2-3447-469B-88DD-2E277B0BB91D}
    2014-09-23 12:29 - 2014-09-23 12:29 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{E3721974-C993-49D7-98D6-27BC43AEDE79}
    2014-09-22 22:43 - 2014-09-22 22:43 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{61D59652-81C1-4FE5-8703-0DAA8E77C0B6}
    2014-09-22 08:22 - 2014-09-22 08:22 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{0BD8F765-E9E6-4069-AE15-8E951928250E}
    2014-09-21 14:11 - 2014-09-21 14:12 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{7DEFDDCA-C5B9-4491-B71C-11E2C56EC4CD}
    2014-09-20 23:52 - 2014-09-20 23:52 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{6D1B23E6-04B4-4F2F-8BC6-0211419FC484}
    2014-09-20 10:35 - 2014-09-20 10:35 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D14E23A3-CE45-46F0-9256-4CF965CF2F05}
    2014-09-19 16:14 - 2014-09-19 16:14 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D018C90B-C84B-4F18-9E82-B86CE47818FF}
    2014-09-19 01:15 - 2014-09-19 01:15 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{4961141D-9D1B-4F70-8F9D-FB4ACBE25656}
    2014-09-18 09:03 - 2014-09-18 09:03 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{F8FD7AC9-6F6E-4375-A0FD-EA82025F68CB}
    2014-09-17 12:15 - 2014-09-17 12:15 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{FAECF297-B5FA-4068-8A6C-8CB483F33B1F}
    2014-09-16 23:53 - 2014-09-16 23:53 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{AC3938CA-003A-4C82-9EE0-A605188ECBA5}
    2014-09-16 11:52 - 2014-09-16 11:52 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{9D069F99-5C67-4DFF-B793-88F419F8757E}
    2014-09-15 23:10 - 2014-09-15 23:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{060DF96C-335B-4F0C-A610-21757EC3260C}
    2014-09-15 22:54 - 2014-09-18 18:06 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
    2014-09-15 09:02 - 2014-09-15 09:02 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{CCA23A61-2B75-4D81-AB14-7DE539CFEB11}
    2014-09-15 00:41 - 2014-09-15 00:41 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{FC5E7974-9D71-4667-9C54-3E65D473EF34}
    2014-09-14 12:10 - 2014-09-14 12:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{659865E8-2CEB-43E9-BC91-135741087D89}
    2014-09-13 23:33 - 2014-09-13 23:33 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{4D9EFA65-C7A5-4FAC-9064-780B9FC010B2}
    2014-09-13 11:04 - 2014-09-13 11:04 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{D85BD238-6C71-4E8F-8238-B30ED4CA7A3B}
    2014-09-12 16:48 - 2014-09-12 16:48 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A8FDF811-EE0D-4D5B-967F-DEDEE4A3CB8B}
    2014-09-12 13:58 - 2014-09-12 13:58 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{64AE8A54-5093-4D9A-8795-86694164E997}
    2014-09-12 00:55 - 2014-09-12 00:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{15E05FA6-B470-4ED4-A1B6-EB305EE2B2E9}
    2014-09-11 12:26 - 2014-09-11 12:26 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{482D0531-55F9-4E4C-BBD1-91D8FBBBCF99}
    2014-09-10 12:07 - 2014-09-10 12:07 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{DACE4988-710E-47B8-85C5-628A71A9672A}
    2014-09-09 21:05 - 2014-09-09 21:05 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{6F8D5060-3D96-498D-AF1A-4B4363523260}
    2014-09-09 08:59 - 2014-09-09 08:59 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{CD27989C-7F4D-452F-9F82-1354E404819D}
    2014-09-08 18:46 - 2014-09-08 18:46 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{1EF3D394-B38C-4E39-B8A2-D453D0DD13EA}
    2014-09-08 06:19 - 2014-09-08 06:19 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A2D4605C-9307-43DA-83AD-FA1342B69E02}
    2014-09-07 12:48 - 2014-09-07 12:48 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{DF96D145-9703-456D-B4D0-725C35FEB5F1}
    2014-09-06 13:09 - 2014-09-06 13:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{EC61BF4C-DC4B-41D7-9C35-8621144FB58B}
    2014-09-06 00:42 - 2014-09-06 00:42 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{3A4DDB6E-43E5-4718-9E6F-8328571A7294}
    2014-09-05 12:15 - 2014-09-05 12:16 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{99567531-1F71-4CD2-A617-475409684C6B}
    2014-09-04 15:40 - 2014-09-04 15:41 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{50A8CF66-B483-4E00-9BB8-BBE6E2A2C7CA}
    2014-09-04 03:31 - 2014-09-04 03:31 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{48F749EC-6C39-44C6-A299-CA50DBBA3999}
    2014-09-03 13:02 - 2014-09-03 13:02 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{F83E54D3-4E1A-4170-A51B-3532891E0B65}
    2014-09-02 20:40 - 2014-09-02 20:40 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{55C1C7CA-DCD9-4EBD-B1E1-7CF95EE44615}
    2014-09-02 08:06 - 2014-09-02 08:07 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{7A4779D4-7890-4D20-A416-E7F54F660327}
    2014-09-01 13:33 - 2014-09-01 13:33 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{65FA8911-BAE6-4077-941B-8BB6BF6586B7}
    2014-09-01 00:16 - 2014-09-01 00:16 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{84863774-9BC2-4B32-BDDC-7294BDFA0720}
    2014-08-31 04:06 - 2014-08-31 04:06 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{A51DAF75-38D9-4F5F-A0B4-F499F1F3AE61}
    2014-08-30 13:18 - 2014-08-30 13:18 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{2EDF0D1B-8D1B-4844-86A1-A7251DEB005D}
    2014-08-29 21:55 - 2014-08-29 21:55 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{BA4F9CE5-33D8-4576-9E99-09561B8F9C8F}
    2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{66E167A5-7DF6-41F6-B5A9-9177F3914BC8}
    2014-08-28 21:09 - 2014-08-28 21:10 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{3F8BB77E-579F-4E40-8E2C-B985BE0EFC87}
    2014-08-27 12:14 - 2014-08-27 12:14 - 00000000 ____D () C:\Users\Joellen\AppData\Local\{9C416E17-B15F-49C7-9A19-70060F2EA137}
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-09-26 12:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-26 12:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-26 12:53 - 2011-07-14 23:06 - 01902097 _____ () C:\Windows\WindowsUpdate.log
    2014-09-26 12:49 - 2013-06-02 23:01 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2014-09-26 12:49 - 2013-01-22 02:52 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
    2014-09-26 12:49 - 2011-04-20 04:20 - 00000000 ____D () C:\ProgramData\PDFC
    2014-09-26 12:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-26 12:49 - 2009-07-13 23:51 - 00058447 _____ () C:\Windows\setupact.log
    2014-09-26 11:25 - 2011-07-14 23:07 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
    2014-09-26 02:11 - 2011-10-28 20:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-09-26 02:11 - 2011-07-15 13:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-09-25 21:05 - 2011-07-19 01:17 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\SoftGrid Client
    2014-09-25 00:33 - 2011-07-17 23:32 - 00000000 ____D () C:\Users\Joellen\AppData\Local\CrashDumps
    2014-09-23 21:16 - 2012-02-05 19:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-09-23 02:04 - 2014-05-30 02:06 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJoellen
    2014-09-23 02:04 - 2014-05-30 02:06 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJoellen.job
    2014-09-22 00:08 - 2009-07-14 00:13 - 00780156 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-19 10:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-09-18 18:06 - 2014-07-17 07:46 - 00000000 ____D () C:\ProgramData\Virtualized Applications
    2014-09-15 23:09 - 2011-07-19 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
    2014-09-15 23:02 - 2012-04-22 15:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-15 23:02 - 2011-07-24 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-08-28 18:19 - 2011-07-19 01:17 - 00000000 ____D () C:\Users\Joellen\AppData\Roaming\TP
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-772605068-1663628801-3090605291-1000\$ac4e1da0b1b31fd6d68092d262c633d8
    Some content of TEMP:
    ====================
    C:\Users\Joellen\AppData\Local\Temp\avguidx.dll
    C:\Users\Joellen\AppData\Local\Temp\CommonInstaller.exe
    C:\Users\Joellen\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\Joellen\AppData\Local\Temp\iGearedHelper.dll
    C:\Users\Joellen\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Joellen\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
    C:\Users\Joellen\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
    C:\Users\Joellen\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\Joellen\AppData\Local\Temp\Resource.exe
    C:\Users\Joellen\AppData\Local\Temp\sp53904.exe
    C:\Users\Joellen\AppData\Local\Temp\sp54931.exe
    C:\Users\Joellen\AppData\Local\Temp\sp58915.exe
    C:\Users\Joellen\AppData\Local\Temp\sp64126.exe
    C:\Users\Joellen\AppData\Local\Temp\ToolbarInstaller.exe
    C:\Users\Joellen\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Joellen\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Joellen\AppData\Local\Temp\UninstallHPTCA.exe
    C:\Users\Joellen\AppData\Local\Temp\~Unta13.exe
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll
    [2010-11-20 22:24] - [2010-11-20 22:24] - 0528384 ____A (Microsoft Corporation) 897248AC2316B2C22589E01549B821F6
    ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
    LastRegBack: 2014-09-26 01:03
    ==================== End Of Log ============================
     
  2. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hello prestonjjrtr, welcome to Tech Support Guy's Malware Removal forum!

    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that. :)

    ======================================================

    Please read through the points below to ensure this process moves as quickly and efficiently as possible.
    • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
    • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
    • Please backup important documents before proceeding with my instructions.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.

    ======================================================

    Your computer is heavily infected. Unfortunately, I must issue you the following warning. Please let me know how you wish to proceed.

     
  3. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    Hi Adam, thanks so much for getting back to me so quickly, it is appreciated. My name is Jo

    I would like to proceed, but I am not tech savvy enough to reformat the computer and reinstall the original software. Hopefully we can at least get the malware/viruses off the computer for me. We shouldn't have much that has been compromised.

    I've attached a snapshot of the taskmanager showing the svchost.exe that keeps increasing so now my memory is at 89% and I only have this IE window open running on the computer.
     

    Attached Files:

  4. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Nice to meet you, Jo.

    Lets start with the following.

    [​IMG] Farbar Recovery Scan Tool (FRST) Search
    • Right-Click FRST64.exe and select [​IMG] Run as administrator to run the programme.
    • Type the following text into the Search: textbox:
    • Click on the Search File(s) button.
    • Upon completion, a log (Search.txt) will be open, and saved in the same location as FRST.exe.
    • Copy the contents of the log and paste in your next reply.
     
  5. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    Adam, does this search take a long time to complete ? I've been running it for 22 minutes and it is still running. Please let me know. Thanks, just wondering if I should be concerned about the time it is taking.

    Do I have to close everything to run this search ? Right now I have the Task Manager and his IE page open while the FRST search is running.
     
  6. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Please go ahead and close FRST, then re-open the programme and re-run the search.
     
  7. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    I closed the original FRST search program, then I closed my internet program and the task manager. Next I reopened FRST and reran the search, but it doesn't seem like it wants to complete. I've run it for 23 minutes and it is still searching. Any ideas ? Should I disable my AVG or should I uninstall FRST 64bit and reinstall it ? Do you have a link to the FRST 64 bit program that I should reinstall ? Let me know what you think. Thanks again !
     
  8. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hi Jo,

    We'll try it a different way. Close FRST and do the following.
    If this programme doesn't complete within a reasonable time, let me know.

    [​IMG] SystemLook
    • Please download SystemLook (x64) and save the file to your Desktop.
    • Right-Click SystemLook_x64.exe and select [​IMG] Run as administrator to run the programme.
    • Copy the entire contents of the codebox below and paste into the textfield (do not include the word "Quote").
    • Click the [​IMG] button to start the scan.
    • Upon completion, a log (SystemLook.txt) will automatically open. Copy the contents of the log and paste in your next reply.
    • Click the [​IMG] button.
     
  9. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    Adam, I downloaded SystemLook without any trouble, however, the same happened when I ran the Look, after 16 minutes there wasn't any results, so I closed the program. Next I disabled my AVG software just in case that was interfering with the scan. Then I reran the Look search and let it run for 25 minutes. It just would never complete the search. It did create an initial log file when I started the look search, but never completed so there is no information in the log.

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:16 on 27/09/2014 by Joellen
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for " *rpcss.dll* "

    Let me know what I should do. Thanks again, Jo
     
  10. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Sorry Jo, that didn't work. There is a trailing space before and after *rpcss.dll*.
    Please ensure the text looks exactly like:

    :filefind
    *rpcss.dll*
     
  11. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    Adam, I tried running the systemlook again for 20 minutes and still ran into the same problem where the program will never complete. Here is the preliminary log:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:52 on 27/09/2014 by Joellen
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "*rpcss.dll*"
     
  12. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hi Jo,

    Here's the problem. One of your System Files is patched:
    We need to search for a replacement, but two of our methods to do so are acting up.
    We're going to switch things around, and use a more automatic approach.

    STEP 1
    [​IMG] ComboFix
    • Note: Please read through these instructions before running ComboFix.
    • Please download ComboFix and save the file to your Desktop. << Important!
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click ComboFix.exe and select [​IMG] Run as administrator to run the programme.
    • Follow the prompts.
    • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
    • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
    • Re-enable your anti-virus software.

    Important Notes:
    • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
    • Do NOT use your computer whilst ComboFix is running.
    • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.

    • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
    • ComboFix will disconnect your machine from the Internet as soon as it starts.
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If you are unable to access the Internet after running ComboFix, please reboot your computer.

    ======================================================

    STEP 2
    [​IMG] Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
    • ComboFix.txt
     
  13. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    I've read your above instructions and was looking at a guide on using Combofix. The one problem that I may encounter if I try to download and use the Combofix.exe is that if it is unable to install the Windows Recovery Console and I have to manually install the Windows Recovery Console for Windows 7 I will be unable to do that since Windows 7 came preinstalled on my computer from HP and I do not have a Windows 7 DVD to use to install it. In addition, my dvd drive on my computer is broken and unusable. Is there a different download besides Combofix that we can use to get the information that you need or to fix it ??? Please let me know. Thanks so much for getting back to me so quickly it is truly appreciated.
     
  14. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hello Jo,

    Windows 7 does not and cannot have a Recovery Console. This only applies to Windows XP.
    The Recovery Console was replaced with the System Recovery Environment in Windows Vista and upwards. Your machine has a Recovery Environment, so there is nothing to worry about.

    ComboFix is our best option. But if you would still prefer to avoid the programme, please let me know.
     
  15. prestonjjrtr

    prestonjjrtr Thread Starter

    Joined:
    Aug 12, 2008
    Messages:
    20
    Thanks Adam, I didn't realize that. Anything else I should be concerned about before I run the Combofix ?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Svchost Extreme Memory
  1. lanemom
    Replies:
    36
    Views:
    4,105
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1134440

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice