Jump to content

vikingch

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 30 Java 7 Update 51 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  2. The FRST executed and ran within a matter of seconds. It is attached. JRT is attached. Malwarebytes came up clean again. Computer seems to be running pretty good (100 X better than 2 days ago). Fixlog.txt JRT.txt
  3. FRST and addition logs; Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by imSizD (administrator) on CBC-HP on 06-04-2014 20:35:57Running from C:\Users\imSizD\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)HKLM\...\Run: [fssui] - C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exeHKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-12] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation)HKLM-x32\...\Run: [sMessaging] - C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-3740989883-1198457843-2048904567-1001\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-3740989883-1198457843-2048904567-1001\...\MountPoints2: {200a358f-1b08-11e2-8770-3860774d677a} - H:\setup.exe -aGroupPolicyUsers\S-1-5-21-3740989883-1198457843-2048904567-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hp-desktop.us.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC88F7CB58350CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USSearchScopes: HKLM - {9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - {9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No FileToolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No FileToolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No FileToolbar: HKLM-x32 - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No FileDPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.3.1Tcpip\..\Interfaces\{0BE475FE-EC96-434C-81BC-12B6AF2D3370}: [NameServer]208.69.150.250,208.69.150.252Tcpip\..\Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD}: [NameServer]208.69.150.250,208.69.150.252Tcpip\..\Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}: [NameServer]208.69.150.250,208.69.150.252Tcpip\..\Interfaces\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB}: [NameServer]208.69.150.250,208.69.150.252Tcpip\..\Interfaces\{E971B731-42ED-4CAC-AC48-B1B85679EC1B}: [NameServer]208.69.150.250,208.69.150.252 Chrome: =======CHR Extension: (Google Docs) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]CHR Extension: (Google Drive) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]CHR Extension: (YouTube) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]CHR Extension: (Google Search) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]CHR Extension: (avast! Online Security) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-05]CHR Extension: (Google Wallet) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]CHR Extension: (Gmail) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software)R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] ()S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]S1 ioztqflw; \??\C:\Windows\system32\drivers\ioztqflw.sys [X]S3 motccgp; system32\DRIVERS\motccgp.sys [X]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]S3 motmodem; system32\DRIVERS\motmodem.sys [X]S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]S1 rolxxche; \??\C:\Windows\system32\drivers\rolxxche.sys [X]S1 trbxklbw; \??\C:\Windows\system32\drivers\trbxklbw.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 20:35 - 2014-04-06 20:36 - 00012361 _____ () C:\Users\imSizD\Downloads\FRST.txt2014-04-06 20:22 - 2014-04-06 20:22 - 00005888 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_202248.txt2014-04-06 18:02 - 2014-04-06 18:02 - 00448512 _____ (OldTimer Tools) C:\Users\imSizD\Downloads\TFC.exe2014-04-06 17:57 - 2014-04-06 17:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol2014-04-06 15:01 - 2014-04-06 15:03 - 00032755 _____ () C:\Users\imSizD\Desktop\Addition.txt2014-04-06 15:00 - 2014-04-06 15:03 - 00055542 _____ () C:\Users\imSizD\Desktop\FRST.txt2014-04-06 14:59 - 2014-04-06 20:35 - 00000000 ____D () C:\FRST2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Downloads\FRST64.exe2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Desktop\FRST64.exe2014-04-06 14:57 - 2014-04-06 14:57 - 01145856 _____ (Farbar) C:\Users\imSizD\Downloads\FRST.exe2014-04-06 14:18 - 2014-04-06 14:18 - 00029676 _____ () C:\Users\imSizD\Desktop\AdwCleaner[s0].txt2014-04-06 14:04 - 2014-04-06 14:14 - 00000000 ____D () C:\AdwCleaner2014-04-06 14:03 - 2014-04-06 14:03 - 01426178 _____ () C:\Users\imSizD\Downloads\AdwCleaner.exe2014-04-06 14:01 - 2014-04-06 14:01 - 00006113 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_140104.txt2014-04-06 14:01 - 2014-04-06 14:01 - 00000946 _____ () C:\Users\imSizD\Desktop\RKreport[0]_H_04062014_140139.txt2014-04-06 11:53 - 2014-04-06 11:53 - 00006079 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_115301.txt2014-04-06 11:46 - 2014-04-06 11:46 - 00000962 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_114600.txt2014-04-06 11:43 - 2014-04-06 11:43 - 00001182 _____ () C:\Users\imSizD\Desktop\RogueKiller - Shortcut.lnk2014-04-06 11:41 - 2014-04-06 11:41 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller (1).exe2014-04-06 11:40 - 2014-04-06 11:53 - 00000000 ____D () C:\Users\imSizD\Desktop\RK_Quarantine2014-04-06 11:39 - 2014-04-06 11:39 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller.exe2014-04-06 09:44 - 2014-04-06 09:44 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{136E41C8-1DA3-4360-827D-E6A168CF2351}2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Hewlett-Packard2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\ATI2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\LightsOff2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\Google2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\ATI2014-04-05 22:08 - 2014-04-05 22:08 - 00058016 _____ () C:\Users\GuestAccount\AppData\Local\GDIPFONTCACHEV1.DAT2014-04-05 22:08 - 2014-04-05 22:08 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7440DD2C-08ED-4258-83BB-8BF9FBD87B5E}2014-04-05 22:08 - 2014-04-05 22:08 - 00001419 _____ () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\Podcasts2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\PC Tech Hotline2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\AVAST Software2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Apple Computer2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Adobe2014-04-05 22:07 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount2014-04-05 22:07 - 2014-04-05 22:07 - 00004598 __RSH () C:\Users\GuestAccount\ntuser.pol2014-04-05 22:07 - 2014-04-05 22:07 - 00000020 ___SH () C:\Users\GuestAccount\ntuser.ini2014-04-05 22:07 - 2011-09-01 01:25 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Macromedia2014-04-05 22:07 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-04-05 22:07 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-04-05 21:22 - 2014-04-05 21:22 - 00008938 _____ () C:\Users\imSizD\Desktop\attach.txt2014-04-05 21:22 - 2014-04-05 21:21 - 00023631 _____ () C:\Users\imSizD\Desktop\dds.txt2014-04-05 21:19 - 2014-04-05 21:19 - 00688992 ____R (Swearware) C:\Users\imSizD\Downloads\dds (2).com2014-04-05 21:17 - 2014-04-05 21:17 - 00684612 _____ (Swearware) C:\Users\imSizD\Downloads\dds (1).com2014-04-05 21:15 - 2014-04-05 21:16 - 00687532 _____ (Swearware) C:\Users\imSizD\Downloads\dds.com2014-04-05 21:14 - 2014-04-05 21:14 - 00686072 _____ (Swearware) C:\Users\imSizD\Downloads\dds.scr2014-04-05 20:27 - 2014-04-06 18:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-05 20:26 - 2014-04-05 20:26 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-05 20:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-05 20:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-05 20:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-04-05 20:25 - 2014-04-05 20:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\imSizD\Downloads\mbam-setup-2.0.1.1004.exe2014-04-05 19:37 - 2014-04-05 19:37 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys2014-04-05 14:33 - 2014-04-05 14:33 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410}2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Users\imSizD\Documents\Flash Player Pro2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro2014-04-05 06:07 - 2014-04-05 06:07 - 00001248 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\emaze-Amazing Presentations.lnk2014-04-05 06:07 - 2014-04-05 06:07 - 00001244 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\emaze-Amazing Presentations.lnk2014-04-05 06:05 - 2014-04-05 21:18 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Start Savin2014-04-05 06:01 - 2014-04-05 06:01 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-04-05 05:58 - 2014-04-05 05:58 - 00376256 _____ () C:\Users\imSizD\Downloads\Gimp.exe2014-04-05 04:09 - 2014-04-06 18:00 - 00000008 __RSH () C:\Users\imSizD\ntuser.pol2014-04-05 02:53 - 2014-04-05 02:53 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-04-05 02:52 - 2014-04-06 20:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-05 02:52 - 2014-04-06 19:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-05 02:52 - 2014-04-05 02:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-04-05 02:52 - 2014-04-05 02:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-04-05 02:51 - 2014-04-05 02:52 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Deployment2014-04-05 02:51 - 2014-04-05 02:51 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Apps\2.02014-04-05 00:30 - 2014-04-05 00:33 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Windows Live2014-04-05 00:30 - 2014-04-05 00:30 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65}2014-04-05 00:10 - 2014-04-05 00:10 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\DropboxMaster2014-04-05 00:09 - 2014-04-05 00:09 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-04-05 00:08 - 2014-04-05 00:10 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Dropbox2014-04-05 00:08 - 2014-04-05 00:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-04-05 00:08 - 2014-04-05 00:08 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\AVAST Software2014-04-05 00:07 - 2014-04-06 17:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-04-05 00:07 - 2014-04-05 00:06 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-04-05 00:07 - 2014-04-05 00:06 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2014-04-05 00:07 - 2014-04-05 00:06 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-04-05 00:07 - 2014-04-05 00:06 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-04-05 00:07 - 2014-04-05 00:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-04-05 00:07 - 2014-04-05 00:06 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-04-05 00:07 - 2014-04-05 00:06 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-04-05 00:07 - 2014-04-05 00:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-04-05 00:06 - 2014-04-05 00:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-04-05 00:06 - 2014-04-05 00:06 - 00000000 ____D () C:\Program Files\AVAST Software2014-04-05 00:05 - 2014-04-05 00:05 - 00000000 ____D () C:\ProgramData\AVAST Software2014-04-05 00:03 - 2014-04-05 00:05 - 88551496 _____ (AVAST Software) C:\Users\imSizD\Downloads\avast_free_antivirus_setup.exe2014-04-04 23:44 - 2014-04-04 23:44 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\NewspaperDirect2014-04-04 23:43 - 2014-04-04 23:43 - 00000000 ____D () C:\ProgramData\PDFC2014-04-04 23:06 - 2012-09-11 10:22 - 00196608 _____ () C:\Users\imSizD\AppData\Local\common_functions.dll2014-04-04 23:06 - 2012-06-26 06:59 - 00940544 _____ (Apache Software Foundation) C:\Users\imSizD\AppData\Local\log4cxx.dll2014-04-04 23:04 - 2014-04-04 23:04 - 00000000 ____D () C:\Users\imSizD\Documents\Camtasia Studio2014-04-04 22:58 - 2014-04-04 22:58 - 00000000 ____D () C:\ProgramData\Oracle2014-04-04 22:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-04 22:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-04 22:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-04 22:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-04 22:54 - 2014-04-04 22:56 - 00006443 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log2014-04-02 16:43 - 2014-04-02 16:43 - 00000000 ____D () C:\Users\imSizD\AppData\Local\TB2014-03-15 17:07 - 2014-03-15 17:07 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Skype2014-03-14 15:48 - 2014-03-14 15:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype2014-03-14 15:01 - 2014-04-04 23:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\PMB Files2014-03-14 15:00 - 2014-03-14 15:00 - 00000008 __RSH () C:\Users\Guest\ntuser.pol2014-03-12 20:18 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-12 20:18 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-03-12 20:18 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-12 20:18 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-12 20:18 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-03-12 20:18 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-12 20:18 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-12 20:18 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-12 20:18 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-12 20:18 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-03-12 20:18 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-03-12 20:18 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-12 20:18 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-12 20:18 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-12 20:18 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-12 20:18 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-12 20:18 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-12 20:18 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-12 20:18 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-12 20:18 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-12 20:18 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-12 20:18 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-12 20:18 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-12 20:18 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-12 20:18 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-12 20:18 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-12 20:18 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-12 20:18 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-12 20:18 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-12 20:18 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-12 20:18 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-12 20:18 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-12 20:18 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-12 20:18 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-12 20:18 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-12 20:18 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-03-12 20:18 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-12 20:18 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-12 20:18 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-12 20:18 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-03-12 20:18 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-12 20:18 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-12 20:18 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-12 20:17 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-12 20:17 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-03-12 20:17 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-12 20:16 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-12 20:16 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\Users\imSizD\AppData\Local\WebInternetSecurity ==================== One Month Modified Files and Folders ======= 2014-04-06 20:36 - 2014-04-06 20:35 - 00012361 _____ () C:\Users\imSizD\Downloads\FRST.txt2014-04-06 20:35 - 2014-04-06 14:59 - 00000000 ____D () C:\FRST2014-04-06 20:22 - 2014-04-06 20:22 - 00005888 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_202248.txt2014-04-06 20:04 - 2014-04-05 02:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-06 20:03 - 2012-07-25 13:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-04-06 19:49 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-06 19:49 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-06 19:47 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-06 19:45 - 2011-12-24 10:23 - 01120136 _____ () C:\Windows\WindowsUpdate.log2014-04-06 19:41 - 2014-04-05 02:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-06 19:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-06 19:41 - 2009-07-14 00:51 - 00185698 _____ () C:\Windows\setupact.log2014-04-06 18:44 - 2014-04-05 20:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-06 18:02 - 2014-04-06 18:02 - 00448512 _____ (OldTimer Tools) C:\Users\imSizD\Downloads\TFC.exe2014-04-06 18:00 - 2014-04-05 04:09 - 00000008 __RSH () C:\Users\imSizD\ntuser.pol2014-04-06 18:00 - 2012-05-13 01:30 - 00000000 ____D () C:\Users\imSizD2014-04-06 17:57 - 2014-04-06 17:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol2014-04-06 17:55 - 2011-12-24 10:23 - 00000000 ____D () C:\Users\CBC2014-04-06 17:55 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-04-06 17:50 - 2014-04-05 00:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-04-06 17:50 - 2012-08-24 02:15 - 00000000 ____D () C:\Users\imSizD\AppData\Local\CrashDumps2014-04-06 17:49 - 2010-11-20 23:47 - 01518274 _____ () C:\Windows\PFRO.log2014-04-06 15:03 - 2014-04-06 15:01 - 00032755 _____ () C:\Users\imSizD\Desktop\Addition.txt2014-04-06 15:03 - 2014-04-06 15:00 - 00055542 _____ () C:\Users\imSizD\Desktop\FRST.txt2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Downloads\FRST64.exe2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Desktop\FRST64.exe2014-04-06 14:57 - 2014-04-06 14:57 - 01145856 _____ (Farbar) C:\Users\imSizD\Downloads\FRST.exe2014-04-06 14:18 - 2014-04-06 14:18 - 00029676 _____ () C:\Users\imSizD\Desktop\AdwCleaner[s0].txt2014-04-06 14:14 - 2014-04-06 14:04 - 00000000 ____D () C:\AdwCleaner2014-04-06 14:14 - 2012-11-13 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-04-06 14:14 - 2012-05-13 01:30 - 00000000 ___RD () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-06 14:06 - 2012-01-01 14:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-04-06 14:05 - 2012-01-08 13:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-04-06 14:03 - 2014-04-06 14:03 - 01426178 _____ () C:\Users\imSizD\Downloads\AdwCleaner.exe2014-04-06 14:01 - 2014-04-06 14:01 - 00006113 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_140104.txt2014-04-06 14:01 - 2014-04-06 14:01 - 00000946 _____ () C:\Users\imSizD\Desktop\RKreport[0]_H_04062014_140139.txt2014-04-06 11:53 - 2014-04-06 11:53 - 00006079 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_115301.txt2014-04-06 11:53 - 2014-04-06 11:40 - 00000000 ____D () C:\Users\imSizD\Desktop\RK_Quarantine2014-04-06 11:46 - 2014-04-06 11:46 - 00000962 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_114600.txt2014-04-06 11:43 - 2014-04-06 11:43 - 00001182 _____ () C:\Users\imSizD\Desktop\RogueKiller - Shortcut.lnk2014-04-06 11:43 - 2012-05-13 01:30 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{60E302E3-41D5-43BF-AD9D-9C53EFA17A31}2014-04-06 11:41 - 2014-04-06 11:41 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller (1).exe2014-04-06 11:39 - 2014-04-06 11:39 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller.exe2014-04-06 11:35 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\DigitalLocker2014-04-06 11:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat2014-04-06 09:44 - 2014-04-06 09:44 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{136E41C8-1DA3-4360-827D-E6A168CF2351}2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Hewlett-Packard2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\ATI2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\LightsOff2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\Google2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\ATI2014-04-05 22:08 - 2014-04-05 22:08 - 00058016 _____ () C:\Users\GuestAccount\AppData\Local\GDIPFONTCACHEV1.DAT2014-04-05 22:08 - 2014-04-05 22:08 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7440DD2C-08ED-4258-83BB-8BF9FBD87B5E}2014-04-05 22:08 - 2014-04-05 22:08 - 00001419 _____ () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\Podcasts2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\PC Tech Hotline2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\AVAST Software2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Apple Computer2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Adobe2014-04-05 22:08 - 2014-04-05 22:07 - 00000000 ____D () C:\Users\GuestAccount2014-04-05 22:07 - 2014-04-05 22:07 - 00004598 __RSH () C:\Users\GuestAccount\ntuser.pol2014-04-05 22:07 - 2014-04-05 22:07 - 00000020 ___SH () C:\Users\GuestAccount\ntuser.ini2014-04-05 21:38 - 2009-07-13 22:34 - 00000505 _____ () C:\Windows\win.ini2014-04-05 21:22 - 2014-04-05 21:22 - 00008938 _____ () C:\Users\imSizD\Desktop\attach.txt2014-04-05 21:21 - 2014-04-05 21:22 - 00023631 _____ () C:\Users\imSizD\Desktop\dds.txt2014-04-05 21:19 - 2014-04-05 21:19 - 00688992 ____R (Swearware) C:\Users\imSizD\Downloads\dds (2).com2014-04-05 21:18 - 2014-04-05 06:05 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Start Savin2014-04-05 21:18 - 2013-05-04 12:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Iminent2014-04-05 21:17 - 2014-04-05 21:17 - 00684612 _____ (Swearware) C:\Users\imSizD\Downloads\dds (1).com2014-04-05 21:16 - 2014-04-05 21:15 - 00687532 _____ (Swearware) C:\Users\imSizD\Downloads\dds.com2014-04-05 21:14 - 2014-04-05 21:14 - 00686072 _____ (Swearware) C:\Users\imSizD\Downloads\dds.scr2014-04-05 20:26 - 2014-04-05 20:26 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-05 20:25 - 2014-04-05 20:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\imSizD\Downloads\mbam-setup-2.0.1.1004.exe2014-04-05 19:37 - 2014-04-05 19:37 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys2014-04-05 14:33 - 2014-04-05 14:33 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410}2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Users\imSizD\Documents\Flash Player Pro2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro2014-04-05 06:07 - 2014-04-05 06:07 - 00001248 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\emaze-Amazing Presentations.lnk2014-04-05 06:07 - 2014-04-05 06:07 - 00001244 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\emaze-Amazing Presentations.lnk2014-04-05 06:01 - 2014-04-05 06:01 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-04-05 05:58 - 2014-04-05 05:58 - 00376256 _____ () C:\Users\imSizD\Downloads\Gimp.exe2014-04-05 04:41 - 2013-01-24 23:36 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Facebook2014-04-05 02:59 - 2014-04-05 02:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-04-05 02:59 - 2014-04-05 02:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-04-05 02:53 - 2014-04-05 02:53 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-04-05 02:53 - 2012-08-24 04:18 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Google2014-04-05 02:53 - 2012-07-25 13:07 - 00000000 ____D () C:\Program Files (x86)\Google2014-04-05 02:52 - 2014-04-05 02:51 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Deployment2014-04-05 02:51 - 2014-04-05 02:51 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Apps\2.02014-04-05 00:33 - 2014-04-05 00:30 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Windows Live2014-04-05 00:30 - 2014-04-05 00:30 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65}2014-04-05 00:10 - 2014-04-05 00:10 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\DropboxMaster2014-04-05 00:10 - 2014-04-05 00:08 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Dropbox2014-04-05 00:09 - 2014-04-05 00:09 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-04-05 00:08 - 2014-04-05 00:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-04-05 00:08 - 2014-04-05 00:08 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\AVAST Software2014-04-05 00:06 - 2014-04-05 00:07 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-04-05 00:06 - 2014-04-05 00:07 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2014-04-05 00:06 - 2014-04-05 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-04-05 00:06 - 2014-04-05 00:07 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-04-05 00:06 - 2014-04-05 00:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-04-05 00:06 - 2014-04-05 00:07 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-04-05 00:06 - 2014-04-05 00:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-04-05 00:06 - 2014-04-05 00:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-04-05 00:06 - 2014-04-05 00:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-04-05 00:06 - 2014-04-05 00:06 - 00000000 ____D () C:\Program Files\AVAST Software2014-04-05 00:05 - 2014-04-05 00:05 - 00000000 ____D () C:\ProgramData\AVAST Software2014-04-05 00:05 - 2014-04-05 00:03 - 88551496 _____ (AVAST Software) C:\Users\imSizD\Downloads\avast_free_antivirus_setup.exe2014-04-05 00:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-04-04 23:54 - 2012-08-25 19:22 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Skype2014-04-04 23:54 - 2012-01-21 18:44 - 00000000 ____D () C:\ProgramData\Skype2014-04-04 23:53 - 2012-09-24 20:07 - 00000000 ____D () C:\ProgramData\Yahoo!2014-04-04 23:53 - 2012-09-24 20:06 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2014-04-04 23:52 - 2012-12-27 02:02 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Unity2014-04-04 23:44 - 2014-04-04 23:44 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\NewspaperDirect2014-04-04 23:43 - 2014-04-04 23:43 - 00000000 ____D () C:\ProgramData\PDFC2014-04-04 23:38 - 2012-01-20 17:22 - 00000000 ____D () C:\Program Files (x86)\Motorola2014-04-04 23:31 - 2011-12-24 13:30 - 00001945 _____ () C:\Windows\epplauncher.mif2014-04-04 23:25 - 2012-09-24 22:45 - 00000000 ____D () C:\Program Files\DivX2014-04-04 23:25 - 2012-09-24 22:42 - 00000000 ____D () C:\Program Files (x86)\DivX2014-04-04 23:25 - 2012-09-24 22:37 - 00000000 ____D () C:\ProgramData\DivX2014-04-04 23:18 - 2012-05-13 01:31 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Apple Computer2014-04-04 23:18 - 2011-12-31 03:59 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-04-04 23:14 - 2014-03-14 15:01 - 00000000 ____D () C:\Users\Guest\AppData\Local\PMB Files2014-04-04 23:12 - 2012-07-25 13:07 - 00000000 ____D () C:\Program Files\Google2014-04-04 23:10 - 2013-05-04 12:13 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog2014-04-04 23:05 - 2012-04-08 16:18 - 00000000 ____D () C:\ProgramData\TechSmith2014-04-04 23:04 - 2014-04-04 23:04 - 00000000 ____D () C:\Users\imSizD\Documents\Camtasia Studio2014-04-04 22:58 - 2014-04-04 22:58 - 00000000 ____D () C:\ProgramData\Oracle2014-04-04 22:56 - 2014-04-04 22:54 - 00006443 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log2014-04-04 22:56 - 2012-01-13 22:23 - 00000000 ____D () C:\Program Files (x86)\Java2014-04-04 22:54 - 2012-07-25 13:07 - 00000000 ____D () C:\ProgramData\Google2014-04-04 22:39 - 2014-02-09 14:07 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForimSizD2014-04-04 22:39 - 2014-02-09 14:07 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForimSizD.job2014-04-03 09:51 - 2014-04-05 20:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 09:51 - 2014-04-05 20:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 09:50 - 2014-04-05 20:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-04-02 16:43 - 2014-04-02 16:43 - 00000000 ____D () C:\Users\imSizD\AppData\Local\TB2014-03-31 09:35 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-03-26 08:49 - 2012-02-04 22:32 - 00000000 ____D () C:\Windows\Minidump2014-03-26 08:49 - 2011-09-01 02:38 - 00330200 ____N () C:\Windows\Minidump\032614-19780-01.dmp2014-03-25 21:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-03-21 03:09 - 2013-08-13 03:13 - 00000000 ____D () C:\Windows\system32\MRT2014-03-21 03:02 - 2011-12-24 12:14 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-15 17:07 - 2014-03-15 17:07 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Skype2014-03-15 17:00 - 2013-06-10 22:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype2014-03-14 15:48 - 2014-03-14 15:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype2014-03-14 15:46 - 2013-02-16 13:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps2014-03-14 15:00 - 2014-03-14 15:00 - 00000008 __RSH () C:\Users\Guest\ntuser.pol2014-03-14 15:00 - 2013-02-16 13:44 - 00000000 ____D () C:\Users\Guest2014-03-13 03:31 - 2009-07-14 00:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-13 03:30 - 2012-05-14 12:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-13 03:29 - 2012-05-14 12:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-12 20:04 - 2012-07-25 13:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-12 20:04 - 2012-07-25 13:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-03-12 20:04 - 2011-09-01 01:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\Users\imSizD\AppData\Local\WebInternetSecurity Some content of TEMP:====================C:\Users\imSizD\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-05 22:30 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by imSizD at 2014-04-06 20:37:29Running from C:\Users\imSizD\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) HiddenAdobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.60512.1804 - ATI Technologies Inc.) HiddenAMD VISION Engine Control Center (x32 Version: 2011.0512.1812.30806 - ATI) HiddenApple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{85A5A208-1A5A-A736-170E-AA826BC19B2A}) (Version: 3.0.829.0 - ATI Technologies, Inc.)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2011.0512.1812.30806 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2011.0512.1812.30806 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Czech (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Danish (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Dutch (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help English (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Finnish (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help French (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help German (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Greek (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Hungarian (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Italian (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Japanese (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Korean (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Norwegian (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Polish (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Portuguese (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Russian (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Spanish (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Swedish (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Thai (x32 Version: 2011.0512.1811.30806 - ATI) HiddenCCC Help Turkish (x32 Version: 2011.0512.1811.30806 - ATI) Hiddenccc-utility64 (Version: 2011.0512.1812.30806 - ATI) HiddenContent Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.2.0.07300 - Sony Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)emaze PowerPoint Add-In (HKCU\...\emaze PowerPoint Add-In) (Version: 1.1 - emaze.com)Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) HiddenHP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) HiddenHP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)Java 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenK-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) HiddenRemote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)Snap.Do (HKLM-x32\...\{8ABED4F1-34E7-420B-9BD1-FD6FFC0BDDE1}) (Version: 1.6.1.751 - ReSoft Ltd.) <==== ATTENTIONStart Savin (HKLM-x32\...\35450_Start Savin) (Version: 1.0 - Smart Apps)Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) HiddenVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) HiddenZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)Zune (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 26-03-2014 22:46:08 Scheduled Checkpoint30-03-2014 19:20:37 Windows Update02-04-2014 20:50:32 Windows Update05-04-2014 02:53:00 Installed Java 7 Update 5105-04-2014 03:01:04 Removed Facebook Video Calling 2.0.0.44705-04-2014 03:02:52 Removed Camtasia Studio 705-04-2014 03:19:01 Removed Skype Click to Call05-04-2014 03:33:29 Removed NWZ-S540 WALKMAN Guide.05-04-2014 03:34:39 Removed Microsoft SQL Server 2005 Compact Edition [ENU]05-04-2014 03:43:58 Removed PressReader.05-04-2014 03:46:33 Removed Python 3.0.105-04-2014 03:51:15 Removed Steam05-04-2014 03:52:26 Removed NetAssistant05-04-2014 03:54:11 Removed Skype™ 6.1405-04-2014 03:55:01 Removed Skype Click to Call05-04-2014 03:57:04 Removed Skype Click to Call05-04-2014 04:05:38 avast! antivirus system restore point05-04-2014 06:52:34 Removed Skype Click to Call05-04-2014 06:56:23 Removed Skype Click to Call05-04-2014 10:07:54 Installed WeatherBug05-04-2014 23:45:05 Windows Update06-04-2014 15:58:54 MrC Restore Point06-04-2014 21:51:26 Removed WeatherBug ==================== Hosts content: ========================== 2009-07-13 22:34 - 2014-04-06 14:01 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0A6133A1-89DD-433A-B00E-1FAD9ECDA0A1} - \SoftUpdateDaily No Task FileTask: {24515430-C2F2-4AEA-BBEA-9ED0AF5F6023} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: {275DD507-5869-4978-A971-8BB0C27C03FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)Task: {28E46B4C-FE46-49BF-8B65-E63F16E7B439} - System32\Tasks\{1E71EC92-6054-417D-8C8A-71DBA934D0E6} => Iexplore.exe http://ui.skype.com/ui/0/6.7.0.102/en/go/help.faq.installer?LastError=1601Task: {290FF59D-96DF-4C6A-8A56-8D8B2D33F283} - System32\Tasks\{C522EDCB-8AE5-44B6-884A-2EDE960984B9} => Iexplore.exe http://ui.skype.com/ui/0/6.0.59.126/en/abandoninstall?page=tsProgressBarTask: {4211A994-3005-40A4-8C90-AE69DD00806A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)Task: {48541A51-54C7-49FC-8C96-4F1E3AA627BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)Task: {7706956C-A189-4655-8CD3-366D8D88147A} - System32\Tasks\HPCeeScheduleForimSizD => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {77953C02-9204-4E21-86C2-8DB62C7361E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)Task: {8513FD1B-F3B5-4ED1-A47E-1A2194C5AFF0} - \SoftUpdateLogon No Task FileTask: {8A235D1B-798C-4CA1-B45D-519AB10424D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: {90CE351A-E1CA-45E2-9515-B7535CCB4767} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software)Task: {B201E691-7E32-4424-AB42-01A23B0AF185} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()Task: {B3CCC46C-72FD-4E09-9238-2B4282A122E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {BD46CDE0-BDEB-4D0E-B6D8-4F5F0D321AA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {CB55012F-6A3D-4D40-A405-20279A99B23C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {E63B9EE5-50EE-4E77-A509-536D6C9E4F01} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-22] (CyberLink)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForimSizD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-05-12 21:10 - 2011-05-12 21:10 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2011-03-14 17:20 - 2011-03-14 17:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2014-04-06 09:42 - 2014-04-06 09:42 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-04-05 00:06 - 2014-04-05 00:06 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (04/06/2014 06:03:57 PM) (Source: Application Error) (User: )Description: Faulting application name: services.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc10eFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24Exception code: 0xc0000005Fault offset: 0x0000000000020a7aFaulting process id: 0x23cFaulting application start time: 0xservices.exe0Faulting application path: services.exe1Faulting module path: services.exe2Report Id: services.exe3 Error: (04/06/2014 06:01:11 PM) (Source: Customer Experience Improvement Program) (User: )Description: 80004005 Error: (04/06/2014 05:50:01 PM) (Source: Application Error) (User: )Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Exception code: 0xc0000409Fault offset: 0x0002f648Faulting process id: 0xaacFaulting application start time: 0xWeather.exe0Faulting application path: Weather.exe1Faulting module path: Weather.exe2Report Id: Weather.exe3 Error: (04/06/2014 05:47:22 PM) (Source: Application Error) (User: )Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Exception code: 0xc0000409Fault offset: 0x0002f648Faulting process id: 0xa88Faulting application start time: 0xWeather.exe0Faulting application path: Weather.exe1Faulting module path: Weather.exe2Report Id: Weather.exe3 Error: (04/06/2014 02:25:19 PM) (Source: Application Error) (User: )Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Exception code: 0xc0000409Fault offset: 0x0002f648Faulting process id: 0x1084Faulting application start time: 0xWeather.exe0Faulting application path: Weather.exe1Faulting module path: Weather.exe2Report Id: Weather.exe3 Error: (04/06/2014 02:17:06 PM) (Source: Application Error) (User: )Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Exception code: 0xc0000409Fault offset: 0x0002f648Faulting process id: 0xcb8Faulting application start time: 0xWeather.exe0Faulting application path: Weather.exe1Faulting module path: Weather.exe2Report Id: Weather.exe3 Error: (04/06/2014 11:37:07 AM) (Source: Application Error) (User: )Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Exception code: 0xc0000409Fault offset: 0x0002f648Faulting process id: 0xcb4Faulting application start time: 0xWeather.exe0Faulting application path: Weather.exe1Faulting module path: Weather.exe2Report Id: Weather.exe3 Error: (04/06/2014 11:34:49 AM) (Source: Application Error) (User: )Description: Faulting application name: CltMngSvc.exe, version: 0.0.0.0, time stamp: 0x00000000Faulting module name: CltMngSvc.exe, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0x40000015Fault offset: 0x000cf003Faulting process id: 0xa50Faulting application start time: 0xCltMngSvc.exe0Faulting application path: CltMngSvc.exe1Faulting module path: CltMngSvc.exe2Report Id: CltMngSvc.exe3 Error: (04/06/2014 09:43:44 AM) (Source: Application Error) (User: )Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59Exception code: 0xc0000409Fault offset: 0x0002f648Faulting process id: 0x1664Faulting application start time: 0xWeather.exe0Faulting application path: Weather.exe1Faulting module path: Weather.exe2Report Id: Weather.exe3 Error: (04/06/2014 09:42:25 AM) (Source: Customer Experience Improvement Program) (User: )Description: 80004005 System errors:=============Error: (04/06/2014 07:40:16 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/06/2014 06:37:44 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 6:03:34 PM on ‎4/‎6/‎2014 was unexpected. Error: (04/06/2014 06:22:54 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/06/2014 05:56:55 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/06/2014 05:55:44 PM) (Source: Service Control Manager) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the pcregservice service. Error: (04/06/2014 05:48:33 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/06/2014 02:15:15 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/06/2014 11:41:56 AM) (Source: Service Control Manager) (User: )Description: The Lights Off service terminated unexpectedly. It has done this 1 time(s). Error: (04/06/2014 11:36:41 AM) (Source: Service Control Manager) (User: )Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: %%1053 Error: (04/06/2014 11:36:41 AM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect. Microsoft Office Sessions:=========================Error: (04/06/2014 06:03:57 PM) (Source: Application Error)(User: )Description: services.exe6.1.7600.163854a5bc10entdll.dll6.1.7601.18247521eaf24c00000050000000000020a7a23c01cf51e33c6a608eC:\Windows\system32\services.exeC:\Windows\SYSTEM32\ntdll.dll5933e282-bdd7-11e3-b7d5-3860774d677a Error: (04/06/2014 06:01:11 PM) (Source: Customer Experience Improvement Program)(User: )Description: 80004005 Error: (04/06/2014 05:50:01 PM) (Source: Application Error)(User: )Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648aac01cf51e2257b959cC:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe66e48cba-bdd5-11e3-a545-3860774d677a Error: (04/06/2014 05:47:22 PM) (Source: Application Error)(User: )Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648a8801cf51e1c89b631bC:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe07efa2ec-bdd5-11e3-8ebe-3860774d677a Error: (04/06/2014 02:25:19 PM) (Source: Application Error)(User: )Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648108401cf51c58f7b10f6C:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exece4ec678-bdb8-11e3-8ebe-3860774d677a Error: (04/06/2014 02:17:06 PM) (Source: Application Error)(User: )Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648cb801cf51c465acdc48C:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exea88c0860-bdb7-11e3-8ebe-3860774d677a Error: (04/06/2014 11:37:07 AM) (Source: Application Error)(User: )Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648cb401cf51ae0a9c9eabC:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe4f249153-bda1-11e3-852b-3860774d677a Error: (04/06/2014 11:34:49 AM) (Source: Application Error)(User: )Description: CltMngSvc.exe0.0.0.000000000CltMngSvc.exe0.0.0.00000000040000015000cf003a5001cf50fe7eca5b39C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exeC:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exefc8be353-bda0-11e3-8a2e-3860774d677a Error: (04/06/2014 09:43:44 AM) (Source: Application Error)(User: )Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648166401cf519e3682cb56C:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe77db95c2-bd91-11e3-8a2e-3860774d677a Error: (04/06/2014 09:42:25 AM) (Source: Customer Experience Improvement Program)(User: )Description: 80004005 ==================== Memory info =========================== Percentage of memory in use: 39%Total physical RAM: 2662.55 MBAvailable physical RAM: 1606.04 MBTotal Pagefile: 5323.27 MBAvailable Pagefile: 3928.42 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:454.29 GB) (Free:377.17 GB) NTFSDrive d: (HP_RECOVERY) (Fixed) (Total:11.37 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B343CE4)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. Here is the RougeKiller log. I didn't fix anything. I just ran the scan. FRST will be posted in a minute. RogueKiller V8.8.15 [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : imSizD [Admin rights]Mode : Scan -- Date : 04/06/2014 20:22:49| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] SMessaging.exe -- C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 26 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SMessaging (C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [7]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] Registration : "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" - Registration ShowMessageTask2D [7][-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA662 SATA Disk Device +++++--- User ---[MBR] bcdd0a3c830e7370ec3d0fdef493087c[bSP] b8126f12bbf92798498ffc5b42ece95b : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465198 MB2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952932352 | Size: 11640 MBUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] b9de2baea951a04b2eea32443f72ff96[bSP] 79902e57a6fb9f549efe40d60f164710 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 165308416 | Size: 300 MB +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_04062014_202248.txt >>RKreport[0]_H_04062014_140139.txt;RKreport[0]_S_04062014_114600.txt;RKreport[0]_S_04062014_115301.txtRKreport[0]_S_04062014_140104.txt
  5. I also uninstalled WeatherBug as I noticed that it re-installed itself once already before I asked for help from this forum.
  6. I uninstalled; Lights Off PC Tech Hotline PC Speed Maximizer Snap.Do and Web Internet Security were not listed I believe FRST executed properly and the log is attached. I reset the Chrome homepage. Fixlog.txt
  7. Forgot to mention this but the Malwarebytes scan came up clean this time.
  8. All three files are attached. Just an update, computer is regaining speed but PCTechHotline is still functioning. AdwCleanerS0.txt FRST.txt Addition.txt
  9. Restore point has been created and is working.
  10. Sorry MrC, I don't know why the scan aborted so I tried it again. This is the 2nd scan; RogueKiller V8.8.15 [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : imSizD [Admin rights]Mode : Scan -- Date : 04/06/2014 11:53:01| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 26 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SMessaging (C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [7]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤[V2][sUSP PATH] DTReg : C:\Users\imSizD\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [x] -> FOUND[V2][sUSP PATH] Registration : "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" - Registration ShowMessageTask2D [7][-] -> FOUND[V2][sUSP PATH] SoftUpdateDaily : C:\Users\imSizD\AppData\Local\SoftUpdate\SoftUpdate.exe [-] -> FOUND[V2][sUSP PATH] SoftUpdateLogon : C:\Users\imSizD\AppData\Local\SoftUpdate\SoftUpdate.exe [-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 2 ¤¤¤[CHR][PUP] Default : Surf Canyon[CHR][PUP] Default : New tab for Chrome⢠¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA662 SATA Disk Device +++++--- User ---[MBR] bcdd0a3c830e7370ec3d0fdef493087c[bSP] b8126f12bbf92798498ffc5b42ece95b : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465198 MB2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952932352 | Size: 11640 MBUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] b9de2baea951a04b2eea32443f72ff96[bSP] 79902e57a6fb9f549efe40d60f164710 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 165308416 | Size: 300 MB +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++Error reading User MBR! ([0x15] The device is not ready. )User = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_04062014_115301.txt >>RKreport[0]_S_04062014_114600.txt
  11. RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : imSizD [Admin rights] Mode : Scan [Aborted] -- Date : 04/06/2014 11:46:00 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ Finished : << RKreport[0]_S_04062014_114600.txt >>
  12. Yes, that was my fault. I didn't think it posted the first time. I will use and reply in the other post, thank you.
  13. After running Malwarebytes and finding over 500 detections (threats) I still believe this PC is heavily infected. I believe PCTechHotline is the main culprit. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2 Run by imSizD at 21:19:50 on 2014-04-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.964 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Windows\system32\dmwu.exe C:\ProgramData\LightsOff\LightsOffService.exe C:\Program Files\pcreg\pcreg.exe C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\LinkiDoo\updateLinkiDoo.exe C:\Program Files (x86)\LinkiDoo\bin\utilLinkiDoo.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe C:\Windows\SysWOW64\jmdp\stij.exe C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe C:\Windows\System32\ljkb\stij.exe C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe C:\Users\imSizD\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe C:\Users\imSizD\AppData\Local\WeatherAlerts\WeatherAlerts.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Bench\BService\bservice.exe C:\Program Files (x86)\Bench\Wd\wd.exe C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe C:\Program Files\iPod\bin\iPodService.exe C:\ProgramData\LightsOff\LightsOff.exe C:\Program Files (x86)\PCTechHotline\PCTHHook.exe C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\LinkiDoo\bin\FilterApp_C64.exe C:\Program Files (x86)\LinkiDoo\bin\XTLSApp.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: {3352F334-A389-4004-A026-3A161A0C69A7} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - uRun: [pcreg] C:\Program Files\pcreg\service.exe uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe mRun: [sMessaging] C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [WebInternetSecurity] "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui mRun: [pcreg] C:\Program Files\pcreg\service.exe mRun: [PCTechHotline] "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" StartupFolder: C:\Users\imSizD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.3.1 TCP: Interfaces\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer = 208.69.150.250,208.69.150.252 TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer = 208.69.150.250,208.69.150.252 TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer = 208.69.150.250,208.69.150.252 TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : NameServer = 208.69.150.250,208.69.150.252 TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer = 208.69.150.250,208.69.150.252 TCP: Interfaces\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer = 208.69.150.250,208.69.150.252 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun x64-Run: [pcreg] C:\Program Files\pcreg\service.exe x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-9-1 79488] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-9-1 40064] R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-5 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-5 208928] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-5 1039096] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-5 423240] R1 wStLib64;wStLib64;C:\Windows\System32\drivers\wStLib64.sys [2014-4-5 61112] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-1 204288] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-5 79184] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-5 50344] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-25 48488] R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 LightsOff;Lights Off;C:\ProgramData\LightsOff\LightsOffService.exe [2014-3-21 61816] R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-3-13 33864] R2 PCTechHotlineSvc;PCTechHotlineService;C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [2014-4-5 701800] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-1 169584] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-5 119512] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-1 47232] RUnknown CltMngSvc;CltMngSvc; [x] RUnknown IBUpdaterService;IBUpdaterService; [x] RUnknown Update LinkiDoo;Update LinkiDoo; [x] RUnknown Util LinkiDoo;Util LinkiDoo; [x] S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-5 84816] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616] S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2013-10-29 20232] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-04-06 00:27:02 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-06 00:26:37 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-06 00:26:37 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-06 00:26:37 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-04-06 00:26:37 -------- d-----w- C:\ProgramData\Malwarebytes 2014-04-06 00:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-05 23:47:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\offreg.dll 2014-04-05 23:45:47 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\mpengine.dll 2014-04-05 23:37:39 61112 ----a-w- C:\Windows\System32\drivers\wStLib64.sys 2014-04-05 18:33:20 -------- d-----w- C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410} 2014-04-05 10:10:17 -------- d-----w- C:\Users\imSizD\AppData\Local\LightsOff 2014-04-05 10:10:05 -------- d-----w- C:\Program Files (x86)\Flash Player Pro 2014-04-05 10:09:49 -------- d-----w- C:\Program Files (x86)\MyPC Backup 2014-04-05 10:09:23 -------- d-----w- C:\ProgramData\LightsOff 2014-04-05 10:09:03 -------- d-----w- C:\Program Files (x86)\AWS 2014-04-05 10:07:51 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Speed Maximizer 2014-04-05 10:07:30 -------- d-----w- C:\Users\imSizD\AppData\Local\pptaddin 2014-04-05 10:07:18 -------- d-----w- C:\Users\imSizD\AppData\Local\SoftUpdate 2014-04-05 10:07:07 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Tech Hotline 2014-04-05 10:06:56 -------- d-----w- C:\Program Files (x86)\PCTechHotline 2014-04-05 10:06:50 -------- d-----w- C:\Program Files (x86)\PCFixSpeed 2014-04-05 10:05:34 -------- d-----w- C:\Users\imSizD\AppData\Local\Start Savin 2014-04-05 10:05:34 -------- d-----w- C:\Program Files (x86)\Bench 2014-04-05 10:02:47 -------- d-----w- C:\Program Files\pcreg 2014-04-05 10:02:33 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer 2014-04-05 10:01:38 -------- d-----w- C:\Program Files (x86)\LinkiDoo 2014-04-05 10:00:42 -------- d-----w- C:\Users\imSizD\AppData\Local\WeatherAlerts 2014-04-05 10:00:11 -------- d-----w- C:\Users\imSizD\AppData\Local\SearchProtect 2014-04-05 09:59:33 -------- d-----w- C:\Program Files (x86)\SearchProtect 2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Deployment 2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Apps 2014-04-05 04:30:38 -------- d-----w- C:\Users\imSizD\AppData\Local\Windows Live 2014-04-05 04:30:17 -------- d-----w- C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65} 2014-04-05 04:10:04 -------- d-----w- C:\Users\imSizD\AppData\Roaming\DropboxMaster 2014-04-05 04:08:33 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Dropbox 2014-04-05 04:08:17 -------- d-----w- C:\Users\imSizD\AppData\Roaming\AVAST Software 2014-04-05 04:07:03 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2014-04-05 04:07:03 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-04-05 04:07:03 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2014-04-05 04:07:02 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-04-05 04:07:02 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-04-05 04:07:02 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-04-05 04:06:55 43152 ----a-w- C:\Windows\avastSS.scr 2014-04-05 04:06:13 -------- d-----w- C:\Program Files\AVAST Software 2014-04-05 04:05:14 -------- d-----w- C:\ProgramData\AVAST Software 2014-04-05 03:44:58 -------- d-----w- C:\Users\imSizD\AppData\Roaming\NewspaperDirect 2014-04-05 03:43:18 -------- d-----w- C:\ProgramData\PDFC 2014-04-05 03:06:30 940544 ----a-w- C:\Users\imSizD\AppData\Local\log4cxx.dll 2014-04-05 03:06:30 196608 ----a-w- C:\Users\imSizD\AppData\Local\common_functions.dll 2014-04-05 02:58:24 -------- d-----w- C:\ProgramData\Oracle 2014-04-05 02:56:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-02 20:43:04 -------- d-----w- C:\Users\imSizD\AppData\Local\TB 2014-03-21 08:11:00 1161080 ----a-w- C:\Windows\SysWow64\LightsOff.CD920490367F.dll 2014-03-15 21:28:02 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Systweak 2014-03-15 21:26:59 -------- d-----w- C:\temp 2014-03-15 21:26:47 -------- d-----w- C:\Program Files (x86)\RegClean Pro 2014-03-15 21:25:59 -------- d-----w- C:\Program Files\Level Quality Watcher 2014-03-15 21:07:23 -------- d-----w- C:\Users\imSizD\AppData\Local\Skype 2014-03-13 07:29:07 0 ----a-w- C:\Windows\SysWow64\sho2BD1.tmp 2014-03-13 00:17:59 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-13 00:17:59 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2014-03-13 00:16:31 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-13 00:16:31 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-03-08 15:36:41 -------- d-----w- C:\Users\imSizD\AppData\Local\WebInternetSecurity . ==================== Find3M ==================== . 2014-04-06 01:21:01 79064 ----a-w- C:\Windows\System32\drivers\hdwkwhcj.sys 2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe 2014-03-13 00:04:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-13 00:04:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-02-04 16:35:36 1859376 ------w- C:\Windows\System32\dmwu.exe 2014-02-04 16:31:42 34304 ----a-w- C:\Windows\System32\ImHttpComm.dll 2014-02-04 08:39:36 829264 ----a-w- C:\Windows\System32\msvcr100.dll 2014-02-04 08:39:36 608080 ----a-w- C:\Windows\System32\msvcp100.dll 2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll . ============= FINISH: 21:21:48.50 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/24/2011 9:23:49 AM System Uptime: 4/5/2014 2:38:34 PM (7 hours ago) . Motherboard: PEGATRON CORPORATION | | 2AD3 Processor: AMD E-300 APU with Radeon HD Graphics | CPU 1 | 1300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 454 GiB total, 364.353 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.391 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP309: 3/26/2014 6:46:08 PM - Scheduled Checkpoint RP310: 3/30/2014 3:20:37 PM - Windows Update RP311: 4/2/2014 4:50:32 PM - Windows Update RP312: 4/4/2014 10:53:00 PM - Installed Java 7 Update 51 RP313: 4/4/2014 11:01:04 PM - Removed Facebook Video Calling 2.0.0.447 RP314: 4/4/2014 11:02:52 PM - Removed Camtasia Studio 7 RP315: 4/4/2014 11:19:01 PM - Removed Skype Click to Call RP316: 4/4/2014 11:33:29 PM - Removed NWZ-S540 WALKMAN Guide. RP317: 4/4/2014 11:34:39 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU] RP318: 4/4/2014 11:43:58 PM - Removed PressReader. RP319: 4/4/2014 11:46:33 PM - Removed Python 3.0.1 RP320: 4/4/2014 11:51:15 PM - Removed Steam RP321: 4/4/2014 11:52:26 PM - Removed NetAssistant RP322: 4/4/2014 11:54:11 PM - Removed Skype™ 6.14 RP323: 4/4/2014 11:55:01 PM - Removed Skype Click to Call RP324: 4/4/2014 11:57:04 PM - Removed Skype Click to Call RP325: 4/5/2014 12:05:38 AM - avast! antivirus system restore point RP326: 4/5/2014 2:52:34 AM - Removed Skype Click to Call RP327: 4/5/2014 2:56:23 AM - Removed Skype Click to Call RP328: 4/5/2014 6:07:54 AM - Installed WeatherBug RP329: 4/5/2014 7:45:05 PM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 12 ActiveX AMD APP SDK Runtime AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager avast! Free Antivirus Belkin F7D1101 Basic Wireless USB Adapter Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Content Transfer D3DX10 Dropbox emaze PowerPoint Add-In Flash Player Pro V5.4 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hewlett-Packard ACLM.NET v1.2.2.3 HP Auto HP Client Services HP Customer Experience Enhancements HP LinkUp HP MovieStore HP Odometer HP Setup HP Setup Manager HP Support Assistant HP Support Information HP Update HP Vision Hardware Diagnostics iTunes Java 7 Update 51 Java 7 Update 7 (64-bit) Java Auto Updater Java SE Development Kit 7 Update 7 (64-bit) Java 6 Update 30 Junk Mail filter update K-Lite Codec Pack 7.0.0 (Standard) League of Legends Lights Off Malwarebytes Anti-Malware version 2.0.1.1004 Mesh Runtime Messenger Companion Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime MotoHelper MergeModules MSVCRT MSVCRT Redists MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPC Backup PC Speed Maximizer v3.2 PC Tech Hotline PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Realtek High Definition Audio Driver Recovery Manager Remote Graphics Receiver SavingsBull Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Snap.Do Start Savin Strongvault Online Backup VC80CRTRedist - 8.0.50727.6195 WeatherBug Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Device Updater Component Zinio Reader 4 ZTE Handset USB Driver Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 4/5/2014 6:02:51 AM, Error: Service Control Manager [7030] - The pcregservice Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/5/2014 2:40:53 AM, Error: volmgr [46] - Crash dump initialization failed! 4/5/2014 2:40:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect. 4/5/2014 2:40:10 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/4/2014 4:19:40 AM, Error: Microsoft Antimalware [2001] - 4/4/2014 4:09:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service. 4/4/2014 4:09:30 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/4/2014 11:31:35 PM, Error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s). 4/4/2014 11:15:53 PM, Error: Service Control Manager [7034] - The Re-Markable service terminated unexpectedly. It has done this 1 time(s). 4/4/2014 11:14:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user CBC-HP\Guest SID (S-1-5-21-3740989883-1198457843-2048904567-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 4/4/2014 11:13:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MotoHelper Service service to connect. 4/4/2014 11:13:13 PM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/31/2014 4:59:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 3/30/2014 3:08:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. . ==== End Of File =========================== attach.txt dds.txt
  14. After using malwarebytes and finding over 500 problems, some things are still present with PCTechHotline being what I think is the main culprit. Here are the requested logs; DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2Run by imSizD at 21:19:50 on 2014-04-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.964 [GMT -4:00].AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Windows\system32\dmwu.exeC:\ProgramData\LightsOff\LightsOffService.exeC:\Program Files\pcreg\pcreg.exeC:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\LinkiDoo\updateLinkiDoo.exeC:\Program Files (x86)\LinkiDoo\bin\utilLinkiDoo.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exeC:\Windows\SysWOW64\jmdp\stij.exeC:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exeC:\Windows\System32\ljkb\stij.exeC:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files (x86)\Windows Live\Family Safety\fsui.exeC:\Users\imSizD\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exeC:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\MyPC Backup\MyPC Backup.exeC:\Users\imSizD\AppData\Local\WeatherAlerts\WeatherAlerts.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Bench\BService\bservice.exeC:\Program Files (x86)\Bench\Wd\wd.exeC:\Program Files (x86)\PCFixSpeed\PCFixTray.exeC:\Program Files (x86)\PCTechHotline\PCTechHotline.exeC:\Program Files\iPod\bin\iPodService.exeC:\ProgramData\LightsOff\LightsOff.exeC:\Program Files (x86)\PCTechHotline\PCTHHook.exeC:\Program Files (x86)\PCTechHotline\PCTHHook64.exeC:\Program Files\Windows Media Player\wmpnetwk.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\LinkiDoo\bin\FilterApp_C64.exeC:\Program Files (x86)\LinkiDoo\bin\XTLSApp.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\SysWOW64\ctfmon.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: {3352F334-A389-4004-A026-3A161A0C69A7} - <orphaned>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllTB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - uRun: [pcreg] C:\Program Files\pcreg\service.exeuRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exemRun: [sMessaging] C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [WebInternetSecurity] "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [pcreg] C:\Program Files\pcreg\service.exemRun: [PCTechHotline] "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUPdRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"StartupFolder: C:\Users\imSizD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: HideSCAHealth = dword:1mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: HideSCAHealth = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeDPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.3.1TCP: Interfaces\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer = 208.69.150.250,208.69.150.252TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer = 208.69.150.250,208.69.150.252TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : DHCPNameServer = 192.168.3.1TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer = 208.69.150.250,208.69.150.252TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : DHCPNameServer = 192.168.3.1TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : NameServer = 208.69.150.250,208.69.150.252TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer = 208.69.150.250,208.69.150.252TCP: Interfaces\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer = 208.69.150.250,208.69.150.252Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dllx64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorunx64-Run: [pcreg] C:\Program Files\pcreg\service.exex64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Updatex64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-9-1 79488]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-9-1 40064]R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-5 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-5 208928]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-5 1039096]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-5 423240]R1 wStLib64;wStLib64;C:\Windows\System32\drivers\wStLib64.sys [2014-4-5 61112]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-1 204288]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-5 79184]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-5 50344]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-25 48488]R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 LightsOff;Lights Off;C:\ProgramData\LightsOff\LightsOffService.exe [2014-3-21 61816]R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-3-13 33864]R2 PCTechHotlineSvc;PCTechHotlineService;C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [2014-4-5 701800]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-1 169584]R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-5 119512]R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-1 47232]RUnknown CltMngSvc;CltMngSvc; [x]RUnknown IBUpdaterService;IBUpdaterService; [x]RUnknown Update LinkiDoo;Update LinkiDoo; [x]RUnknown Util LinkiDoo;Util LinkiDoo; [x]S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-5 84816]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2013-10-29 20232]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-04-06 00:27:02 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2014-04-06 00:26:37 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-04-06 00:26:37 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys2014-04-06 00:26:37 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-04-06 00:26:37 -------- d-----w- C:\ProgramData\Malwarebytes2014-04-06 00:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-05 23:47:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\offreg.dll2014-04-05 23:45:47 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\mpengine.dll2014-04-05 23:37:39 61112 ----a-w- C:\Windows\System32\drivers\wStLib64.sys2014-04-05 18:33:20 -------- d-----w- C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410}2014-04-05 10:10:17 -------- d-----w- C:\Users\imSizD\AppData\Local\LightsOff2014-04-05 10:10:05 -------- d-----w- C:\Program Files (x86)\Flash Player Pro2014-04-05 10:09:49 -------- d-----w- C:\Program Files (x86)\MyPC Backup2014-04-05 10:09:23 -------- d-----w- C:\ProgramData\LightsOff2014-04-05 10:09:03 -------- d-----w- C:\Program Files (x86)\AWS2014-04-05 10:07:51 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Speed Maximizer2014-04-05 10:07:30 -------- d-----w- C:\Users\imSizD\AppData\Local\pptaddin2014-04-05 10:07:18 -------- d-----w- C:\Users\imSizD\AppData\Local\SoftUpdate2014-04-05 10:07:07 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Tech Hotline2014-04-05 10:06:56 -------- d-----w- C:\Program Files (x86)\PCTechHotline2014-04-05 10:06:50 -------- d-----w- C:\Program Files (x86)\PCFixSpeed2014-04-05 10:05:34 -------- d-----w- C:\Users\imSizD\AppData\Local\Start Savin2014-04-05 10:05:34 -------- d-----w- C:\Program Files (x86)\Bench2014-04-05 10:02:47 -------- d-----w- C:\Program Files\pcreg2014-04-05 10:02:33 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer2014-04-05 10:01:38 -------- d-----w- C:\Program Files (x86)\LinkiDoo2014-04-05 10:00:42 -------- d-----w- C:\Users\imSizD\AppData\Local\WeatherAlerts2014-04-05 10:00:11 -------- d-----w- C:\Users\imSizD\AppData\Local\SearchProtect2014-04-05 09:59:33 -------- d-----w- C:\Program Files (x86)\SearchProtect2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Deployment2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Apps2014-04-05 04:30:38 -------- d-----w- C:\Users\imSizD\AppData\Local\Windows Live2014-04-05 04:30:17 -------- d-----w- C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65}2014-04-05 04:10:04 -------- d-----w- C:\Users\imSizD\AppData\Roaming\DropboxMaster2014-04-05 04:08:33 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Dropbox2014-04-05 04:08:17 -------- d-----w- C:\Users\imSizD\AppData\Roaming\AVAST Software2014-04-05 04:07:03 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys2014-04-05 04:07:03 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2014-04-05 04:07:03 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2014-04-05 04:07:02 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2014-04-05 04:07:02 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2014-04-05 04:07:02 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2014-04-05 04:06:55 43152 ----a-w- C:\Windows\avastSS.scr2014-04-05 04:06:13 -------- d-----w- C:\Program Files\AVAST Software2014-04-05 04:05:14 -------- d-----w- C:\ProgramData\AVAST Software2014-04-05 03:44:58 -------- d-----w- C:\Users\imSizD\AppData\Roaming\NewspaperDirect2014-04-05 03:43:18 -------- d-----w- C:\ProgramData\PDFC2014-04-05 03:06:30 940544 ----a-w- C:\Users\imSizD\AppData\Local\log4cxx.dll2014-04-05 03:06:30 196608 ----a-w- C:\Users\imSizD\AppData\Local\common_functions.dll2014-04-05 02:58:24 -------- d-----w- C:\ProgramData\Oracle2014-04-05 02:56:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2014-04-02 20:43:04 -------- d-----w- C:\Users\imSizD\AppData\Local\TB2014-03-21 08:11:00 1161080 ----a-w- C:\Windows\SysWow64\LightsOff.CD920490367F.dll2014-03-15 21:28:02 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Systweak2014-03-15 21:26:59 -------- d-----w- C:\temp2014-03-15 21:26:47 -------- d-----w- C:\Program Files (x86)\RegClean Pro2014-03-15 21:25:59 -------- d-----w- C:\Program Files\Level Quality Watcher2014-03-15 21:07:23 -------- d-----w- C:\Users\imSizD\AppData\Local\Skype2014-03-13 07:29:07 0 ----a-w- C:\Windows\SysWow64\sho2BD1.tmp2014-03-13 00:17:59 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2014-03-13 00:17:59 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll2014-03-13 00:16:31 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2014-03-13 00:16:31 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2014-03-08 15:36:41 -------- d-----w- C:\Users\imSizD\AppData\Local\WebInternetSecurity.==================== Find3M ====================.2014-04-06 01:21:01 79064 ----a-w- C:\Windows\System32\drivers\hdwkwhcj.sys2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe2014-03-13 00:04:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-13 00:04:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-02-04 16:35:36 1859376 ------w- C:\Windows\System32\dmwu.exe2014-02-04 16:31:42 34304 ----a-w- C:\Windows\System32\ImHttpComm.dll2014-02-04 08:39:36 829264 ----a-w- C:\Windows\System32\msvcr100.dll2014-02-04 08:39:36 608080 ----a-w- C:\Windows\System32\msvcp100.dll2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll.============= FINISH: 21:21:48.50 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 12/24/2011 9:23:49 AMSystem Uptime: 4/5/2014 2:38:34 PM (7 hours ago).Motherboard: PEGATRON CORPORATION | | 2AD3Processor: AMD E-300 APU with Radeon HD Graphics | CPU 1 | 1300/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 454 GiB total, 364.353 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.391 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP309: 3/26/2014 6:46:08 PM - Scheduled CheckpointRP310: 3/30/2014 3:20:37 PM - Windows UpdateRP311: 4/2/2014 4:50:32 PM - Windows UpdateRP312: 4/4/2014 10:53:00 PM - Installed Java 7 Update 51RP313: 4/4/2014 11:01:04 PM - Removed Facebook Video Calling 2.0.0.447RP314: 4/4/2014 11:02:52 PM - Removed Camtasia Studio 7RP315: 4/4/2014 11:19:01 PM - Removed Skype Click to CallRP316: 4/4/2014 11:33:29 PM - Removed NWZ-S540 WALKMAN Guide.RP317: 4/4/2014 11:34:39 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]RP318: 4/4/2014 11:43:58 PM - Removed PressReader.RP319: 4/4/2014 11:46:33 PM - Removed Python 3.0.1RP320: 4/4/2014 11:51:15 PM - Removed SteamRP321: 4/4/2014 11:52:26 PM - Removed NetAssistantRP322: 4/4/2014 11:54:11 PM - Removed Skype™ 6.14RP323: 4/4/2014 11:55:01 PM - Removed Skype Click to CallRP324: 4/4/2014 11:57:04 PM - Removed Skype Click to CallRP325: 4/5/2014 12:05:38 AM - avast! antivirus system restore pointRP326: 4/5/2014 2:52:34 AM - Removed Skype Click to CallRP327: 4/5/2014 2:56:23 AM - Removed Skype Click to CallRP328: 4/5/2014 6:07:54 AM - Installed WeatherBugRP329: 4/5/2014 7:45:05 PM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 12 ActiveXAMD APP SDK RuntimeAMD Media Foundation DecodersAMD VISION Engine Control CenterApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Install Manageravast! Free AntivirusBelkin F7D1101 Basic Wireless USB AdapterBonjourCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishContent TransferD3DX10Dropboxemaze PowerPoint Add-InFlash Player Pro V5.4Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHewlett-Packard ACLM.NET v1.2.2.3HP AutoHP Client ServicesHP Customer Experience EnhancementsHP LinkUpHP MovieStoreHP OdometerHP SetupHP Setup ManagerHP Support AssistantHP Support InformationHP UpdateHP Vision Hardware DiagnosticsiTunesJava 7 Update 51Java 7 Update 7 (64-bit)Java Auto UpdaterJava SE Development Kit 7 Update 7 (64-bit)Java 6 Update 30Junk Mail filter updateK-Lite Codec Pack 7.0.0 (Standard)League of LegendsLights OffMalwarebytes Anti-Malware version 2.0.1.1004Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WSE 3.0 RuntimeMotoHelper MergeModulesMSVCRTMSVCRT RedistsMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyPC Backup PC Speed Maximizer v3.2PC Tech HotlinePlayReady PC Runtime amd64PlayReady PC Runtime x86Realtek High Definition Audio DriverRecovery ManagerRemote Graphics ReceiverSavingsBullSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Snap.DoStart SavinStrongvault Online BackupVC80CRTRedist - 8.0.50727.6195WeatherBugWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Mobile Device Updater ComponentZinio Reader 4ZTE Handset USB DriverZuneZune Language Pack (CHS)Zune Language Pack (CHT)Zune Language Pack (CSY)Zune Language Pack (DAN)Zune Language Pack (DEU)Zune Language Pack (ELL)Zune Language Pack (ESP)Zune Language Pack (FIN)Zune Language Pack (FRA)Zune Language Pack (HUN)Zune Language Pack (IND)Zune Language Pack (ITA)Zune Language Pack (JPN)Zune Language Pack (KOR)Zune Language Pack (MSL)Zune Language Pack (NLD)Zune Language Pack (NOR)Zune Language Pack (PLK)Zune Language Pack (PTB)Zune Language Pack (PTG)Zune Language Pack (RUS)Zune Language Pack (SVE).==== Event Viewer Messages From Past Week ========.4/5/2014 6:02:51 AM, Error: Service Control Manager [7030] - The pcregservice Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.4/5/2014 2:40:53 AM, Error: volmgr [46] - Crash dump initialization failed!4/5/2014 2:40:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.4/5/2014 2:40:10 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.4/4/2014 4:19:40 AM, Error: Microsoft Antimalware [2001] - 4/4/2014 4:09:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.4/4/2014 4:09:30 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.4/4/2014 11:31:35 PM, Error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s).4/4/2014 11:15:53 PM, Error: Service Control Manager [7034] - The Re-Markable service terminated unexpectedly. It has done this 1 time(s).4/4/2014 11:14:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user CBC-HP\Guest SID (S-1-5-21-3740989883-1198457843-2048904567-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.4/4/2014 11:13:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MotoHelper Service service to connect.4/4/2014 11:13:13 PM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/31/2014 4:59:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.3/30/2014 3:08:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service..==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.