1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows 7 Running Slow

Discussion in 'Virus & Other Malware Removal' started by sawtoothgrin, Jan 20, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    HP 2000 Notebook
    Windows 7 Home Premium 64 bit
    Service Pack 1
    AMD E-350 Processor 1.6GHz
    3gigs RAM

    A friend of mine recently asked me to take a look at his laptop as it was running very slow. I installed/ran avast!, malwarebytes, superantispyware and Ccleaner which significantly sped up the computer. It still feels like it's running a bit slow to me and at this point I'm out of my league. It's still seems to be slow on startup and when initially opening programs. I'd appreciate it if the community wouldn't mind taking a look to see if there are any changes that would help speed things up.

    I saw this thread, http://forums.techguy.org/windows-7/1117712-windows-7-extremely-slow.html , from a few days ago and followed most of the instructions (without doing any of the actual removal/changes). I've got the Adwcleaner log, msconfig startup item list and services.msc automatic/delayed lists if requested. The only program I didn't install/run was SystemLook.exe because I wasn't sure if it was necessary as it was mentioned to specifically remove NCH Software.

    Please let me know how to proceed and thank you for your help.
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    It isn't wise to follow other threads as a slow PC can have hundreds of different remedies.

    I would advise you never to use any kind of Registry Cleaner as they can cause more problems than they fix.

    Was the system being used without an Anti Virus? You say you installed Avast, if it already had another Anti Virus you should remove all but one as multiple Anti Virus programs will slow the system down and reduce its security level.

    Was the last scan with Adwcleaner free of any detections, if not please post it.

    How long is the startup, time it with a watch to the point where hard drive activity drops to idle.

    This system is running 64bit Windows with a slow processor and only 3GB of Ram so it is never going to run all that quickly. What version and bit rate of Windows is shown on the COA sticker.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,764
    First Name:
    Frank
    Go ahead and submit those lists so we can determine if that computer's startup load can be reduced.

    The HP 2000 series notebook appears to support up to 8 GB of RAM.

    Since it's running Windows 7 64-bit, you might consider adding another 1 GB or maxing it out to 8 GB.

    ----------------------------------------------------------
     
  4. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    It was running an outdated antivirus and that was uninstalled and replaced with avast! antivirus.

    Total boot time from power on until hard drive drops to idle: 1:21

    MSConfig

    Adobe Acrobat
    Adobe Reader and Acrobat Manager
    Apple Push
    avast! Antivirus
    Catalyst Control Center
    EPSON Status Monitor 3
    HP On Screen Display
    HP Quick LaunchHPWireless Assistant
    iTunes
    Java(TM) Platform SE Auto Updater
    Logitech Download Assistant
    PictureMover Application
    QuickTime
    Realtek HD Audio Manager
    SUPERAntiSpyware
    Synaptics Pointing Device Driver

    services.msc

    Automatic:

    Adobe Acrobat Update Service
    AMD External Events Untility
    AMD FUEL Service
    AMD Reservation Manager
    Andrew RT Filters Service
    Apple Mobile Device
    Application Virtualization Client
    avast! Antivirus
    Base Filtering Engine
    Bonjour Service
    Client Virtualization Handler
    COM+ Event System
    Cryptographic Services
    DCOM Server Process Launcher
    Desktop Window Manager Session Manager
    DHCP CLient
    Diagnostic Policy Service
    Distributed Link Tracking Client
    DNS Client
    Encrypting File System (EFS)
    Group Policy Client
    HP Client Services
    HPWMISVC
    IconMan_R
    IKE and AuthIP IPsec Keying Modules
    Internet Connection Sharing (ICS)
    IP Helper
    Multimedia Class Scheduler
    Network Location Awareness
    Network Store Interface Service
    Plug and Play
    Power
    Print Spooler
    Program Compatibility Assistant Service
    Remote Procedure Call (RPC)
    Remote Registry
    RoxioNow Service
    RPC Endpoint Mapper
    SAS Core Service
    Security Accounts Manager
    Server
    Shell Hardware Detection
    Superfetch
    System Event Notification Service
    Task Scheduler
    TCP/IP NetBIOS Helper
    Themes
    User Profile Service
    Windows Audio
    Windows Audio Endpoint Builder
    Windows Event Log
    Windows Firewall
    Windows Font Cache Service
    Windows Image Acquisition (WIA)
    Windows Live ID Sign-in Assistant
    Windows Managment Instrumentation
    WLAN AutoConfig
    Workstation

    Automatic (Delayed Start):

    Background Intelligent Transfer Service
    Google Update Service (gupdate)
    HP Support Assistant Service
    HP Wireless Assistant Service
    Microsoft .NET Framework NGEN v4.0.30319_X64
    Microsoft .NET Framework NGEN v4.0.30319_X86
    Security Center
    Software Protection
    Windows Media Player Network Sharing Service
    Windows Search
    Windows Update
     
  5. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I shall leave you with Flavallee. I will keep an eye on the thread and jump back in if things don't get any better. Running with an outdated Anti Virus may have let something nasty in.

    Just one other thing, what was the outdated Anti Virus? Most Anti Virus programs have a clean up tool available to remove remnants which can cause issues if left on the system. Tell us what it was and we can provide the appropriate link for the tool.
     
  6. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    I'm not 100% on what it was, but I believe it was some version of Trend Micro. I initially ran a boot scan with avast! and it found about 9 or so viruses.
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, I think it would be best to move this thread to the Malware forum and start with the scan below. I'll run a complete check on the system to make sure there are no more infections and that nothing is damaged. It may just be the infections that are slowing the system down, some of the more dangerous infections won't get detected by Avast.

    Please open Avast and see if you can find the logs from the scans you ran and post them here so I can see what it removed.

    Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click on FRST to run it. When the tool opens click Yes to disclaimer.
    • Press theScan button.
    • It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
    • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.
     
  8. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
    Ran by Owner (administrator) on OWNER-HP on 21-01-2014 19:40:12
    Running from C:\Users\Owner\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-19] (AVAST Software)
    HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
    HKCU\...\Run: [EPSON Stylus CX8400 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEA.EXE [209408 2007-02-15] (SEIKO EPSON CORPORATION)
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Owner\AppData\Local\Temp\sxpherm\sobyows\wow64.dll ATTENTION! ====> ZeroAccess?
    HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    MountPoints2: {7dc68271-a549-11e0-8d5f-806e6f6e6963} - E:\FLTEnhanced.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U147E&ocid=U147EDHP
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
    SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
    SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKCU - {12B6A7F2-4A13-4CB7-AEB3-40DE3D8297BB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5BDC4FC7-F7D3-4523-9A22-F9D2B921A48B&apn_sauid=91FFE764-2E83-4669-9E74-2E27808806B4
    SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
    SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll No File
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: No Name - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No File
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: No Name - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll No File
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

    Chrome:
    =======
    CHR HomePage: hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
    CHR DefaultSearchKeyword: bing.com
    CHR DefaultSearchProvider: Bing
    CHR DefaultSearchURL: http://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}
    CHR DefaultNewTabURL:
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
    CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-19]
    CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-19]
    CHR Extension: (Ghostery) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-19]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
    CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2014-01-19]
    CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2014-01-19]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-19]

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.)
    R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-19] (AVAST Software)

    ==================== Drivers (Whitelisted) ====================

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-19] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-19] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-19] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-19] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-19] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-19] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-19] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
    U2 TMAgent;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-21 19:40 - 2014-01-21 19:41 - 00017730 _____ C:\Users\Owner\Desktop\FRST.txt
    2014-01-21 19:40 - 2014-01-21 19:40 - 00000000 ____D C:\FRST
    2014-01-21 19:38 - 2014-01-21 19:38 - 02077184 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2014-01-21 17:14 - 2014-01-21 17:14 - 00003101 _____ C:\Users\Owner\Desktop\AdwCleaner[R1].txt
    2014-01-21 06:20 - 2014-01-21 17:05 - 00000168 _____ C:\Windows\setupact.log
    2014-01-21 06:20 - 2014-01-21 06:20 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-20 19:03 - 2014-01-21 18:52 - 00052447 _____ C:\Windows\WindowsUpdate.log
    2014-01-20 18:59 - 2014-01-20 18:59 - 00000000 ____D C:\Windows\pss
    2014-01-20 17:21 - 2014-01-21 17:13 - 00000000 ____D C:\AdwCleaner
    2014-01-20 17:02 - 2014-01-20 17:22 - 00002132 _____ C:\Users\Owner\Desktop\msconfig and services.txt
    2014-01-20 16:40 - 2014-01-20 16:40 - 01236282 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-20 16:29 - 2014-01-20 16:29 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2014-01-20 16:27 - 2014-01-20 16:27 - 29485864 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
    2014-01-20 15:42 - 2014-01-20 15:42 - 00022266 _____ C:\Users\Owner\Documents\cc_20140120_154237.reg
    2014-01-19 23:15 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-01-19 23:15 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-01-19 23:15 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-01-19 23:15 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-01-19 23:13 - 2014-01-19 23:15 - 00005310 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
    2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Synaptics
    2014-01-19 21:21 - 2012-08-23 08:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-01-19 21:21 - 2012-08-23 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-01-19 21:20 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2014-01-19 21:20 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2014-01-19 21:20 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2014-01-19 21:20 - 2012-08-23 09:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-01-19 21:20 - 2012-08-23 08:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-01-19 21:20 - 2012-08-23 08:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-01-19 21:20 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-01-19 21:20 - 2012-08-23 08:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-01-19 21:20 - 2012-08-23 08:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-01-19 21:20 - 2012-08-23 08:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-01-19 21:20 - 2012-08-23 08:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-01-19 21:20 - 2012-08-23 07:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-01-19 21:20 - 2012-08-23 06:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-01-19 21:20 - 2012-08-23 06:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-01-19 21:20 - 2012-08-23 06:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-01-19 21:20 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2014-01-19 21:20 - 2012-08-23 05:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2014-01-19 21:20 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2014-01-19 21:20 - 2012-08-23 05:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-01-19 21:20 - 2012-08-23 05:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-01-19 21:20 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-01-19 21:20 - 2012-08-23 03:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-01-19 21:20 - 2012-08-23 03:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-01-19 21:07 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-01-19 21:07 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-01-19 20:59 - 2014-01-19 21:00 - 00152888 _____ C:\Users\Owner\Documents\cc_20140119_205948.reg
    2014-01-19 20:16 - 2014-01-19 20:16 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
    2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
    2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-19 20:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-01-19 16:39 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-01-19 16:39 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-01-19 16:39 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-01-19 16:39 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-01-19 16:39 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-01-19 16:39 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2014-01-19 16:39 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-01-19 16:38 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2014-01-19 16:38 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-01-19 16:30 - 2014-01-19 16:30 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-01-19 16:30 - 2014-01-19 16:30 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2014-01-19 16:29 - 2014-01-19 16:30 - 00000000 ____D C:\Program Files\CCleaner
    2014-01-19 16:26 - 2014-01-19 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
    2014-01-19 16:25 - 2014-01-19 16:25 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-19 16:24 - 2014-01-21 17:00 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2014-01-19 16:24 - 2014-01-19 16:25 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-01-19 16:24 - 2014-01-19 16:23 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-19 16:24 - 2014-01-19 16:23 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-19 16:24 - 2014-01-19 16:23 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-19 16:24 - 2014-01-19 16:23 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-19 16:24 - 2014-01-19 16:23 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-01-19 16:24 - 2014-01-19 16:23 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-19 16:24 - 2014-01-19 16:23 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-19 16:23 - 2014-01-19 16:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 ____D C:\Program Files\AVAST Software
    2014-01-19 16:14 - 2014-01-19 16:15 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-19 16:12 - 2014-01-19 16:12 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
    2014-01-19 16:11 - 2014-01-19 16:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-19 16:09 - 2014-01-19 16:12 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
    2013-12-26 18:37 - 2013-12-26 18:37 - 00014504 _____ C:\Users\Owner\Documents\Music.txt

    ==================== One Month Modified Files and Folders =======

    2014-01-21 19:41 - 2014-01-21 19:40 - 00017730 _____ C:\Users\Owner\Desktop\FRST.txt
    2014-01-21 19:40 - 2014-01-21 19:40 - 00000000 ____D C:\FRST
    2014-01-21 19:40 - 2011-12-23 21:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-21 19:38 - 2014-01-21 19:38 - 02077184 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2014-01-21 19:20 - 2011-11-01 07:41 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-01-21 19:20 - 2011-08-23 06:53 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2014-01-21 18:55 - 2012-04-19 06:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-21 18:52 - 2014-01-20 19:03 - 00052447 _____ C:\Windows\WindowsUpdate.log
    2014-01-21 18:17 - 2011-07-03 20:03 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6339F689-9326-4B5F-B574-7BC083483359}
    2014-01-21 17:14 - 2014-01-21 17:14 - 00003101 _____ C:\Users\Owner\Desktop\AdwCleaner[R1].txt
    2014-01-21 17:13 - 2014-01-20 17:21 - 00000000 ____D C:\AdwCleaner
    2014-01-21 17:13 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-21 17:13 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-21 17:06 - 2011-12-23 21:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-21 17:05 - 2014-01-21 06:20 - 00000168 _____ C:\Windows\setupact.log
    2014-01-21 17:05 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-21 17:00 - 2014-01-19 16:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2014-01-21 06:20 - 2014-01-21 06:20 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-20 18:59 - 2014-01-20 18:59 - 00000000 ____D C:\Windows\pss
    2014-01-20 18:53 - 2011-12-23 21:51 - 00000000 ____D C:\Program Files\Google
    2014-01-20 18:53 - 2011-12-23 21:50 - 00000000 ____D C:\Program Files (x86)\Google
    2014-01-20 17:22 - 2014-01-20 17:02 - 00002132 _____ C:\Users\Owner\Desktop\msconfig and services.txt
    2014-01-20 16:40 - 2014-01-20 16:40 - 01236282 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-20 16:29 - 2014-01-20 16:29 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2014-01-20 16:27 - 2014-01-20 16:27 - 29485864 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
    2014-01-20 16:00 - 2011-12-23 21:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
    2014-01-20 15:57 - 2012-09-04 19:18 - 00000000 ____D C:\Firefox
    2014-01-20 15:42 - 2014-01-20 15:42 - 00022266 _____ C:\Users\Owner\Documents\cc_20140120_154237.reg
    2014-01-20 15:39 - 2011-08-26 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\The Weather Channel
    2014-01-20 06:30 - 2012-03-07 10:07 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2014-01-20 06:09 - 2012-03-07 10:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Trend Micro
    2014-01-20 06:09 - 2011-07-04 08:36 - 00000000 ____D C:\ProgramData\Trend Micro
    2014-01-20 06:02 - 2013-10-07 13:10 - 00000000 ____D C:\ProgramData\Oracle
    2014-01-20 00:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2014-01-19 23:15 - 2014-01-19 23:13 - 00005310 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
    2014-01-19 23:15 - 2011-04-11 13:48 - 00000000 ____D C:\Program Files (x86)\Java
    2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Synaptics
    2014-01-19 22:55 - 2009-07-13 23:45 - 00277464 _____ C:\Windows\system32\FNTCACHE.DAT
    2014-01-19 22:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2014-01-19 21:48 - 2012-03-24 09:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2014-01-19 21:13 - 2013-08-09 23:34 - 00000000 ____D C:\Windows\system32\MRT
    2014-01-19 21:08 - 2011-07-04 07:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-01-19 21:00 - 2014-01-19 20:59 - 00152888 _____ C:\Users\Owner\Documents\cc_20140119_205948.reg
    2014-01-19 20:16 - 2014-01-19 20:16 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
    2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
    2014-01-19 20:16 - 2014-01-19 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-19 20:13 - 2012-02-12 21:37 - 00000000 ____D C:\Windows\Minidump
    2014-01-19 20:13 - 2011-08-23 20:38 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
    2014-01-19 20:13 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther
    2014-01-19 19:44 - 2009-07-14 00:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-19 17:03 - 2011-12-31 20:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple
    2014-01-19 16:50 - 2013-11-26 07:30 - 00000000 ____D C:\Program Files (x86)\ARO 2013
    2014-01-19 16:45 - 2012-02-12 21:43 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
    2014-01-19 16:37 - 2013-03-25 19:37 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner
    2014-01-19 16:37 - 2013-03-25 19:37 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job
    2014-01-19 16:30 - 2014-01-19 16:30 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-01-19 16:30 - 2014-01-19 16:30 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2014-01-19 16:30 - 2014-01-19 16:29 - 00000000 ____D C:\Program Files\CCleaner
    2014-01-19 16:26 - 2014-01-19 16:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
    2014-01-19 16:25 - 2014-01-19 16:25 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-19 16:25 - 2014-01-19 16:24 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-01-19 16:23 - 2014-01-19 16:24 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-19 16:23 - 2014-01-19 16:24 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-19 16:23 - 2014-01-19 16:24 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-19 16:23 - 2014-01-19 16:24 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-19 16:23 - 2014-01-19 16:24 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-01-19 16:23 - 2014-01-19 16:24 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-19 16:23 - 2014-01-19 16:24 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-19 16:23 - 2014-01-19 16:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-19 16:21 - 2014-01-19 16:21 - 00000000 ____D C:\Program Files\AVAST Software
    2014-01-19 16:15 - 2014-01-19 16:14 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-19 16:12 - 2014-01-19 16:12 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
    2014-01-19 16:12 - 2014-01-19 16:09 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
    2014-01-19 16:11 - 2014-01-19 16:11 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-04 16:03 - 2009-07-14 00:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-12-26 18:37 - 2013-12-26 18:37 - 00014504 _____ C:\Users\Owner\Documents\Music.txt

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-19 23:55

    ==================== End Of Log ============================
     
  9. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
    Ran by Owner at 2014-01-21 19:42:04
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612 - Adobe Systems, Inc)
    Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AMD Fuel (Version: 2011.0304.1135.20703 - AMD) Hidden
    Apple Application Support (x32 Version: 2.2.2 - Apple Inc.)
    Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
    Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression 6 (x32 Version: 6 - ArcSoft)
    ArcSoft Print Creations (x32 Version: - ArcSoft)
    ATI Catalyst Install Manager (Version: 3.0.808.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (x32 Version: 2.2.6585 - K-NFB Reading Technology, Inc.)
    Bonjour (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0304.1135.20703 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0304.1135.20703 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0304.1135.20703 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Czech (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Danish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help English (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help French (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help German (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Greek (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Italian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Korean (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Polish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Russian (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Thai (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2011.0304.1134.20703 - ATI) Hidden
    ccc-core-static (x32 Version: 2011.0304.1135.20703 - ATI) Hidden
    ccc-utility64 (Version: 2011.0304.1135.20703 - ATI) Hidden
    CCleaner (Version: 4.09 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink YouCam (x32 Version: 3.2.1.3726 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.2.1.3726 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
    EPSON CX8400 User's Guide (x32 Version: - )
    EPSON Printer Software (Version: - SEIKO EPSON Corporation)
    EPSON Scan (x32 Version: - )
    EPSON Stylus CX8400 Series Scanner Driver Update (x32 Version: - )
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
    HP CloudDrive (x32 Version: - Zecter Inc.)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
    HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
    HP Game Console (x32 Version: - WildTangent) Hidden
    HP Games (x32 Version: 1.0.1.5 - WildTangent)
    HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
    HP MovieStore (x32 Version: 2.0 - Hewlett-Packard)
    HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (x32 Version: 1.4.8 - Hewlett-Packard Company)
    HP Quick Launch (x32 Version: 2.7.2 - Hewlett-Packard Company)
    HP Setup (x32 Version: 8.6.4516.3597 - Hewlett-Packard Company)
    HP Setup Manager (x32 Version: 1.1.13155.3599 - Hewlett-Packard Company)
    HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
    HP Wireless Assistant (Version: 4.0.10.0 - Hewlett-Packard Company)
    iTunes (Version: 10.7.0.21 - Apple Inc.)
    Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220 - Oracle)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000 - Microsoft Corporation)
    Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Octoshape add-in for Adobe Flash Player (HKCU Version: - )
    PBS KIDS PLAY! (x32 Version: 1.0.02 - Public broadcasting Service)
    PBS KIDS PLAY! (x32 Version: 1.0.02 - Public broadcasting Service) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PictureMover (x32 Version: 3.5.0.35 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
    Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011 - Realtek)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (x32 Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
    Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
    RoxioNow Player (x32 Version: 1.9.5.103 - RoxioNow)
    SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics TouchPad Driver (Version: 15.3.29.0 - Synaptics Incorporated)
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Restore Points =========================

    10-01-2014 08:00:12 Windows Update
    11-01-2014 08:00:12 Windows Update
    12-01-2014 08:00:12 Windows Update
    13-01-2014 08:00:12 Windows Update
    19-01-2014 21:16:26 avast! antivirus system restore point
    20-01-2014 01:56:51 Post Sonner Virus Removal
    20-01-2014 02:07:17 Windows Update
    20-01-2014 03:14:58 Windows Update
    20-01-2014 04:10:50 Installed Java 7 Update 51
    20-01-2014 08:00:13 Windows Update
    20-01-2014 22:10:17 Windows Update
    20-01-2014 22:13:58 Windows Update
    20-01-2014 22:20:40 Windows Update
    20-01-2014 23:51:12 Windows Update
    21-01-2014 00:54:41 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0E60E982-4A53-4A02-89E1-618F05BD0084} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
    Task: {19C00EA1-A652-4D22-ABDA-73D73189641B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-01-14] (Hewlett-Packard)
    Task: {4D94018D-93D8-4EFB-B177-0818A6645C4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
    Task: {5C7D676F-4FC9-47CD-A1D4-91C7F3AF7881} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23] (Google Inc.)
    Task: {60320DB2-2067-4AC9-8643-91616CA478D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23] (Google Inc.)
    Task: {67A54A22-6F66-46C8-880A-D2784BA0AF98} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
    Task: {7BDDC0B9-5C10-4FD9-A969-B115489FE772} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {7EC2146E-93C2-4AD7-B720-46A54C92674C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
    Task: {8A43CF57-870B-45B3-A9F2-4EECF693604D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
    Task: {9009672B-5855-41C3-AC8D-3F677B733FA3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-19] (AVAST Software)
    Task: {CD679E89-B9C3-40DB-9DE7-73EA6F62948F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
    Task: {E89B3A29-E379-4E9E-8E13-E65266D8611D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {F4134116-99CC-47B7-9962-A6E0D7859056} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-03-04 14:44 - 2011-03-04 14:44 - 00102912 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2011-03-04 14:33 - 2011-03-04 14:33 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-03-11 17:32 - 2011-03-11 17:32 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-07-21 16:33 - 2010-07-21 16:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-07-21 16:33 - 2010-07-21 16:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2010-07-21 16:33 - 2010-07-21 16:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2014-01-21 17:00 - 2014-01-21 04:27 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012100\algo.dll
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-19 16:23 - 2014-01-19 16:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-01-19 21:44 - 2014-01-11 05:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
    2014-01-19 21:44 - 2014-01-11 05:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
    2014-01-19 21:44 - 2014-01-11 05:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
    2014-01-19 21:44 - 2014-01-11 05:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
    2014-01-19 21:44 - 2014-01-11 05:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/21/2014 05:06:18 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2014 05:00:41 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2014 06:20:57 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2014 07:01:33 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2014 06:55:02 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2014 06:31:07 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service) (User: )
    Description: The index cannot be initialized.


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)


    System errors:
    =============
    Error: (01/21/2014 05:05:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (01/21/2014 05:04:46 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (01/21/2014 04:59:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (01/21/2014 06:25:54 AM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (01/21/2014 06:20:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (01/20/2014 07:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Windows 7 for x64-based Systems (KB2849470).

    Error: (01/20/2014 07:54:28 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (01/20/2014 07:00:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126

    Error: (01/20/2014 06:59:31 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (01/20/2014 06:54:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\Rtlihvs.dll
    Error Code: 126


    Microsoft Office Sessions:
    =========================
    Error: (01/21/2014 05:06:18 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2014 05:00:41 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2014 06:20:57 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2014 07:01:33 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2014 06:55:02 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2014 06:31:07 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (01/19/2014 10:59:38 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)
    Search.TripoliIndexer


    ==================== Memory info ===========================

    Percentage of memory in use: 54%
    Total physical RAM: 2666.91 MB
    Available physical RAM: 1216.39 MB
    Total Pagefile: 5331.99 MB
    Available Pagefile: 3362.22 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:284.06 GB) (Free:210.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:13.73 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (Feels Like Today - Enhanced) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 20ED0ABE)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End Of Log ============================
     
  10. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    As for the avast! scans, this is what was found and removed:

    Threat: Win32:BHO-ALN [Trj]
    PUP: Win32:InstallCore-F [PUP]
    Threat: Java:Agent-BAC [Expl]
    Threat: Java:CVE-2012-0507-LP [Expl]
    Threat: Java:CVE-2011-3544-HQ [Expl]
    PUP: NSIS:Adware-AR [PUP]
    PUP: NSIS:Adware-AR [PUP]
    Threat: Win32:Alureon-ATR [Trj]

    I couldn't figure out how to export the log in to a text document so if more information from the log is needed I'll provide whatever I can.
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have a ZeroAccess Rootkit infection, this following fix will clean it up along with several redundant files and remnants of TrendMicro Anti Virus. When done please run the temporary file cleaner and do a run with Adwcleaner and post the new log.

    When it is all complete please tell me how well the system is running.

    Please start by uninstalling this: Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220 - Oracle)

    Download the attachment and save it in the same location as FRST.


    • Launch FRST by double clicking on it.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log in the same location the program is run from (Fixlog.txt) please Copy & Paste it into your next reply.


    ===========================================

    Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name TFC - Temp File Cleaner by Old Timer.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

    NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.
     

    Attached Files:

  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,764
    First Name:
    Frank
    After Mark1956 gives you the "all clear", you can do the following.

    ---------------------------------------------------------

    These startup entries can be unchecked:

    Adobe Acrobat

    Adobe Reader and Acrobat Manager

    Java(TM) Platform SE Auto Updater

    Logitech Download Assistant

    PictureMover Application

    SUPERAntiSpyware
    (if it's the free version)

    After you're done, click Apply - OK/Close - Exit Without Restart.

    ------------------------------------------------------

    These service entries can have their "Startup Type" set on Manual:
    (Double-click each one to open its properties window, then change the setting, then click Apply - OK)

    Adobe Acrobat Update Service

    Distributed Link Tracking Client

    Google Update Service

    HP Client Services

    Microsoft .NET Framework NGEN v4.0.30319_X64

    Microsoft .NET Framework NGEN v4.0.30319_X86

    Remote Registry

    RoxioNow Service

    Windows Live ID Sign-in Assistant

    Windows Search


    Note: Set Network Connections on Automatic.

    After you're done, restart the computer.

    ------------------------------------------------------
     
  13. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    Alright, hope I did this correctly. Here is the adw log. System appears to be running slightly better but a little hard to tell. I understand it's not exactly a quick machine regardless.

    # AdwCleaner v3.017 - Report created 22/01/2014 at 20:23:07
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Owner - OWNER-HP
    # Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\Users\Public\Desktop\eBay.lnk
    Folder Found C:\ProgramData\Ask

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v32.0.1700.76

    [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3041 octets] - [20/01/2014 17:21:47]
    AdwCleaner[R1].txt - [3101 octets] - [21/01/2014 17:12:08]
    AdwCleaner[R2].txt - [2997 octets] - [22/01/2014 20:23:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [3057 octets] ##########
     
  14. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You've not posted the fixlog (look at the instructions again), or confirmed you ran the temporary file cleaner.

    Please run Adwcleaner again, after using the Scan button click on the Clean button and then post the log produced after the reboot.
     
  15. sawtoothgrin

    sawtoothgrin Thread Starter

    Joined:
    Jan 16, 2007
    Messages:
    54
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014
    Ran by Owner at 2014-01-22 20:11:16 Run:1
    Running from C:\Users\Owner\Desktop\FRST
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Owner\AppData\Local\Temp\sxpherm\sobyows\wow64.dll ATTENTION! ====> ZeroAccess?
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {12B6A7F2-4A13-4CB7-AEB3-40DE3D8297BB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_ dtid=OSJ000&apn_uid=5BDC4FC7-F7D3-4523-9A22-F9D2B921A48B&apn_sauid=91FFE764-2E83-4669-9E74-2E27808806B4
    BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
    BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll No File
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: No Name - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No File
    BHO-x32: No Name - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll No File
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
    U2 TMAgent;
    C:\Users\Owner\AppData\Local\Temp\sxpherm
    C:\Program Files\Java\jre6\bin\jp2ssv.dll
    C:\Windows\System32\DRIVERS\TMEBC64.sys
    C:\Windows\System32\DRIVERS\tmtdi.sys
    *****************

    HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12B6A7F2-4A13-4CB7-AEB3-40DE3D8297BB} => Key deleted successfully.
    HKCR\CLSID\{12B6A7F2-4A13-4CB7-AEB3-40DE3D8297BB} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
    HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => Key deleted successfully.
    HKCR\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{233C1507-6A77-46A4-9443-F871F945D258} => Key deleted successfully.
    HKCR\PROTOCOLS\Handler\tmbp => Key deleted successfully.
    HKCR\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key deleted successfully.
    HKCR\PROTOCOLS\Handler\tmpx => Key deleted successfully.
    HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key deleted successfully.
    HKCR\PROTOCOLS\Handler\tmtbim => Key deleted successfully.
    HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => Key not found.
    HKCR\Wow6432Node\PROTOCOLS\Handler\tmbp => Key not found.
    HKCR\Wow6432Node\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => Key not found.
    HKCR\Wow6432Node\PROTOCOLS\Handler\tmpx => Key not found.
    HKCR\Wow6432Node\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
    HKCR\Wow6432Node\PROTOCOLS\Handler\tmtbim => Key not found.
    HKCR\Wow6432Node\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => Key not found.
    C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll not found.
    C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
    C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
    C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
    c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll not found.
    TMEBC => Service deleted successfully.
    tmtdi => Service deleted successfully.
    TMAgent => Service deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\sxpherm => Moved successfully.
    "C:\Program Files\Java\jre6\bin\jp2ssv.dll" => File/Directory not found.
    C:\Windows\System32\DRIVERS\TMEBC64.sys => Moved successfully.
    C:\Windows\System32\DRIVERS\tmtdi.sys => Moved successfully.


    The system needs a manual reboot.

    ==== End of Fixlog ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1118061

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice