kfavara Posted June 8, 2015 ID:968013 Share Posted June 8, 2015 I downloaded malwarebytes and scanned. It didn't automatically save the log file so I saved results. I am not sure if this is what you need. The computer runs constantly and is so slow we can't do anything. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/8/2015Scan Time: 1:27:27 PMLogfile: frst.txtAdministrator: Yes Version: 0.00.0.0000Malware Database: v2015.06.08.04Rootkit Database: v2015.06.02.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Ashley Favara Scan Type: Threat ScanResult: CompletedObjects Scanned: 342405Time Elapsed: 29 min, 51 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 8, 2015 ID:968014 Share Posted June 8, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
kfavara Posted June 8, 2015 Author ID:968027 Share Posted June 8, 2015 FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015Ran by Ashley Favara (administrator) on ASHLEYFAVARA-PC on 08-06-2015 14:02:37Running from C:\Users\Ashley Favara\DownloadsLoaded Profiles: Ashley Favara (Available Profiles: Ashley Favara)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(SMSC) C:\Program Files\SGFX\sgfxmgr.exe(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\SpotifyWebHelper.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe() C:\Program Files\SGFX\SgfxConfig.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Dropbox, Inc.) C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095912 2010-05-14] (Synaptics Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [sgfxConfig] => C:\Program Files\SGFX\sgfxconfig.exe [2233592 2013-03-18] ()HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Run: [GoogleChromeAutoLaunch_84839FF01F1313477B26258568055341] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Run: [spotify Web Helper] => C:\Users\Ashley Favara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-25] (Spotify Ltd)HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Run: [spotify] => C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-25] (Spotify Ltd)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-27]ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-12]ShortcutTarget: Dropbox.lnk -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-08-14] (AVAST Software)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpURLSearchHook: HKU\S-1-5-21-1356638605-569504071-3264840808-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-14] (AVAST Software)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-14] (AVAST Software)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.2 FireFox:========FF ProfilePath: C:\Users\Ashley Favara\AppData\Roaming\Mozilla\Firefox\Profiles\nhk7u51g.defaultFF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ashley Favara\AppData\Roaming\Mozilla\Firefox\Profiles\nhk7u51g.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-28]FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-27]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-02]FF HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR Profile: C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]CHR Extension: (Google Drive) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]CHR Extension: (YouTube) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]CHR Extension: (Google Search) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]CHR Extension: (Bookmark Manager) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-25]CHR Extension: (Avast Online Security) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-02]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]CHR Extension: (Google Wallet) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]CHR Extension: (Gmail) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)R2 HPSLPSVC; C:\Users\Ashley Favara\AppData\Local\Temp\7zS07FA\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8481280 2013-03-15] (SMSC) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S3 hpqwmiex; "C:\Users\Administrator\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-12-03] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)R4 Sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-03-18] (SMSC)R0 Sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-03-18] (SMSC) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 14:02 - 2015-06-08 14:03 - 00017717 _____ C:\Users\Ashley Favara\Downloads\FRST.txt2015-06-08 14:02 - 2015-06-08 14:02 - 02108928 _____ (Farbar) C:\Users\Ashley Favara\Downloads\FRST64.exe2015-06-08 14:02 - 2015-06-08 14:02 - 01147904 _____ (Farbar) C:\Users\Ashley Favara\Downloads\FRST.exe2015-06-08 14:02 - 2015-06-08 14:02 - 00000000 ____D C:\FRST2015-06-08 10:40 - 2015-06-08 13:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-08 10:39 - 2015-06-08 10:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ashley Favara\Downloads\mbam-setup-2.1.6.1022.exe2015-06-08 10:39 - 2015-06-08 10:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ashley Favara\Downloads\mbam-setup-2.1.6.1022 (1).exe2015-06-08 10:39 - 2015-06-08 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-08 10:39 - 2015-06-08 10:39 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-08 10:39 - 2015-06-08 10:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-08 10:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-08 10:39 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-08 10:39 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-05-25 18:54 - 2015-05-25 18:54 - 00000000 ____D C:\Windows\system32\appmgmt2015-05-25 18:34 - 2015-05-25 18:35 - 00266288 _____ C:\Windows\Minidump\052515-28657-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 13:43 - 2014-01-14 21:04 - 01495065 _____ C:\Windows\WindowsUpdate.log2015-06-08 13:19 - 2014-01-27 17:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-08 10:42 - 2014-02-05 00:11 - 00000000 ____D C:\Users\Ashley Favara\AppData\Roaming\Spotify2015-06-08 10:40 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-08 10:40 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-08 10:38 - 2014-02-05 00:12 - 00000000 ____D C:\Users\Ashley Favara\AppData\Local\Spotify2015-05-25 19:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2015-05-25 19:12 - 2014-09-30 15:19 - 00000000 ___RD C:\Users\Ashley Favara\Dropbox2015-05-25 19:12 - 2014-08-17 14:42 - 00000000 ____D C:\Users\Ashley Favara\AppData\Roaming\Dropbox2015-05-25 19:11 - 2014-09-30 15:19 - 00001056 _____ C:\Users\Ashley Favara\Desktop\Dropbox.lnk2015-05-25 19:11 - 2014-08-17 14:43 - 00000000 ____D C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-05-25 19:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-05-25 19:04 - 2009-07-13 23:51 - 00051260 _____ C:\Windows\setupact.log2015-05-25 18:34 - 2015-03-31 16:09 - 490908997 _____ C:\Windows\MEMORY.DMP2015-05-25 18:34 - 2015-03-31 16:09 - 00000000 ____D C:\Windows\Minidump2015-05-25 18:31 - 2014-02-05 00:12 - 00001860 _____ C:\Users\Ashley Favara\Desktop\Spotify.lnk2015-05-25 18:31 - 2014-02-05 00:12 - 00001846 _____ C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-05-25 18:22 - 2014-01-27 17:26 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-05-25 18:14 - 2014-01-27 17:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-25 18:14 - 2014-01-27 17:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-25 18:14 - 2014-01-27 17:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-05-25 18:11 - 2014-02-02 16:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update ==================== Files in the root of some directories ======= 2014-05-23 01:59 - 2015-03-01 16:27 - 5601792 _____ (FFmpeg Project) C:\Program Files\avformat-55.dll2015-02-15 12:03 - 2015-03-01 16:14 - 0421888 _____ () C:\Program Files\lame_enc.dll2014-01-27 20:59 - 2014-01-27 21:03 - 0000816 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP:====================C:\Users\Ashley Favara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyjaq0.dllC:\Users\Ashley Favara\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exeC:\Users\Ashley Favara\AppData\Local\Temp\HPInstaller.exeC:\Users\Ashley Favara\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-08 10:33 ==================== End of log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015Ran by Ashley Favara at 2015-06-08 14:03:17Running from C:\Users\Ashley Favara\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1356638605-569504071-3264840808-500 - Administrator - Disabled)Ashley Favara (S-1-5-21-1356638605-569504071-3264840808-1000 - Administrator - Enabled) => C:\Users\Ashley FavaraGuest (S-1-5-21-1356638605-569504071-3264840808-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1356638605-569504071-3264840808-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) HiddenAdobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)Amazon Kindle (HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Amazon Kindle) (Version: - Amazon)AMD Catalyst Install Manager (HKLM\...\{D0A76081-22E4-5B3F-5394-1229DDF73585}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCopy (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCore Graphics Software (Version: 5.2.59.0297 - SMSC) HiddenCoupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenDJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenDropbox (HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenHP 3D DriveGuard (HKLM\...\{B1A6285F-C31A-4482-8EA0-9445E4C1DCEA}) (Version: 4.1.10.1 - Hewlett-Packard Company)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenIntegrated Camera Driver Installer Package Ver.1.33.110.0 (HKLM-x32\...\{B0344B38-378B-47E0-BDCC-977785D24768}) (Version: 1.33.110.0 - BISON)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenQLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) HiddenRenesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) HiddenRICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenService Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) HiddenSMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 5.2.59.0297 - SMSC)SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenSpotify (HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)Status (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.2 - Synaptics Incorporated)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenValidity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)ViewSpan (HKLM\...\{6285D158-D528-4ED8-A935-BB2A402E21F2}) (Version: 2.8.1.0 - SMSC)WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) HiddenWindows Driver Package - Intel (NETwNs64) net (10/18/2010 13.4.0.9) (HKLM\...\F09FE5BEFA92C4B8272F1CB01F385D9EA34548CF) (Version: 10/18/2010 13.4.0.9 - Intel)Windows Driver Package - Intel net (10/18/2010 13.4.0.9) (HKLM\...\07D134D497B9E69E9B463F9D6217EC65A1530396) (Version: 10/18/2010 13.4.0.9 - Intel)Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 04-05-2015 06:33:27 Installed TrayApp04-05-2015 06:36:01 Installed TrayApp04-05-2015 06:37:06 Installed TrayApp04-05-2015 06:53:07 Installed TrayApp25-05-2015 18:11:13 Removed AMD Catalyst Install Manager25-05-2015 18:30:57 Installed TrayApp25-05-2015 18:52:35 Installed TrayApp25-05-2015 18:54:35 Installed TrayApp25-05-2015 18:54:56 Installed TrayApp25-05-2015 18:55:11 Installed TrayApp25-05-2015 18:56:52 Installed F240025-05-2015 18:57:03 Installed F240025-05-2015 18:58:17 Removed Core Graphics Software25-05-2015 19:02:54 Installed TrayApp25-05-2015 19:06:36 Installed TrayApp25-05-2015 19:09:10 Installed TrayApp25-05-2015 19:09:52 Installed TrayApp25-05-2015 19:10:25 Installed TrayApp08-06-2015 10:33:11 Installed F240008-06-2015 10:54:05 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00A5A28E-4493-43E2-9690-6F96F3E35644} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {03E219BD-B29A-4F4E-968C-527A4C6CBDC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)Task: {0C0EE8BF-A5A6-4674-8D8E-43575F49F1B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)Task: {1BEDD498-9681-4628-8ED3-FA0B262F8FDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {321F4A2D-BA0C-4D50-8EE8-9F94BF967A82} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {507BCE15-675D-4272-919D-FFF9B1DF9044} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {72A7AB7D-901B-4990-8E74-20E6161C3918} - System32\Tasks\{AAD957BF-6E7E-4D00-B8F2-F8951E590DBA} => pcalua.exe -a "C:\Users\Ashley Favara\AppData\Local\Temp\Temp1_SBT-SP6C-Windows_7.zip\WIN7\setup.exe"Task: {746B3AB6-1CCA-447B-BC40-D7E91AFEFDEB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {8C6AB753-75A5-446A-85F1-55CF94011EA6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {922E5265-A08A-4522-A9AD-AAD89880F827} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-26] (Microsoft Corporation)Task: {B5759179-273A-483C-95DB-455EB188A8BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: {C4356DC4-584C-43E0-B4DF-715587ADDF4F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {E943F7EB-1474-45CE-9E46-BFBC55BC9AA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-10-08 13:59 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-01-21 15:59 - 2015-01-21 15:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-03-18 09:42 - 2013-03-18 09:42 - 02233592 _____ () C:\Program Files\SGFX\SgfxConfig.exe2014-08-14 19:52 - 2014-08-14 19:52 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2015-05-25 18:13 - 2015-05-25 18:13 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052502\algo.dll2015-01-21 15:58 - 2015-01-21 15:58 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll2015-03-31 15:46 - 2015-05-25 18:31 - 40518200 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\libcef.dll2014-08-14 19:53 - 2014-08-14 19:53 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2015-05-25 18:20 - 2015-05-22 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll2015-05-25 18:20 - 2015-05-22 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll2015-03-31 15:46 - 2015-05-25 18:30 - 01365560 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\libglesv2.dll2015-03-31 15:46 - 2015-05-25 18:30 - 00219192 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\libegl.dll2015-03-31 15:46 - 2015-03-31 15:46 - 09305656 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\pdf.dll2015-03-31 15:46 - 2015-05-25 18:30 - 00990776 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\ffmpegsumo.dll2014-12-03 18:27 - 2014-12-03 18:27 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll2013-10-08 13:54 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2015-05-25 19:12 - 2015-05-25 19:12 - 00043008 _____ () c:\Users\Ashley Favara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyjaq0.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\libGLESv2.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\libEGL.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1356638605-569504071-3264840808-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 8.8.8.8 - 4.2.2.2 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{1A71BC65-5D9F-4CBC-A92C-CFEE3C1BA4DD}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS07FA\hppiw.exeFirewallRules: [{FACF7FDD-D548-49AF-9C4F-314F2A394CD0}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS07FA\hppiw.exeFirewallRules: [{7B0B4269-4785-415D-B285-709CE72BC495}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS0CA8\hppiw.exeFirewallRules: [{E353258C-1E6E-4E08-A408-FCC62529F925}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS0CA8\hppiw.exeFirewallRules: [{6CCCB115-4D7C-4C3B-91F1-911247AB788C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeFirewallRules: [{2039310C-3FED-4E6A-9B1B-F2A50A70252C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exeFirewallRules: [{592E9266-43A2-4227-A927-21DAA23228BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exeFirewallRules: [{0CE3C229-CD2B-4852-BFD7-0A0050F0168C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exeFirewallRules: [{6EAAD38B-E76A-43D2-8ACF-64ADB46E32AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exeFirewallRules: [{CE227041-95E2-4943-88B2-2AFB4D802A24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exeFirewallRules: [{B6A200B1-A5E9-4AA5-9715-93FE2D2E014B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exeFirewallRules: [{E6A126C2-0C70-4435-ADE7-DD95826F838E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exeFirewallRules: [{672D2D8E-18D5-4891-87C9-13B3C4D5BBDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exeFirewallRules: [{06FF8F8B-C7D0-492D-BD3D-569D001529EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeFirewallRules: [{36B9A465-C8EC-4DBF-A21F-B1262F939ED7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exeFirewallRules: [{B5E2F330-019F-4095-A43C-D616C148DA1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exeFirewallRules: [{3953C054-8D0B-4AC8-9CBD-07656FF832BF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exeFirewallRules: [{4CE7B93B-BE42-4B6F-9543-CA0B53104220}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exeFirewallRules: [{154ECA8B-A9B5-4FF0-AC2F-EE80034D665D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{710FB585-F0AB-4139-8032-FA855E96D2E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{F1D3525A-151D-4214-98AB-F07460A8F844}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{1F2DD39B-6928-4886-8CB3-A38E921F30DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [TCP Query User{3EA28441-30A3-44F5-BB6A-F6FCCCD3375D}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{B461DB0C-B245-4D83-97B9-4EC5D720D8A7}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{36C792D4-E14F-461D-98E1-35B691F33596}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{0BEA39A0-F2F2-4E63-B151-EED86EDCD879}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [{A19696B4-CB91-499E-ABCF-F92A998DA75B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{4BD69382-8DB8-40D1-A885-721639A63ECD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{EE0C1D89-532F-465D-8199-58312F48A9B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{2A8CDC3E-8DB5-418E-A44A-ACF096CA2EB4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{27A40A85-015C-471C-9203-8E7D2283D683}] => (Allow) C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{E07BE82F-00FE-41E7-8B0C-DE0C0BBBF59C}] => (Allow) C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [TCP Query User{BC467A36-28C9-4531-BC7E-DBB968F470D2}C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [uDP Query User{96EDA77C-2EB9-42D2-95B5-63F4748AFDBE}C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [{C0E517D8-30F1-4EED-89BF-0D8955F72C30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{8C95133D-688B-45C2-8B4B-2DE1F4279F11}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{59004864-BD99-49EE-989E-A21DEA850E9F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{5267CE1D-FFF1-441F-B8C3-F1464E52FBE1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{A3B7B570-FCBF-4004-9D9C-2AB02B1FB751}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{54D4A726-65B2-459D-8401-1C428EA42AEA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/08/2015 01:45:45 PM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis. Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (05/25/2015 07:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058 Error: (05/25/2015 07:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimsptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 07:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimmptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 06:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058 Error: (05/25/2015 06:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimsptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 06:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimmptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 06:49:16 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (05/25/2015 06:45:45 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046} Error: (05/25/2015 06:45:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/25/2015 06:45:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office:=========================Error: (06/08/2015 01:45:45 PM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors:=================================== Date: 2014-02-02 15:50:59.821 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Ashley Favara\AppData\Local\Temp\{E44BFEC1-0F6D-4F5A-9C09-76B03C6BF958}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-02 15:50:59.775 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Ashley Favara\AppData\Local\Temp\{E44BFEC1-0F6D-4F5A-9C09-76B03C6BF958}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 520 @ 2.40GHzPercentage of memory in use: 61%Total physical RAM: 3887.43 MBAvailable physical RAM: 1513.87 MBTotal Pagefile: 7773.05 MBAvailable Pagefile: 4595.88 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:143.63 GB) (Free:81.24 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: EA255B04)Partition 1: (Active) - (Size=5.4 GB) - (Type=27)Partition 2: (Not Active) - (Size=143.6 GB) - (Type=07 NTFS) ==================== End of log ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 8, 2015 ID:968029 Share Posted June 8, 2015 Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools. Link to post Share on other sites More sharing options...
kfavara Posted June 10, 2015 Author ID:968414 Share Posted June 10, 2015 Please see attached. Addition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 11, 2015 ID:968519 Share Posted June 11, 2015 Scan with ZOEK Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;bMake sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Post its content into your next reply. Link to post Share on other sites More sharing options...
kfavara Posted June 11, 2015 Author ID:968561 Share Posted June 11, 2015 I keep trying to upload the results and get the attached error, therefore, I am pasting results inline. Sorry for the inconvenience. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Ashley Favara on Thu 06/11/2015 at 7:30:39.01.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Ashley Favara\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-06-11-121040.log 599 bytesC:\zoek-results2015-06-11-122117.log 564 bytes ==== System Restore Info ====================== 6/11/2015 7:34:23 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfullyC:\Program Files\ATI Technologies deleted successfullyC:\PROGRA~3\NVIDIA deleted successfullyC:\Users\Ashley Favara\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpqwmiex deleted successfullyHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hpqwmiex deleted successfully ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Coupons deletedC:\PROGRA~2\Yahoo! deletedC:\found.000 deletedC:\Users\Ashley Favara\AppData\Roaming\Yahoo! deletedC:\PROGRA~3\Yahoo! Companion deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deletedC:\Windows\SysNative\config\systemprofile\Searches deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/14/2014 07:53 PM][HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01/27/2014 09:01 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ASHLEY~1\AppData\Roaming\Mozilla\Firefox\Profiles\nhk7u51g.default- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsgomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/14/2014 07:52 PM] Bookmark Manager - Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjikAvast Online Security - Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmkiChrome Hotword Shared Module - Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Preferencesreferences":{},"install_time":"13072225702834538","lastpingday":"13078479596256652","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast,searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"ashleyfavara@gmail.com","username":"ashleyfavara@gmail.com"}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"6D9C71255B644EB222AA631493B0AC272DC137CE05625EC651BB0F75130C3699"},"default_search_provider":{"keyword":"A311B20A9B45209B0CB2F67504D2F67B2D0E1446CDED7AD7A791EB46224E6501","name":"F7DE5CB987FADB02E56C1B27FFA02506031746365E5BFC81F61D77F548200571","search_url":"A55406CBB2D038CB7A0633626D3F7C80337EE35BAFFE9CC60B25DC8540450565"},"default_search_provider_data":{"template_url_data":"BB37D0B35BC2D6CD3A041130461D164A109C02498AE3E82E2E2D15FCC5CF7CE5"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"A17D33C7726260006483D0EF97314D5B11FC0D9A13E0EA9B35E9AEE812C1A810","aohghmighlieiainnegkcijnfilokake":"6B077B16246AA5FD116D7224FE04A43A320306CAA95893C53E8D9B739C47869F","apdfllckaahabafndbhieahigkjlhalf":"9B6E3030EFA8022A77E7B2E1A41D58B5F81E3D237BDD29C7CFFDB7E0B2859673","bepbmhgboaologfdajaanbcjmnhjmhfn":"2E5A2411B95BB62DE66DF83D13935EE15D98A18017012FF1B5F02F7A46306E11","blpcfgokakmgnkcojhhkbfbldkacnbeo":"7723934A2400F5CD929C111AE35591EC65BD79A57315F995889C9C7708178C03","coobgpohoikkiipiblmjeljniedjpjpf":"C2121D1D951DD9A6EFA6AB24F035F421A1E9152F7BDEE6DFF504F3C377BBDA34","dnhpdliibojhegemfjheidglijccjfmc":"CFCF0EB6EA45AF33431E06106FE40C166E4082737711F53BF30F2987B1A72638","eemcgdkfndhakfknompkggombfjjjeno":"823D78B5E5102656058DCE6BE636DD1D815C645F4A106830E352DBEB8F626471","ennkphjdgehloodpbhlhldgbnhmacadg":"E8BEDCB0FDF78902451CD4A50077432F458E447DF73D82C7931A9053EC15D798","gfdkimpbcpahaombhbimeihdjnejgicl":"5DC1B7336642543017C7C7C649B775ACCDFE94FDFA421AE097DC6D07ECB09534","gmlllbghnfkpflemihljekbapjopfjik":"DCF2EBFB246CF6D54163E85138DC165670E4FD4376BA319E3D845E49084D233D","gomekmidlodglbbmalcneegieacbdmki":"1AF6DF1C3472C79C6462E3942C579114BF66F1FE04379D092D1669ABDE2A1F6B","kmendfapggjehodndflmmgagdbamhnfd":"3AF934684B0965204C8D972EC0813A7734CE974D0EAE1ACA1AFF15AFFF04DA11","lccekmodgklaepjeofjdjpbminllajkg":"9472FE671EAFBCAF998564A92BD6705C9FC2D3F8BCE846FE9922AA77C9F898EE","mfehgcgbbipciphmccgaenjidiccnmng":"CAF81F0D569B048EE6B2F3FC0DB530EBA245492AAF057F25840A40F794575A1A","mgndgikekgjfcpckkfioiadnlibdjbkf":"74C09963DE57E21ADEDF68B2A1FE34F41FD3CAC2BF62137163FEEC170D7A65EA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"E14F033B84CC194FA4BA1D09358ACF9F344D03EA7569D5EFCF40D37F5B423C8E","nbpagnldghgfoolbancepceaanlmhfmd":"8CE8126A123510C761C2BD645F41F088273218CF8CF01727B2EE83E1951E7311","neajdppkdcdipfabeoofebfddakdcjhd":"F0BDB474ACDB6BA184889DC5728F94CEAA0A5857510C37BC7C47E28B8D85AEB8","nkeimhogjdpnpccoofpliimaahmaaome":"03A3D2DCCDE98F5A7C7767C49012F78A2EB2C3A04FAD040066663923DF70A502","nmmhkkegccagdldgiimedpiccmgmieda":"C05CAFC196302365FE851991B56E30FBD945F9BA3A611BF798B6875B00541E5C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"A188461C537CD3B52F93E42108CD94B547C244AA15DE83740CE0532361D90C24","pjkljhegncpnkpknbcohdijeoejaedia":"455D8DD9CE6FB575FA583EF9F9469DFF4E577558A2DFD2579F522E950620AB58"}},"google":{"services":{"last_username":"6DE4B1DC36287D9C7F372C9A22EBF114DCEEB13083C1F831A2994CF4A8C62E78","username":"C67AD5657DF47CEA8303D853AB5316C3EBE7A3337842A18DE37A56AA034FEDDA"}},"homepage":"2BDE906A2338CD73C3B3D1722FFB4154561681AD9BF230C839776BE8B8A94D7A","homepage_is_newtabpage":"63DCF92482798CDC9A5A1BC867566020B014670AFF08D6AB4B2C17F92A80C5E2","pinned_tabs":"9AD17740960FC62C7EA363F85DB54EA39CABF900BF6B5D89F41E33752D89167F","prefs":{"preference_reset_time":"DB36F9E21F9EFF73FA90D1674FCFFB8B8C012C37D4911C87981583B85F8FFA0C"},"profile":{"reset_prompt_memento":"A8D8342678751BAB9B79C55A1B1234BC3DF412A346445106B265618A1DA856B8"},"safebrowsing":{"incidents_sent":"4AD88CFB2BFCC84D15DF9C85FDC70D92053EE78C81C7B0F2E04F29C6DDB8ACCC"},"search_provider_overrides":"CFC9926015B5DF19464077F7372BF283E97DEA73B85576927C3130CE128830E7","session":{"restore_on_startup":"9E8E19E640E33B12D8DB83C0932243436AACB4988F603E30363A5F3BB3D43B75","startup_urls":"381A27B922ADDC4BC90D7C50AD3843B445653063D96E56768572425836217DA5"},"software_reporter":{"prompt_reason":"55AD36762228BE8740EDECEEE8CED75B9F4FFF46685A146B8894DC28B30BD2B8","prompt_seed":"F89D1E5353A07FDE02D2BE5269F0717768A9C95510A440EDBE4E5B509DC7D721","prompt_version":"E1F8EC8E1962C4D798640E19A203268A17095025698916427EBE5BA232C448E4"},"sync":{"remaining_rollback_tries":"7A862D9123FFC1596D60930476E24FF96AB94AE9925D372D6E05C65BAC3D08DD"}},"super_mac":"CF32193E74BC153269DD0583E3DA8EFCDBAC7F20C20FA12370949BAF5481D8ED"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfullyC:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfullyC:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gradesaver.com_0.localstorage deleted successfullyC:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gradesaver.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Ashley Favara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Ashley Favara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ashley Favara\AppData\Local\Mozilla\Firefox\Profiles\nhk7u51g.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=23 folders=5 2193803 bytes) ==== Empty Temp Folders ====================== C:\Users\Ashley Favara\AppData\Local\Temp will be emptied at rebootC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\ASHLEY~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Thu 06/11/2015 at 8:12:18.69 ====================== Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 11, 2015 ID:968569 Share Posted June 11, 2015 Don't worry We need to run one more Zoek fix. Fix with ZOEK This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Preferences;fchrdefaults;Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Post its content into your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 25, 2015 Root Admin ID:971683 Share Posted June 25, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts