prstark

Residual problems are that startup after a complete shutdown fails to load windows 7 properly or fully. Normally a restart fixes this. However, if external devices such as a printer or a HD are not attached and running at restart, the system fails to recognize their connections when plugged in to a USB port. Other than that, things appear to run well. I may attempt to wipe the drive clean and start over if the hard drive checking utility fails to find any damage. Thanks again.

Okay, I've got everything "cleaned up". However, I still have sporadic issues. Sometimes the laptop seems to work well and other times not. Lately, a reboot seems to eradicate any issues with programs not opening, shutdown hanging with explorer.exe not closing, etc. As far as I can tell, all drivers are current. I do wonder about the condition of my hard drive. This HP Pavilion 2550se is about 6 years old, and let's face it, hard drives are not granted the free gift of eternal life. What is the best hard drive checker I can run--and do you think this would be worth doing? Do you think a backup and reformat is in order? If so, please advise a comprehensive backup procedure. I currently use FBackup4. This would be, of course, a long and arduous task which I dread undertaking. As always, most grateful for your support.

Things seemed to going well, even after I uninstalled and reinstalled SuperAntiSpyware (which found over 200 adware items that were not detected by Malwarebytes). Then, after running OTC and rebooting, I had some issues again. I went to Control Panel to remove SAS again, but it's not there. The program is in fact on C:/Program Files. This appeared to be at least one source of past issues. Now I guess I need to know how to uninstall it (running /uninstall from the Run box didn't work. It asked me if I wanted to uninstall "everything". I clicked yes but nothing happened. This was done in Normal mode). Thanks again for help with the issue that refuses to die, at least partly due to my insistence to use SAS, apparently.

Actually, I would appreciate more time. I've been sick for a few days and have not been able to complete your recommended clean up procedure. Thx.

Still working on your "cleanup" items. Please wait until I post back before closing this thread. Thx.

I can't find ComboFix. I think I may have unwittingly deleted it and have since emptied the Recycle Bin. Oops! What actions should I take now to "delete its related folders and files, hide file extensions, hide the system/hidden files and clear System Restore cache and create new Restore point"? Thanks.

Okay. Thanks for the extra cleanup suggestion. Here's the report: Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is disabled!) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

Things seem to be working fine on the laptop following the most recent measure taken. I suppose you can close this thread, if you like. Thank you again for your excellent, first rate service. You saved my laptop and saved me a lot of money. Paul

Update: I uninstalled SAS and Avast (then reinstalled Avast only) and the laptop is operating well so far. This resulted in no stopped drivers in Device Manager (there were three). There isn't "S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]" anywhere on my laptop, particularly in C:\Program Files (x86). Not sure why it showed up in the report, but it doesn't appear to be an issue. I have no other Lavasoft software installed and haven't for years. Restart, sleep, hibernate and wake-up all seem to be working OK so far. Programs are opening from all locations and running. Audio is restored. Before all this and after my last post, the system reverted again to operating only in safe mode. So far, so good. However, please keep this thread open for a couple more days as I test further and just in case. Many thanks.

Just noticed, I have lost my audio--happened once before on another HP laptop.

I worked late on it last night. I did so much the past two days, I can't really remember what's made the difference. That said, it appears to be running well again. Programs are starting from all locations, uninstalled/reinstalled Chrome (again) working well with LastPass, reboots, sleep, hibernate all working. Perhaps it was the PUP and a missing or stopped HP driver (installed now) that affected two devices that made the difference. Thing is, it could go again at any time. If so, I will reformat and reinstall. It is an old-ish laptop. If it goes, as several other HP's have in the past, a recent "pepped up" model will be nice. Hopefully I won't be posting back here anytime soon. If that's the case, thank you for your intensive and exhaustive assistance. I hope to make a small donation as soon as I can. I'm sure if everyone would make at least a small donation, your critical help would be more appropriately rewarded. By the way, I used to live in Bergen County. Glad to be in NC now, however.

I'm really afraid of AdwCleaner. Things were running well until I ran that. What am I supposed to use for virus protection if I uninstall Avast? Why should SuperAntiSpyware be removed? AdAware is from eons ago. As for the toolbars, I think those are associated with Firefox and IE. I use Chrome, at least I did until I had to uninstall it again, but this time I have yet to be able to reinstall it. I think if I had reformatted the drive and reinstalled all my apps I'd be done by now. Thanks.

I meant that the laptop is working for everything I'm asking of it in safe mode, except, of course, no internet--which would be nice in safe mode--but then I guess it wouldn't be "safe" mode .

Not sure what these are: HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 I can say that the system required me to update the malware programs this afternoon, as if they didn't exist (corrupted or not installed or some such message). I was about to run fixdamage.exe. I haven't done that, but the system is as bad or worse than ever. Regarding safe mode, it's looking like that's the only place I can do anything. Thanks again.

I'm quarantining and deleting this.

Here are the logs. I'm having trouble implementing my plan to run ComboFix after the System Restore. I'm back to lots of issues and wonder if I need to start all over again. Thanks. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013 03Ran by Paul (administrator) on PAUL-PC on 07-09-2013 15:52:32Running from C:\Users\Paul\DesktopWindows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Policies\Explorer: [NoActiveDesktop] 1HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1HKCU\...\Run: [AdobeBridge] - HKCU\...\Run: [Google Update] - C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-07] (Google Inc.)MountPoints2: {317bde35-22bb-11e0-9b03-0016d3a501ca} - G:\LaunchU3.exe -aHKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnkShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.provisionhouse.org/HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptopHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptopStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {DD725C3D-DC45-42A2-8C8C-0336892F5DD5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {06B66503-5C17-4E3E-871B-4DE0F0C1BF63} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7SearchScopes: HKLM - {7E632184-1EAF-433F-B09F-A7B31511154E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM - {DD725C3D-DC45-42A2-8C8C-0336892F5DD5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - {06B66503-5C17-4E3E-871B-4DE0F0C1BF63} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7SearchScopes: HKCU - {7E632184-1EAF-433F-B09F-A7B31511154E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKCU - {DD725C3D-DC45-42A2-8C8C-0336892F5DD5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtBHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No FileBHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No FileBHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - No FileHandler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - No FileHandler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xmlFF Extension: gTranslator - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\jyboy.yy@gmail.comFF Extension: Amplify - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}FF Extension: FoxLingo - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}FF Extension: translator - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\translator@zoli.bod.xpiFF Extension: No Name - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpiFF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Google Update) - C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Google Talk Plugin) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1CHR Extension: (eReaderIQ Integrator) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\epjfabiijflnfmjjhanhddglfhokheae\0.10.0_0CHR Extension: (LastPass) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0CHR Extension: (Tabs to the front!) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0CHR Extension: (Google Dictionary (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0CHR Extension: (Gospel eBooks) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nldijjcdcbmjjkleijhjgeecflkpfppk\1.1_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-03] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.) ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe2013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe2013-09-07 12:21 - 2013-09-07 12:21 - 00001688 _____ C:\Users\Paul\Desktop\AdwCleaner[s0].txt2013-09-07 12:02 - 2013-09-07 12:02 - 00001668 _____ C:\Users\Paul\Desktop\AdwCleaner[R0].txt2013-09-07 11:58 - 2013-09-07 12:15 - 00000000 ____D C:\AdwCleaner2013-09-07 10:47 - 2013-09-07 10:47 - 00017741 _____ C:\Users\Paul\Desktop\ComboFix.txt2013-09-07 10:45 - 2013-09-07 10:45 - 00017741 _____ C:\ComboFix.txt2013-09-07 10:29 - 2013-09-07 10:45 - 00000000 ____D C:\Qoobox2013-09-07 09:58 - 2013-09-07 10:02 - 00000000 ____D C:\Users\Paul\Documents\Hopewell2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809.exe2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809 (3).exe2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809 (2).exe2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809 (1).exe2013-09-06 20:11 - 2013-09-06 20:12 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (3).crx2013-09-06 20:11 - 2013-09-06 20:11 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (4).crx2013-09-06 19:58 - 2013-09-06 20:03 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin.crx2013-09-06 16:51 - 2013-09-06 17:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-06 16:49 - 2013-09-06 17:46 - 00000000 ____D C:\Users\Paul\Desktop\mbar2013-09-06 16:47 - 2013-09-06 16:47 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.07.0.1005.exe2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (8).ics2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (7).ics2013-09-06 15:43 - 2013-09-07 14:44 - 00000000 ____D C:\Users\Paul\Desktop\RK_Quarantine2013-09-06 15:42 - 2013-09-06 15:42 - 03787264 _____ C:\Users\Paul\Desktop\RogueKillerX64.exe2013-09-06 15:19 - 2013-09-06 15:19 - 03787264 _____ C:\Users\Paul\Downloads\RogueKillerX64.exe2013-09-06 14:01 - 2013-09-06 14:01 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.com2013-09-06 12:58 - 2013-09-06 12:59 - 00714816 _____ C:\Users\Paul\Downloads\ZipOpenerSetup.exe2013-09-06 12:58 - 2013-09-06 12:59 - 00007909 _____ C:\Users\Paul\Downloads\hijackthis.log2013-09-06 12:52 - 2013-09-06 12:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (2).exe2013-09-06 12:50 - 2013-09-06 12:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (1).exe2013-09-06 12:46 - 2013-09-06 12:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis.exe2013-09-06 11:28 - 2013-09-06 11:28 - 00000937 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (6).ics2013-09-06 11:25 - 2013-09-06 11:25 - 00001017 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (5).ics2013-09-05 21:55 - 2013-09-07 15:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update2013-09-05 18:24 - 2013-09-05 18:24 - 00001018 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (4).ics2013-09-05 18:18 - 2013-09-05 18:18 - 00001015 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (3).ics2013-09-05 10:13 - 2013-09-05 10:14 - 117478104 _____ C:\Users\Paul\Downloads\avast_free_antivirus_setup (2).exe2013-09-04 23:32 - 2013-09-04 23:32 - 04454952 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup405.exe2013-09-04 23:02 - 2013-09-04 23:02 - 00001022 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (1).ics2013-09-04 23:02 - 2013-09-04 23:02 - 00000999 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (2).ics2013-09-04 22:50 - 2013-09-04 22:50 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-09-04 22:44 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-09-04 22:44 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-09-04 22:44 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-09-04 22:44 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-09-04 22:44 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-09-04 22:44 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-09-04 22:44 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-09-04 22:44 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-09-04 22:44 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-09-04 22:44 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-09-04 22:44 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-30 15:18 - 2013-08-30 15:18 - 00000996 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15.ics2013-08-23 15:08 - 2013-08-23 15:08 - 00033005 _____ C:\Users\Paul\Desktop\Easy Prompter.html2013-08-23 15:00 - 2013-08-23 15:00 - 11423543 _____ C:\Users\Paul\Downloads\PromptPClite.zip2013-08-23 14:52 - 2013-08-23 14:52 - 00580269 _____ C:\Users\Paul\Downloads\setup.zip2013-08-23 11:04 - 2013-09-04 16:36 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proverb Teleprompter2013-08-22 16:10 - 2013-08-22 16:10 - 00000769 _____ C:\Users\Paul\Downloads\PrinterDiagnostic.diagcab2013-08-16 13:10 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-08-16 13:10 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-16 13:10 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-08-16 13:10 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-16 13:10 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-08-16 13:10 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-08-16 13:10 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-08-16 13:10 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-08-16 13:10 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-08-16 13:10 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-16 13:10 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-16 13:10 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-16 13:10 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-16 13:10 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-16 13:08 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-08-16 13:07 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-08-16 13:06 - 2013-07-24 09:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-08-16 13:06 - 2013-07-24 09:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-08-16 13:06 - 2013-07-24 09:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-08-16 13:06 - 2013-07-24 09:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-08-16 13:06 - 2013-07-24 09:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-08-16 13:06 - 2013-07-24 09:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-08-16 13:06 - 2013-07-24 09:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-08-16 13:06 - 2013-07-24 09:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-08-16 13:06 - 2013-07-24 09:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-08-16 13:06 - 2013-07-24 09:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-08-16 13:06 - 2013-07-24 09:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-16 13:06 - 2013-07-24 09:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-16 13:06 - 2013-07-24 09:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-16 13:06 - 2013-07-24 09:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-16 13:06 - 2013-07-24 09:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-16 13:06 - 2013-07-24 09:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-16 13:06 - 2013-07-24 09:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-16 13:06 - 2013-07-24 09:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-08-16 13:06 - 2013-07-24 09:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-08-16 13:06 - 2013-07-24 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-16 13:06 - 2013-07-24 07:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-08-16 13:06 - 2013-07-24 07:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-16 12:37 - 2013-09-07 15:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-16 12:37 - 2013-09-07 15:41 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-16 12:37 - 2013-08-16 12:37 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-08-16 12:37 - 2013-08-16 12:37 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-08-16 12:36 - 2013-08-16 12:36 - 00784856 _____ (Google Inc.) C:\Users\Paul\Downloads\GoogleEarthPluginSetup.exe2013-08-14 12:19 - 2013-09-07 15:53 - 00512624 _____ C:\Windows\setupact.log2013-08-14 12:19 - 2013-08-16 12:28 - 00000000 _____ C:\Windows\setuperr.log2013-08-10 16:38 - 2013-09-07 15:52 - 00370576 _____ C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= 2013-09-07 15:53 - 2013-08-14 12:19 - 00512624 _____ C:\Windows\setupact.log2013-09-07 15:52 - 2013-09-07 15:52 - 00000000 ____D C:\FRST2013-09-07 15:52 - 2013-08-10 16:38 - 00370576 _____ C:\Windows\WindowsUpdate.log2013-09-07 15:51 - 2009-07-14 00:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-07 15:51 - 2009-07-14 00:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe2013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe2013-09-07 15:47 - 2012-04-03 15:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-09-07 15:42 - 2013-08-16 12:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-07 15:41 - 2013-08-16 12:37 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-07 15:41 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-07 15:39 - 2013-09-05 21:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update2013-09-07 15:39 - 2009-07-14 01:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-07 15:05 - 2010-12-04 17:51 - 00000000 _____ C:\Windows\SysWOW64\config.nt2013-09-07 14:45 - 2010-12-04 16:41 - 00000000 ____D C:\Users\Paul2013-09-07 14:44 - 2013-09-06 15:43 - 00000000 ____D C:\Users\Paul\Desktop\RK_Quarantine2013-09-07 14:44 - 2013-01-24 23:49 - 00000000 ____D C:\Users\Paul\Desktop\PSD2013-09-07 14:44 - 2011-12-03 18:46 - 00000000 ____D C:\Users\Paul\Documents\StreamTransport2013-09-07 14:44 - 2011-01-19 11:03 - 00000000 ____D C:\ProgramData\Softland2013-09-07 14:44 - 2010-12-07 12:41 - 00000000 ____D C:\ProgramData\FLEXnet2013-09-07 14:44 - 2010-12-05 02:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-07 14:44 - 2010-12-04 19:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-09-07 14:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2013-09-07 14:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat2013-09-07 14:43 - 2010-12-08 12:04 - 00000000 ____D C:\Program Files (x86)\Google2013-09-07 14:43 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default2013-09-07 14:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration2013-09-07 13:55 - 2013-04-17 11:42 - 00000000 ____D C:\Users\Paul\AppData\Roaming\FileZilla2013-09-07 12:21 - 2013-09-07 12:21 - 00001688 _____ C:\Users\Paul\Desktop\AdwCleaner[s0].txt2013-09-07 12:15 - 2013-09-07 11:58 - 00000000 ____D C:\AdwCleaner2013-09-07 12:02 - 2013-09-07 12:02 - 00001668 _____ C:\Users\Paul\Desktop\AdwCleaner[R0].txt2013-09-07 10:47 - 2013-09-07 10:47 - 00017741 _____ C:\Users\Paul\Desktop\ComboFix.txt2013-09-07 10:45 - 2013-09-07 10:45 - 00017741 _____ C:\ComboFix.txt2013-09-07 10:45 - 2013-09-07 10:29 - 00000000 ____D C:\Qoobox2013-09-07 10:02 - 2013-09-07 09:58 - 00000000 ____D C:\Users\Paul\Documents\Hopewell2013-09-07 09:45 - 2007-08-26 17:46 - 00000000 ____D C:\Users\Paul\Documents\Illustrations2013-09-07 09:28 - 2007-08-26 17:46 - 00000000 ____D C:\Users\Paul\Documents\Provision House2013-09-06 21:09 - 2008-03-18 12:49 - 00013550 _____ C:\Users\Paul\Documents\Monthly Expenses.xlsx2013-09-06 20:38 - 2006-11-09 17:04 - 00000000 ____D C:\SwSetup2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809.exe2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809 (3).exe2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809 (2).exe2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard ) C:\Users\Paul\Downloads\sp37809 (1).exe2013-09-06 20:34 - 2012-08-07 15:02 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3535999486-3968760299-178579616-1000UA.job2013-09-06 20:12 - 2013-09-06 20:11 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (3).crx2013-09-06 20:11 - 2013-09-06 20:11 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (4).crx2013-09-06 20:03 - 2013-09-06 19:58 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin.crx2013-09-06 19:53 - 2011-05-02 13:09 - 00000000 ____D C:\Windows\Minidump2013-09-06 18:45 - 2009-07-14 01:13 - 00799798 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-06 17:46 - 2013-09-06 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-06 17:46 - 2013-09-06 16:49 - 00000000 ____D C:\Users\Paul\Desktop\mbar2013-09-06 16:47 - 2013-09-06 16:47 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.07.0.1005.exe2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (8).ics2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (7).ics2013-09-06 15:42 - 2013-09-06 15:42 - 03787264 _____ C:\Users\Paul\Desktop\RogueKillerX64.exe2013-09-06 15:19 - 2013-09-06 15:19 - 03787264 _____ C:\Users\Paul\Downloads\RogueKillerX64.exe2013-09-06 14:01 - 2013-09-06 14:01 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.com2013-09-06 12:59 - 2013-09-06 12:58 - 00714816 _____ C:\Users\Paul\Downloads\ZipOpenerSetup.exe2013-09-06 12:59 - 2013-09-06 12:58 - 00007909 _____ C:\Users\Paul\Downloads\hijackthis.log2013-09-06 12:52 - 2013-09-06 12:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (2).exe2013-09-06 12:50 - 2013-09-06 12:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (1).exe2013-09-06 12:46 - 2013-09-06 12:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis.exe2013-09-06 11:28 - 2013-09-06 11:28 - 00000937 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (6).ics2013-09-06 11:25 - 2013-09-06 11:25 - 00001017 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (5).ics2013-09-05 19:12 - 2010-12-14 17:17 - 00000000 ____D C:\Users\Paul\Documents\Quickbooks backup2013-09-05 18:24 - 2013-09-05 18:24 - 00001018 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (4).ics2013-09-05 18:18 - 2013-09-05 18:18 - 00001015 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (3).ics2013-09-05 10:15 - 2012-08-07 15:02 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3535999486-3968760299-178579616-1000Core.job2013-09-05 10:14 - 2013-09-05 10:13 - 117478104 _____ C:\Users\Paul\Downloads\avast_free_antivirus_setup (2).exe2013-09-04 23:34 - 2010-07-20 13:14 - 00000000 ____D C:\Users\Paul\Documents\CCleaner Registry backups2013-09-04 23:33 - 2010-12-04 19:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-09-04 23:33 - 2010-12-04 19:10 - 00000000 ____D C:\Program Files\CCleaner2013-09-04 23:32 - 2013-09-04 23:32 - 04454952 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup405.exe2013-09-04 23:02 - 2013-09-04 23:02 - 00001022 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (1).ics2013-09-04 23:02 - 2013-09-04 23:02 - 00000999 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (2).ics2013-09-04 22:50 - 2013-09-04 22:50 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-09-04 22:36 - 2010-12-04 16:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Mozilla2013-09-04 21:54 - 2013-06-13 12:13 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-09-04 21:54 - 2012-04-03 15:22 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-04 21:54 - 2011-06-01 08:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-04 16:36 - 2013-08-23 11:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proverb Teleprompter2013-09-04 16:36 - 2009-07-14 03:45 - 00000000 ___RD C:\Users\Public\Recorded TV2013-09-04 16:32 - 2007-07-02 07:46 - 00000000 __RHD C:\MSOCache2013-08-30 15:18 - 2013-08-30 15:18 - 00000996 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15.ics2013-08-30 03:48 - 2013-03-23 14:18 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys2013-08-30 03:48 - 2013-03-23 14:18 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys2013-08-30 03:48 - 2012-02-25 15:32 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2013-08-30 03:48 - 2012-02-25 15:32 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2013-08-30 03:48 - 2012-02-25 15:32 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2013-08-30 03:48 - 2012-02-25 15:32 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2013-08-30 03:48 - 2012-02-25 15:32 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys2013-08-30 03:48 - 2012-02-25 15:32 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys2013-08-30 03:47 - 2012-02-25 15:32 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2013-08-30 03:47 - 2010-12-04 17:50 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr2013-08-23 15:08 - 2013-08-23 15:08 - 00033005 _____ C:\Users\Paul\Desktop\Easy Prompter.html2013-08-23 15:00 - 2013-08-23 15:00 - 11423543 _____ C:\Users\Paul\Downloads\PromptPClite.zip2013-08-23 14:52 - 2013-08-23 14:52 - 00580269 _____ C:\Users\Paul\Downloads\setup.zip2013-08-23 11:16 - 2010-12-04 17:41 - 00000000 ____D C:\Users\Paul\AppData\Local\Deployment2013-08-22 16:10 - 2013-08-22 16:10 - 00000769 _____ C:\Users\Paul\Downloads\PrinterDiagnostic.diagcab2013-08-16 13:24 - 2007-08-26 17:46 - 00000000 ____D C:\Users\Paul\Documents\My Data Sources2013-08-16 13:16 - 2013-07-21 19:24 - 00000000 ____D C:\Windows\system32\MRT2013-08-16 13:13 - 2010-12-05 17:08 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-08-16 12:37 - 2013-08-16 12:37 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-08-16 12:37 - 2013-08-16 12:37 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-08-16 12:36 - 2013-08-16 12:36 - 00784856 _____ (Google Inc.) C:\Users\Paul\Downloads\GoogleEarthPluginSetup.exe2013-08-16 12:28 - 2013-08-14 12:19 - 00000000 _____ C:\Windows\setuperr.log2013-08-10 18:27 - 2010-12-04 19:24 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-02 12:48 ==================== End Of Log =========================== Addition.txt

I mentioned that I did not "fix" the registry errors reported by CCleaner. I did a system restore from last night and am planning on picking up where I left off with then, and that was running ComboFix. But first, gonna get rid of that PUP again, if it's there. One note, when experiencing these issues, I always get a "(Waiting for) explorer.exe" message, that it still needs to close, which it never does, and I have to do a "Force restart". Thanks.

Everything seemed fine until I ran AdwCleaner. After that, I'm back to "square one". All systems issues originally reported have returned.

Well, that didn't last long. Everything seems to have reverted to its original dysfunctional operation. Icons disappeared from desktop, notification that windows was non-responsive, can't shutdown or restart windows, etc., etc.

The laptop seems to running well, now. However, I tested opening several programs from the desktop, no problem there, but was not able to open the "Snipping Tool" from the Start Menu until I rebooted; then it worked. Adobe Acrobat 9 Pro, when attempting to open from the Start Menu, attempted to install what seemed to be version 9.0. My current version is 9.5.5, which, when double-clicked from the file location, from the Start Menu (newly pinned), and from new a desktop shortcut, opens and runs fine. This experience occurred both before and after reboot. CCleaner reports some Registry issues now (none before we began this process yesterday). I have attached the results, but have yet to fix the issues. Late Breaking News: I just got a pop up notification from Windows Action Center that Avast Antivirus and Windows Defender are turned off. They are both turned on (I've already experimented with disabling Defender but it made no difference). This was one of the original issues. However, the system is running noticeably faster, as fast as it can and should. No problem with speed. Thanks for working through this with me. mbam-log-2013-09-07 (12-27-10).txt mbam-log-2013-09-07 (00-03-52).txt

"If you're not sure, post the log for review." Log file attached. For your info, SuperAntiSpyware did find a PUP this morning. That's since been quarantined and deleted. It appears my laptop is running better, since last night, actually. The LastPass issue was resolved by uninstalling and reinstalling Chrome. Restarts are working, albeit a little slowly, and programs are opening successfully. I await your further instructions after reviewing the AdwCleaner log. Thank you. AdwCleanerR0.txt

Okay, attached is the ComboFix report. Thanks again. ComboFix.txt

System scan results: "Windows Resource Protection did not find any integrity violations".

Running sfc /scannow from CMD prompt. Waiting for results. After that, I may run fixdamage.exe. That looks pretty intensive, but we'll see because just now, for the first time in days, my system "seems" to be operating better. It shut down without having to hard reboot and restarted as it should. Programs are opening, but there is still something funky going on as LastPass still doesn't display. This is a Chrome plugin. I'm thinking of reinstalling it--maybe uninstalling and reinstalling Chrome altogether. I have not run FRST. I'll post back. Gonna be here for a while Paul

My Mbar was negative, no malware. However, it did not produce a mbar-log.txt report. I've attached the system-log report. Thanks again. system-log.txt