ITGuy777

PC Tech Hotline is gone now... but malwarebytes still will not update. I've mentioned that several times throughout my posts... Run-time error '6' Overflow....

And it never had me restart....

Ok........ Here is the JavaRa log... JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Mar 05 00:41:20 2014 There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\JRE\Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting. Here is the Fixlog.txt..... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2014 02 Ran by Linda at 2014-03-05 00:44:28 Run:1 Running from C:\Users\Linda\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [] - [X] HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [PCTechHotline] - C:\Program Files\PCTechHotline\PCTechHotline.exe [1905000 2014-02-13] (Crawler, LLC) HKU\S-1-5-21-752874766-997199430-3846864615-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...8:7941509802&q={searchTerms} BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-02-13] (Crawler, LLC) C:\Users\Linda\en_res.dll C:\Users\Linda\es_res.dll C:\Users\Linda\fr_res.dll C:\Users\Linda\grm_res.dll C:\Users\Linda\it_res.dll C:\Users\Linda\jp_res.dll C:\Users\Linda\mfc80u.dll C:\Users\Linda\msvcr80.dll C:\Users\Linda\PCPE Setup.exe C:\Users\Linda\pt_res.dll C:\Users\Linda\ResourceReader.dll C:\Users\Linda\ru_res.dll C:\Users\Linda\zh_res.dll C:\Program Files\PCTechHotline C:\Users\Linda\AppData\Local\Temp\4mduf2hg.dll C:\Users\Linda\AppData\Local\Temp\air2E2C.exe C:\Users\Linda\AppData\Local\Temp\airE2C6.exe C:\Users\Linda\AppData\Local\Temp\airEDD0.exe C:\Users\Linda\AppData\Local\Temp\aol_toolbar.exe C:\Users\Linda\AppData\Local\Temp\APNStub.exe C:\Users\Linda\AppData\Local\Temp\AskSLib.dll C:\Users\Linda\AppData\Local\Temp\BackupSetup.exe C:\Users\Linda\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Linda\AppData\Local\Temp\ChromeSettings.exe C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Linda\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe C:\Users\Linda\AppData\Local\Temp\InstallChecker.exe C:\Users\Linda\AppData\Local\Temp\installhelper.dll C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Linda\AppData\Local\Temp\Jutoh-1.70-Setup.exe C:\Users\Linda\AppData\Local\Temp\lowproc.exe C:\Users\Linda\AppData\Local\Temp\MybabylonTB.exe C:\Users\Linda\AppData\Local\Temp\ntdll_dump.dll C:\Users\Linda\AppData\Local\Temp\nvStInst.exe C:\Users\Linda\AppData\Local\Temp\propsys.dll C:\Users\Linda\AppData\Local\Temp\Quarantine.exe C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\Linda\AppData\Local\Temp\stubhelper.dll C:\Users\Linda\AppData\Local\Temp\STWSetup.exe C:\Users\Linda\AppData\Local\Temp\tbSoci.dll C:\Users\Linda\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\Linda\AppData\Local\Temp\vcredist_x86.exe C:\Users\Linda\AppData\Roaming\HOOLAP~1 Task: {3E016CBB-3300-40FE-95B9-5BCA6C4D1384} - System32\Tasks\Hoolapp Init => C:\Users\Linda\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION Task: {57E6FF42-4380-44A5-AE87-5B16030A4FB0} - System32\Tasks\Digital Sites => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {D941D18B-164D-40EE-9160-412A8EEBA051} - System32\Tasks\Hoolapp For Android => C:\Users\Linda\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:1992908D AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline => Value deleted successfully. HKU\S-1-5-21-752874766-997199430-3846864615-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77BDD474-2FE5-48d0-988F-C384E18DFE42} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{77BDD474-2FE5-48d0-988F-C384E18DFE42} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E74A8BE-42D8-4f47-9A83-EBECDDF8E597} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9E74A8BE-42D8-4f47-9A83-EBECDDF8E597} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2 => Key not found. C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key not found. C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. PCTechHotlineSvc => Service stopped successfully. PCTechHotlineSvc => Service deleted successfully. C:\Users\Linda\en_res.dll => Moved successfully. C:\Users\Linda\es_res.dll => Moved successfully. C:\Users\Linda\fr_res.dll => Moved successfully. C:\Users\Linda\grm_res.dll => Moved successfully. C:\Users\Linda\it_res.dll => Moved successfully. C:\Users\Linda\jp_res.dll => Moved successfully. C:\Users\Linda\mfc80u.dll => Moved successfully. C:\Users\Linda\msvcr80.dll => Moved successfully. C:\Users\Linda\PCPE Setup.exe => Moved successfully. C:\Users\Linda\pt_res.dll => Moved successfully. C:\Users\Linda\ResourceReader.dll => Moved successfully. C:\Users\Linda\ru_res.dll => Moved successfully. C:\Users\Linda\zh_res.dll => Moved successfully. "C:\Program Files\PCTechHotline" directory move: C:\Program Files\PCTechHotline\PCTechHotline.exe => Moved successfully. C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe => Moved successfully. C:\Program Files\PCTechHotline\PCTHdesk.64.dll => Moved successfully. C:\Program Files\PCTechHotline\PCTHdesk.dll => Moved successfully. C:\Program Files\PCTechHotline\PCTHHook.dll => Moved successfully. C:\Program Files\PCTechHotline\PCTHHook.exe => Moved successfully. "C:\Program Files\PCTechHotline" => Directory moved successfully. C:\Users\Linda\AppData\Local\Temp\4mduf2hg.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\air2E2C.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\airE2C6.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\airEDD0.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\aol_toolbar.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\APNStub.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\AskSLib.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\ChromeSettings.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer-1.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\InstallChecker.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\installhelper.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\Jutoh-1.70-Setup.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\lowproc.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\MybabylonTB.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\propsys.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\stubhelper.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\STWSetup.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\tbSoci.dll => Moved successfully. C:\Users\Linda\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully. C:\Users\Linda\AppData\Local\Temp\vcredist_x86.exe => Moved successfully. C:\Users\Linda\AppData\Roaming\HOOLAP~1 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E016CBB-3300-40FE-95B9-5BCA6C4D1384} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E016CBB-3300-40FE-95B9-5BCA6C4D1384} => Key deleted successfully. C:\Windows\System32\Tasks\Hoolapp Init => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp Init => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57E6FF42-4380-44A5-AE87-5B16030A4FB0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57E6FF42-4380-44A5-AE87-5B16030A4FB0} => Key deleted successfully. C:\Windows\System32\Tasks\Digital Sites => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D941D18B-164D-40EE-9160-412A8EEBA051} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D941D18B-164D-40EE-9160-412A8EEBA051} => Key deleted successfully. C:\Windows\System32\Tasks\Hoolapp For Android => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp For Android => Key deleted successfully. C:\Windows\Tasks\Digital Sites.job => Moved successfully. C:\ProgramData\TEMP => ":1992908D" ADS removed successfully. C:\ProgramData\TEMP => ":997DA6D7" ADS removed successfully. C:\ProgramData\TEMP => ":F35A93AD" ADS removed successfully. ==== End of Fixlog ====

Here's Mbar and system-log.txt. It did have a problem initially running, "DDA Error" and it said it had to install a driver first, that something was stopping it and could be malicious. Then scanned after reboot. Still didn't find anything Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2013.10.02.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16518 Linda :: LINDA-PC [administrator] 3/4/2014 9:54:57 PM mbar-log-2014-03-04 (21-54-57).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 241870 Time elapsed: 55 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.120000 GHz Memory total: 3486769152, free: 1456656384 Downloaded database version: v2014.03.04.11 Timeout ======================================= Initializing... DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.120000 GHz Memory total: 3486769152, free: 2253770752 Could not load protection driver ======================================= Initializing... Done! Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B8EDB8ED Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 488185856 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250058268160 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488375055-488395055)... Done! Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 41AB2316 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 625121217 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2F4E8CEB Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3906961408 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000365289472 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removal finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Professional x86 Ran by Linda on Tue 03/04/2014 at 23:00:41.85 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 03/04/2014 at 23:04:01.86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.020 - Report created 04/03/2014 at 23:08:32 # Updated 27/02/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (32 bits) # Username : Linda - LINDA-PC # Running from : C:\Users\Linda\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\0mrbr13r.default-1389812222052\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11492 octets] - [04/03/2014 19:20:40] AdwCleaner[R1].txt - [1023 octets] - [04/03/2014 23:06:53] AdwCleaner[s0].txt - [11465 octets] - [04/03/2014 19:24:07] AdwCleaner[s1].txt - [946 octets] - [04/03/2014 23:08:32] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1005 octets] ########## *********************************************************************************** ************* MALWAREBYTES WILL NOT UPDATE!!!!! ************ Run-Time Error '6' Overflow *********************************************************************************** Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.25.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16518 Linda :: LINDA-PC [administrator] Protection: Enabled 3/4/2014 11:28:31 PM mbam-log-2014-03-04 (23-28-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 270022 Time elapsed: 21 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) On the ESET Online scan, It gives me an "Unexpected error 2002" The FRST had this issue.... An unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem. Error 0x80030002: install.rdf could not be found. I went ahead and went with the scan anyways. I canceled out of the file.. twice. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 02 Ran by Linda (administrator) on LINDA-PC on 05-03-2014 00:01:07 Running from C:\Users\Linda\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe (iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Creative Technology Ltd) C:\Program Files\Rocketfish HD Webcam Pro\Live! Central\RfLVCentral2.exe (Creative Technology Ltd.) C:\Windows\V0740Mon.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Sun Microsystems, Inc.) C:\Program Files\Sun\StarOffice 9\program\soffice.exe (Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotline.exe (Sun Microsystems, Inc.) C:\Program Files\Sun\StarOffice 9\program\soffice.bin (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (TeamViewer GmbH) c:\program files\teamviewer\version9\TeamViewer_Desktop.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-10-14] (Realtek Semiconductor) HKLM\...\Run: [Dolby Home Theater v4] - C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.) HKLM\...\Run: [Rocket Live! Central 2] - C:\Program Files\Rocketfish HD Webcam Pro\Live! Central\RFLVCentral2.exe [430247 2011-01-13] (Creative Technology Ltd) HKLM\...\Run: [V0740Mon.exe] - C:\Windows\V0740Mon.exe [28672 2011-02-28] (Creative Technology Ltd.) HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-04] (RealNetworks, Inc.) HKLM\...\Run: [] - [X] HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-03] (AVAST Software) HKLM\...\Run: [PCTechHotline] - C:\Program Files\PCTechHotline\PCTechHotline.exe [1905000 2014-02-13] (Crawler, LLC) HKU\S-1-5-21-752874766-997199430-3846864615-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-752874766-997199430-3846864615-1001\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk ShortcutTarget: StarOffice 9.lnk -> C:\Program Files\Sun\StarOffice 9\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x506CD7426572CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH SearchScopes: HKCU - {77BDD474-2FE5-48d0-988F-C384E18DFE42} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV SearchScopes: HKCU - {9E74A8BE-42D8-4f47-9A83-EBECDDF8E597} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.2 FireFox: ======== FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\0mrbr13r.default-1389812222052 FF Homepage: https://www.google.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Extension: Firebug - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\0mrbr13r.default-1389812222052\Extensions\firebug@software.joehewitt.com.xpi [2014-01-20] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03] FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-04] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-04] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKCU\...\Firefox\Extensions: [games@arcadecandy.com] - C:\Program Files\ACGames\firefox.xpi FF Extension: No Name - C:\Program Files\ACGames\firefox.xpi [2012-09-26] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-03] CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-03] CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-03] CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-03] CHR Extension: (RealDownloader) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-03] CHR Extension: (ArcadeCandy Games) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipknmdhhncmpoekdoacipkklmfbbknej [2013-12-03] CHR Extension: (Skype Click to Call) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-03] CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03] CHR Extension: (No Name) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac [2013-09-29] CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-03] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [ipknmdhhncmpoekdoacipkklmfbbknej] - C:\Program Files\ACGames\chrome.crx [2012-09-26] CHR HKLM\...\Chrome\Extension: [nnfegheljpcijmdgonkecjpcaopjlpac] - C:\Users\Linda\AppData\Local\ArcadeCandy\candyLinkx.crx [2012-09-26] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-03] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation) R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-02-13] (Crawler, LLC) R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519920 2012-10-31] (iWin Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] () R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-03] (AVAST Software) R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-03] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-03] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-03] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-03] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-03] () R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [44928 2011-07-28] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64256 2011-07-28] (Etron Technology Inc) R3 gdrv; C:\Windows\gdrv.sys [17488 2014-03-04] (Windows ® 2000 DDK provider) S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2012-10-12] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2014-03-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 V0740Vid; C:\Windows\System32\DRIVERS\V0740Vid.sys [322880 2011-02-28] (Creative Technology Ltd.) S3 PcaSp60; system32\DRIVERS\PcaSp60.sys [X] S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-05 00:01 - 2014-03-05 00:02 - 00018237 _____ () C:\Users\Linda\Desktop\FRST.txt 2014-03-05 00:01 - 2014-03-05 00:01 - 00000000 ____D () C:\FRST 2014-03-05 00:00 - 2014-03-05 00:00 - 01145344 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe 2014-03-04 23:50 - 2014-03-04 23:50 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu(1).exe 2014-03-04 23:40 - 2014-03-04 23:40 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu.exe 2014-03-04 23:31 - 2014-03-04 23:31 - 00000000 ____D () C:\Program Files\ESET 2014-03-04 23:26 - 2014-03-04 23:26 - 00007105 _____ () C:\Users\Linda\Desktop\MyReport.txt 2014-03-04 23:05 - 2014-03-04 23:05 - 01244192 _____ () C:\Users\Linda\Downloads\AdwCleaner(1).exe 2014-03-04 23:04 - 2014-03-04 23:04 - 00000633 _____ () C:\Users\Linda\Desktop\JRT.txt 2014-03-04 21:54 - 2014-03-04 22:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-04 21:51 - 2014-03-04 21:51 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-03-04 21:49 - 2014-03-04 22:50 - 00000000 ____D () C:\Users\Linda\Desktop\mbar 2014-03-04 21:45 - 2014-03-04 21:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Linda\Desktop\mbar-1.07.0.1009.exe 2014-03-04 21:23 - 2014-03-04 21:23 - 00003167 _____ () C:\Users\Linda\Desktop\RKreport[0]_S_03042014_212314.txt 2014-03-04 21:19 - 2014-03-04 21:23 - 00000000 ____D () C:\Users\Linda\Desktop\RK_Quarantine 2014-03-04 21:10 - 2014-03-04 21:10 - 03819008 _____ () C:\Users\Linda\Downloads\RogueKiller.exe 2014-03-04 21:01 - 2014-03-04 21:02 - 04413952 _____ () C:\Users\Linda\Downloads\RogueKillerX64.exe 2014-03-04 20:51 - 2014-03-04 20:51 - 00000000 ____D () C:\Windows\ERDNT 2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\Linda\Desktop\NTREGOPT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\Linda\Desktop\ERUNT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000000 ____D () C:\Program Files\ERUNT 2014-03-04 20:48 - 2014-03-04 20:48 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup.exe 2014-03-04 20:44 - 2014-03-04 20:47 - 00002040 _____ () C:\Users\Linda\Desktop\Rkill.txt 2014-03-04 20:44 - 2014-03-04 20:44 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Linda\Downloads\rkill.exe 2014-03-04 20:23 - 2014-03-04 20:23 - 00016212 _____ () C:\Users\Linda\Desktop\dds.txt 2014-03-04 20:23 - 2014-03-04 20:23 - 00004638 _____ () C:\Users\Linda\Desktop\attach.txt 2014-03-04 20:20 - 2014-03-04 20:20 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr 2014-03-04 20:03 - 2014-03-04 20:03 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-04 19:30 - 2014-03-04 19:30 - 00000000 ____D () C:\Windows\ERUNT 2014-03-04 19:29 - 2014-03-04 19:29 - 01037734 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe 2014-03-04 19:20 - 2014-03-04 23:08 - 00000000 ____D () C:\AdwCleaner 2014-03-04 19:20 - 2014-03-04 19:20 - 01244192 _____ () C:\Users\Linda\Downloads\adwcleaner.exe 2014-03-03 00:00 - 2014-03-03 00:00 - 00000985 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk 2014-03-03 00:00 - 2014-03-03 00:00 - 00000893 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk 2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\PC Tech Hotline 2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Program Files\PCTechHotline 2014-03-02 23:57 - 2014-03-04 19:00 - 00000000 ____D () C:\Program Files\DriverUpdate 2014-03-02 23:57 - 2014-03-02 23:57 - 00002457 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\SlimWare Utilities Inc 2014-03-02 21:46 - 2014-03-02 21:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\Tuguu_SL 2014-03-02 21:25 - 2014-03-04 18:54 - 00000000 ____D () C:\Users\Linda\Desktop\RPP-Traveler-Pipers Secret 2014-03-02 15:16 - 2014-03-04 23:16 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-02 15:16 - 2014-03-02 15:16 - 00001120 _____ () C:\Users\Linda\Desktop\Continue PDF Reader Installation.lnk 2014-03-02 15:15 - 2014-03-02 15:15 - 01298960 _____ ( ) C:\Users\Linda\Downloads\PDFReaderSetup.exe 2014-03-01 09:11 - 2014-03-04 12:35 - 00000000 ____D () C:\Users\Linda\Desktop\3-1-14 2014-02-28 15:25 - 2014-02-28 16:02 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\FileZilla 2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-02-28 15:24 - 2014-02-28 15:23 - 04822473 _____ (Tim Kosse) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup [1].exe 2014-02-28 15:23 - 2014-02-28 15:23 - 00660144 _____ ( ) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup.exe 2014-02-26 15:48 - 2014-02-28 21:38 - 00000000 ____D () C:\Users\Linda\Desktop\C - Mary of Starlight 2014-02-24 13:58 - 2014-02-24 13:58 - 00005216 _____ () C:\Users\Linda\Documents\addresses.txt 2014-02-17 21:57 - 2014-02-17 21:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\JavaSetup7u51.com 2014-02-16 19:53 - 2014-03-04 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-14 01:14 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-14 01:14 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-14 01:14 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-14 01:14 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-14 01:14 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-14 01:14 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-14 01:13 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-14 01:13 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-14 01:13 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-14 01:13 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-14 01:13 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-14 01:13 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-14 01:13 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-14 01:13 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-14 01:13 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-14 01:13 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-14 01:13 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-14 01:13 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-14 01:13 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-14 01:13 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-14 01:13 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-14 01:05 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 09:46 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-13 09:46 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-13 09:46 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-13 09:46 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-13 09:46 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-13 09:45 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-13 09:45 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-13 09:45 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-13 09:45 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-13 09:45 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-13 09:45 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-13 09:45 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-13 09:45 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-13 09:45 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-10 18:30 - 2014-02-10 18:30 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release(1).apk 2014-02-10 18:24 - 2014-02-10 18:24 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release.apk 2014-02-04 11:26 - 2014-02-04 11:26 - 00000246 _____ () C:\Users\Linda\Desktop\Bang Printing -- Professional Short to Mid-run Book Manufacturing.URL ==================== One Month Modified Files and Folders ======= 2014-03-05 00:02 - 2014-03-05 00:01 - 00018237 _____ () C:\Users\Linda\Desktop\FRST.txt 2014-03-05 00:01 - 2014-03-05 00:01 - 00000000 ____D () C:\FRST 2014-03-05 00:00 - 2014-03-05 00:00 - 01145344 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe 2014-03-04 23:51 - 2013-08-02 13:17 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Skype 2014-03-04 23:50 - 2014-03-04 23:50 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu(1).exe 2014-03-04 23:40 - 2014-03-04 23:40 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu.exe 2014-03-04 23:31 - 2014-03-04 23:31 - 00000000 ____D () C:\Program Files\ESET 2014-03-04 23:26 - 2014-03-04 23:26 - 00007105 _____ () C:\Users\Linda\Desktop\MyReport.txt 2014-03-04 23:18 - 2009-07-13 22:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-04 23:18 - 2009-07-13 22:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-04 23:16 - 2014-03-02 15:16 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-04 23:16 - 2012-08-04 11:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-04 23:14 - 2012-08-04 11:17 - 01774704 _____ () C:\Windows\WindowsUpdate.log 2014-03-04 23:10 - 2012-09-29 10:22 - 00000144 _____ () C:\service.log 2014-03-04 23:09 - 2012-10-02 21:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-04 23:09 - 2012-09-29 10:33 - 00017488 _____ (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys 2014-03-04 23:09 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-04 23:09 - 2009-07-13 22:39 - 00097767 _____ () C:\Windows\setupact.log 2014-03-04 23:08 - 2014-03-04 19:20 - 00000000 ____D () C:\AdwCleaner 2014-03-04 23:05 - 2014-03-04 23:05 - 01244192 _____ () C:\Users\Linda\Downloads\AdwCleaner(1).exe 2014-03-04 23:04 - 2014-03-04 23:04 - 00000633 _____ () C:\Users\Linda\Desktop\JRT.txt 2014-03-04 22:50 - 2014-03-04 21:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-04 22:50 - 2014-03-04 21:49 - 00000000 ____D () C:\Users\Linda\Desktop\mbar 2014-03-04 21:51 - 2014-03-04 21:51 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-03-04 21:45 - 2014-03-04 21:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Linda\Desktop\mbar-1.07.0.1009.exe 2014-03-04 21:23 - 2014-03-04 21:23 - 00003167 _____ () C:\Users\Linda\Desktop\RKreport[0]_S_03042014_212314.txt 2014-03-04 21:23 - 2014-03-04 21:19 - 00000000 ____D () C:\Users\Linda\Desktop\RK_Quarantine 2014-03-04 21:10 - 2014-03-04 21:10 - 03819008 _____ () C:\Users\Linda\Downloads\RogueKiller.exe 2014-03-04 21:02 - 2014-03-04 21:01 - 04413952 _____ () C:\Users\Linda\Downloads\RogueKillerX64.exe 2014-03-04 20:51 - 2014-03-04 20:51 - 00000000 ____D () C:\Windows\ERDNT 2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\Linda\Desktop\NTREGOPT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\Linda\Desktop\ERUNT.lnk 2014-03-04 20:49 - 2014-03-04 20:49 - 00000000 ____D () C:\Program Files\ERUNT 2014-03-04 20:48 - 2014-03-04 20:48 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup.exe 2014-03-04 20:47 - 2014-03-04 20:44 - 00002040 _____ () C:\Users\Linda\Desktop\Rkill.txt 2014-03-04 20:44 - 2014-03-04 20:44 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Linda\Downloads\rkill.exe 2014-03-04 20:36 - 2010-11-20 15:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-04 20:23 - 2014-03-04 20:23 - 00016212 _____ () C:\Users\Linda\Desktop\dds.txt 2014-03-04 20:23 - 2014-03-04 20:23 - 00004638 _____ () C:\Users\Linda\Desktop\attach.txt 2014-03-04 20:20 - 2014-03-04 20:20 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr 2014-03-04 20:03 - 2014-03-04 20:03 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-04 19:30 - 2014-03-04 19:30 - 00000000 ____D () C:\Windows\ERUNT 2014-03-04 19:29 - 2014-03-04 19:29 - 01037734 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe 2014-03-04 19:25 - 2010-11-20 15:48 - 00151178 _____ () C:\Windows\PFRO.log 2014-03-04 19:20 - 2014-03-04 19:20 - 01244192 _____ () C:\Users\Linda\Downloads\adwcleaner.exe 2014-03-04 19:15 - 2014-02-16 19:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-03-04 19:00 - 2014-03-02 23:57 - 00000000 ____D () C:\Program Files\DriverUpdate 2014-03-04 18:54 - 2014-03-02 21:25 - 00000000 ____D () C:\Users\Linda\Desktop\RPP-Traveler-Pipers Secret 2014-03-04 18:05 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-03-04 14:40 - 2012-08-07 04:35 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\CoreFTP 2014-03-04 14:38 - 2012-08-02 01:10 - 00000000 ____D () C:\Users\Linda\Desktop\~Wings production 2014-03-04 14:30 - 2008-11-08 15:05 - 00070656 _____ () C:\Users\Linda\Desktop\PW.xls 2014-03-04 13:39 - 2013-12-19 18:26 - 00000000 ____D () C:\Users\Linda\Desktop\Scan 2014-03-04 12:35 - 2014-03-01 09:11 - 00000000 ____D () C:\Users\Linda\Desktop\3-1-14 2014-03-04 11:42 - 2014-01-04 21:58 - 00000000 ____D () C:\Users\Linda\Desktop\Bowkers 2014-03-04 09:36 - 2013-04-14 09:46 - 00000516 _____ () C:\Users\Linda\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.website 2014-03-03 00:00 - 2014-03-03 00:00 - 00000985 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk 2014-03-03 00:00 - 2014-03-03 00:00 - 00000893 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk 2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\PC Tech Hotline 2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Program Files\PCTechHotline 2014-03-02 23:57 - 2014-03-02 23:57 - 00002457 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\SlimWare Utilities Inc 2014-03-02 21:46 - 2014-03-02 21:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\Tuguu_SL 2014-03-02 15:16 - 2014-03-02 15:16 - 00001120 _____ () C:\Users\Linda\Desktop\Continue PDF Reader Installation.lnk 2014-03-02 15:15 - 2014-03-02 15:15 - 01298960 _____ ( ) C:\Users\Linda\Downloads\PDFReaderSetup.exe 2014-03-02 13:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-01 09:10 - 2013-03-02 12:43 - 00000000 ____D () C:\Users\Linda\Desktop\PAWPRINTS 2014-02-28 21:38 - 2014-02-26 15:48 - 00000000 ____D () C:\Users\Linda\Desktop\C - Mary of Starlight 2014-02-28 19:21 - 2012-08-02 02:17 - 00000000 ____D () C:\Users\Linda\Documents\Avery 2014-02-28 16:02 - 2014-02-28 15:25 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\FileZilla 2014-02-28 15:48 - 2012-08-20 10:20 - 00084480 ___SH () C:\Users\Linda\Thumbs.db 2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2014-02-28 15:23 - 2014-02-28 15:24 - 04822473 _____ (Tim Kosse) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup [1].exe 2014-02-28 15:23 - 2014-02-28 15:23 - 00660144 _____ ( ) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup.exe 2014-02-28 13:26 - 2013-12-05 16:56 - 00000137 _____ () C:\Users\Linda\Desktop\Login - Community at Royalgames.com.URL 2014-02-28 13:25 - 2012-08-02 00:41 - 00000000 ____D () C:\Users\Linda\Desktop\WEB PAGES 2014-02-28 13:19 - 2012-08-02 01:10 - 00000000 ____D () C:\Users\Linda\Desktop\~Whiskey Creek Press Production 2014-02-28 10:58 - 2013-02-08 12:43 - 00000000 ____D () C:\Users\Linda\Desktop\Bar Codes 2014-02-27 11:18 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-26 23:31 - 2013-08-02 13:17 - 00000000 ___RD () C:\Program Files\Skype 2014-02-26 23:31 - 2013-08-02 13:16 - 00000000 ____D () C:\ProgramData\Skype 2014-02-24 13:58 - 2014-02-24 13:58 - 00005216 _____ () C:\Users\Linda\Documents\addresses.txt 2014-02-17 21:57 - 2014-02-17 21:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\JavaSetup7u51.com 2014-02-17 11:27 - 2013-07-18 11:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-15 21:30 - 2012-11-09 17:04 - 00000000 ____D () C:\Program Files\ACGames 2014-02-14 14:33 - 2013-03-15 13:40 - 00000000 ____D () C:\Users\Linda\Desktop\ESSDACK 2014-02-14 10:01 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache 2014-02-14 01:11 - 2013-07-15 21:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-14 01:09 - 2012-08-04 12:28 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-12 21:38 - 2012-08-02 01:10 - 00000000 ____D () C:\Users\Linda\Desktop\~Rogue Phoenix Press~ 2014-02-10 18:30 - 2014-02-10 18:30 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release(1).apk 2014-02-10 18:24 - 2014-02-10 18:24 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release.apk 2014-02-06 04:38 - 2014-02-14 01:13 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 04:20 - 2014-02-14 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 04:19 - 2014-02-14 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 04:01 - 2014-02-14 01:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 04:00 - 2014-02-14 01:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 03:57 - 2014-02-14 01:13 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 03:52 - 2014-02-14 01:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 03:52 - 2014-02-14 01:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 03:49 - 2014-02-14 01:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 03:47 - 2014-02-14 01:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 03:47 - 2014-02-14 01:13 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 03:46 - 2014-02-14 01:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 03:34 - 2014-02-14 01:14 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 03:25 - 2014-02-14 01:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 03:25 - 2014-02-14 01:13 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 03:13 - 2014-02-14 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 03:09 - 2014-02-14 01:13 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 03:03 - 2014-02-14 01:13 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 02:41 - 2014-02-14 01:13 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 02:36 - 2014-02-14 01:13 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 02:34 - 2014-02-14 01:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-05 19:16 - 2012-08-04 11:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 19:16 - 2012-08-04 11:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-04 11:26 - 2014-02-04 11:26 - 00000246 _____ () C:\Users\Linda\Desktop\Bang Printing -- Professional Short to Mid-run Book Manufacturing.URL Files to move or delete: ==================== C:\Users\Linda\en_res.dll C:\Users\Linda\es_res.dll C:\Users\Linda\fr_res.dll C:\Users\Linda\grm_res.dll C:\Users\Linda\it_res.dll C:\Users\Linda\jp_res.dll C:\Users\Linda\mfc80u.dll C:\Users\Linda\msvcr80.dll C:\Users\Linda\PCPE Setup.exe C:\Users\Linda\pt_res.dll C:\Users\Linda\ResourceReader.dll C:\Users\Linda\ru_res.dll C:\Users\Linda\zh_res.dll Some content of TEMP: ==================== C:\Users\Linda\AppData\Local\Temp\4mduf2hg.dll C:\Users\Linda\AppData\Local\Temp\air2E2C.exe C:\Users\Linda\AppData\Local\Temp\airE2C6.exe C:\Users\Linda\AppData\Local\Temp\airEDD0.exe C:\Users\Linda\AppData\Local\Temp\aol_toolbar.exe C:\Users\Linda\AppData\Local\Temp\APNStub.exe C:\Users\Linda\AppData\Local\Temp\AskSLib.dll C:\Users\Linda\AppData\Local\Temp\BackupSetup.exe C:\Users\Linda\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Linda\AppData\Local\Temp\ChromeSettings.exe C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Linda\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe C:\Users\Linda\AppData\Local\Temp\InstallChecker.exe C:\Users\Linda\AppData\Local\Temp\installhelper.dll C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Linda\AppData\Local\Temp\Jutoh-1.70-Setup.exe C:\Users\Linda\AppData\Local\Temp\lowproc.exe C:\Users\Linda\AppData\Local\Temp\MybabylonTB.exe C:\Users\Linda\AppData\Local\Temp\ntdll_dump.dll C:\Users\Linda\AppData\Local\Temp\nvStInst.exe C:\Users\Linda\AppData\Local\Temp\propsys.dll C:\Users\Linda\AppData\Local\Temp\Quarantine.exe C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\Linda\AppData\Local\Temp\stubhelper.dll C:\Users\Linda\AppData\Local\Temp\STWSetup.exe C:\Users\Linda\AppData\Local\Temp\tbSoci.dll C:\Users\Linda\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\Linda\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 11:40 ==================== End Of Log ============================ Here's the Addition.... Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2014 02 Ran by Linda at 2014-03-05 00:03:08 Running from C:\Users\Linda\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== @BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE) 7-zip v9.20 (HKLM\...\7-zip) (Version: v9.20 - TUGUU SL) Adobe Acrobat X Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.9 - Adobe Systems) Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - ) Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) ArcadeCandy Games (HKLM\...\ArcadeCandy Games) (Version: 1.0.0 - ArcadeCandy LLC) AutoGreen B10.1021.1 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B10.1021.1 (Version: 1.00.0000 - GIGABYTE) Hidden avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2008 - Avast Software) Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 2.0.0.0 - Avery) Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000007}) (Version: 2.0.0.0 - Avery) Avery Wizard 3.1 (HKLM\...\InstallShield_{5EC9AD36-5167-470E-B0F9-CB3EA12F442E}) (Version: 3.1.3.2191 - Avery) Avery Wizard 3.1 (Version: 3.1.3.2191 - Avery) Hidden Barcode Maker (HKLM\...\{707DFC23-7A92-4CF1-BC6F-D62F74D13A8F}) (Version: 6.85.0000 - Shareware by Lars Sams) Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 3.0.1.60 - ) Clairvoyant: The Magician Mystery (HKLM\...\Clairvoyant: The Magician Mystery) (Version: - Pogo.com) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Core FTP LE (HKLM\...\CoreFTP) (Version: - ) Core FTP LE 1.3c (HKLM\...\Core FTP LE 1.3c) (Version: - ) Dolby Home Theater v4 (HKLM\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.) Easy Duplicate Finder v. 3.2 (HKLM\...\Easy Duplicate Finder_is1) (Version: - WebMinds, Inc.) Easy Tune 6 B11.1124.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B11.1124.1 (Version: 1.00.0000 - GIGABYTE) Hidden EasySaver B9.1214.1 (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte) Email Recovery for Mozilla Thunderbird v.1.2.0 (HKLM\...\Email Recovery for Mozilla Thunderbird_is1) (Version: - Email Adept, Ltd) ePub Maker version 1.65 (HKLM\...\ePub Maker_is1) (Version: 1.65 - ) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Etron USB3.0 Host Controller (Version: 0.104 - Etron Technology) Hidden Eudora (HKLM\...\{F5CC042A-9046-423E-80EF-5193717E3A55}) (Version: 7.0 - ) FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse) Ghost Whisperer (HKLM\...\Ghost Whisperer) (Version: - Pogo.com) GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Golden Trails 3: The Guardian's Creed (HKLM\...\Golden Trails 3: The Guardian's Creed) (Version: - Pogo.com) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Jutoh 1.72 (HKLM\...\Jutoh_is1) (Version: 1.72 - Anthemion Software Ltd.) Magic Ball 2 New Worlds (HKLM\...\BFG-Magic Ball 2 New Worlds) (Version: - ) MailWasher Pro (HKLM\...\MailWasher Pro_is1) (Version: - FireTrust Limited) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation) Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Mobipocket Creator 4.2 (HKLM\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com) Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) Mozilla Thunderbird (2.0.0.24) (HKLM\...\Mozilla Thunderbird (2.0.0.24)) (Version: 2.0.0.24 (en-GB) - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery Case Files®: Shadow Lake Collector's Edition (HKLM\...\BFG-Mystery Case Files - Shadow Lake Collector's Edition) (Version: - ) NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation) NVIDIA Control Panel 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407 - NVIDIA Corporation) Hidden NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) OpenOffice.org 3.4 (HKLM\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org) Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc) Pogo Games (HKLM\...\PogoDGC) (Version: 1.0 - ) Publishers' Assistant-Epic (HKLM\...\Publishers' Assistant-Epic) (Version: V5.1a - Publishers' Assistant, Upper Access Publishing) Quite Imposing 3 (English) (HKLM\...\qi3_uninstall.exe) (Version: - Quite Software Ltd.) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Rocketfish HD Webcam Pro Driver (1.00.06.00) (HKLM\...\Rocketfish VF0740) (Version: - Rocketfish) Rocketfish Live! Central (HKLM\...\Rocketfish Live! Central) (Version: 2.01.05 - Creative Technology Ltd) Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio) Season Match Trilogy Bundle (HKLM\...\Season Match Trilogy Bundle) (Version: - Pogo.com) Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) StarOffice 9 (HKLM\...\{C5E4D0D0-EACC-4013-B48D-C3F104F21DCD}) (Version: 9.00.9358 - Sun Microsystems) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) The Weather Channel App (HKLM\...\The Weather Channel App) (Version: - ) The Weather Channel Desktop 6 (HKLM\...\The Weather Channel Desktop 6) (Version: - ) Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.) ==================== Restore Points ========================= 21-02-2014 16:33:41 Windows Update 24-02-2014 01:00:34 Windows Backup 25-02-2014 16:34:11 Windows Update 26-02-2014 04:13:19 Windows Update 27-02-2014 08:10:47 Windows Update 03-03-2014 03:43:03 Uniblue SpeedUpMyPC installation 03-03-2014 03:45:39 Uniblue SpeedUpMyPC installation 04-03-2014 15:35:32 Windows Update 05-03-2014 00:59:29 Removed DriverUpdate 05-03-2014 02:42:54 Windows Backup ==================== Hosts content: ========================== 2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2582DD21-7E83-477D-B4AA-874273FDA97E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {33949449-D204-46EB-A50E-9DFB73D7E047} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {3E016CBB-3300-40FE-95B9-5BCA6C4D1384} - System32\Tasks\Hoolapp Init => C:\Users\Linda\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION Task: {57E6FF42-4380-44A5-AE87-5B16030A4FB0} - System32\Tasks\Digital Sites => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {6BBBCB57-3DAF-4624-A9E7-182FF0E74CBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) Task: {6F9E0A39-2BE0-48B8-9833-ACF2BBF63198} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-03] (AVAST Software) Task: {817BA9BE-78E2-4043-A92A-21A22C69E78E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B2B9FCA6-F790-4F03-BE15-1F501EDC4C59} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {D941D18B-164D-40EE-9160-412A8EEBA051} - System32\Tasks\Hoolapp For Android => C:\Users\Linda\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {E3A09834-5CC3-41D8-B7A1-ED545D9E23FB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-03-04 17:17 - 2014-03-04 13:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll 2012-10-02 21:28 - 2013-02-09 18:35 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2012-09-29 10:22 - 2009-08-24 13:38 - 00068136 _____ () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE 2012-09-29 10:22 - 2009-03-13 10:30 - 00109096 _____ () C:\Program Files\Gigabyte\EasySaver\YCC.DLL 2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-02-11 13:29 - 2014-02-11 13:29 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2013-12-03 08:54 - 2013-12-03 08:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2008-07-29 13:55 - 2008-07-29 13:55 - 00969728 _____ () C:\Program Files\Sun\StarOffice 9\program\libxml2.dll 2014-02-16 19:53 - 2014-02-16 19:53 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:1992908D AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (03/04/2014 11:11:05 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 3325.24 MB Available physical RAM: 1454.67 MB Total Pagefile: 7926.53 MB Available Pagefile: 5802.61 MB Total Virtual: 2047.88 MB Available Virtual: 1876.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:86.29 GB) NTFS Drive d: (D:) (Fixed) (Total:298.08 GB) (Free:282.44 GB) NTFS Drive f: (My Book) (Fixed) (Total:1862.98 GB) (Free:1390.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: B8EDB8ED) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 41AB2316) Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2F4E8CEB) Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS) ==================== End Of Log ============================ Malwarebytes won't update. Run-time error '6' Overflow.... And the PC Tech Hotline green button is still stuck on every window. Did you want me to manually try to delete that out of the /STARTUP ? I didn't know if I was supposed to, so I just ran all the scans. Please let me know! Thank you for your help Mr. Lewis.

I know how to edit registry keys or whatever I have to do... Just let me know.

ok.. here is the RKill log... Rkill 2.6.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/04/2014 08:44:58 PM in x86 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 03/04/2014 08:45:44 PM Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s) ******* Malwarebytes would not update, I ran a scan anyways (8 days out of date) Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.25.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16518 Linda :: LINDA-PC [administrator] Protection: Enabled 3/4/2014 8:53:36 PM mbam-log-2014-03-04 (20-53-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 270015 Time elapsed: 23 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the Rogue Killer Scan Log File... RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Linda [Admin rights] Mode : Scan -- Date : 03/04/2014 21:23:14 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤ [V1][sUSP PATH] Digital Sites.job : C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND [V2][sUSP PATH] Digital Sites : C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND [V2][sUSP PATH] Hoolapp For Android : C:\Users\Linda\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND [V2][sUSP PATH] Hoolapp Init : C:\Users\Linda\AppData\Roaming\HOOLAP~1\Hoolapp.exe - /Minimized [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IAT @explorer.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Windows\system32\apphelp.dll @ 0x74EDFFF6) [inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7573DF8D) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS ATA Device +++++ --- User --- [MBR] f42a53e0e7e757691339fc3d419530ee [bSP] 140ff3ff9c70f55c711f143f0447330a : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3320620AS ATA Device +++++ --- User --- [MBR] 316db449043f7431217014b790ae9b70 [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) WD My Book 1230 USB Device +++++ --- User --- [MBR] 5c79b77e29524ea62bc1ab6beeaf8224 [bSP] 94c88b774af1df8940217c0641a49e62 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_03042014_212314.txt >> I'm doing all of this remotely through Team Viewer....

Wow.. Techbench!!!!! I never knew about it! (my fault for not looking) I'll be buying that goodness in a stick VERY shortly. Thank you for that! That will help greatly. And your very right.. I'm running a business, and I don't have the time. Just so you know, you guys have been my go-to for over 10 or 12 years now. You were my secret weapon back when you guys were totally free... (Loyal customer) First things first. here are the 2 logs ... .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 8/4/2012 12:18:08 PMSystem Uptime: 3/4/2014 7:35:34 PM (1 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | GA-990XA-UD3Processor: AMD FX-8120 Eight-Core Processor | Socket M2 | 3100/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 233 GiB total, 85.546 GiB free.D: is FIXED (NTFS) - 298 GiB total, 282.441 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP252: 2/18/2014 9:33:23 AM - Windows UpdateRP253: 2/21/2014 10:33:41 AM - Windows UpdateRP254: 2/23/2014 7:00:34 PM - Windows BackupRP255: 2/25/2014 10:34:11 AM - Windows UpdateRP256: 2/25/2014 10:13:19 PM - Windows UpdateRP257: 2/27/2014 2:10:47 AM - Windows UpdateRP259: 3/2/2014 9:43:03 PM - Uniblue SpeedUpMyPC installationRP261: 3/2/2014 9:45:39 PM - Uniblue SpeedUpMyPC installationRP262: 3/4/2014 9:35:32 AM - Windows UpdateRP263: 3/4/2014 6:59:29 PM - Removed DriverUpdate.==== Installed Programs ======================.@BIOS7-zip v9.20Adobe Acrobat X ProAdobe Digital EditionsAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdvanced Audio FX EngineAkamai NetSession InterfaceAmazon KindleArcadeCandy GamesAutoGreen B10.1021.1avast! Free AntivirusAvery TemplateAvery Wizard 3.1Barcode MakerBig Fish Games: Game ManagerClairvoyant: The Magician MysteryCompatibility Pack for the 2007 Office systemCore FTP LECore FTP LE 1.3cDolby Home Theater v4Dragon NaturallySpeaking 10Easy Duplicate Finder v. 3.2Easy Tune 6 B11.1124.1EasySaver B9.1214.1 Email Recovery for Mozilla Thunderbird v.1.2.0ePub Maker version 1.65Etron USB3.0 Host ControllerEudoraFileZilla Client 3.7.4.1Ghost WhispererGIMP 2.6.11GIMP 2.8.0Golden Trails 3: The Guardian's CreedJava 7 Update 51Java Auto UpdaterJutoh 1.72Magic Ball 2 New WorldsMailWasher ProMalwarebytes Anti-Malware version 1.75.0.1300Media Player Codec Pack 4.2.4Microsoft .NET Framework 4.5.1Microsoft Office Professional Edition 2003Microsoft VC9 runtime librariesMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Mobipocket Creator 4.2Mobipocket Reader 6.2Mozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird (2.0.0.24)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery Case Files®: Shadow Lake Collector's EditionNVIDIA 3D Vision Controller Driver 314.07NVIDIA 3D Vision Driver 314.07NVIDIA Control Panel 314.07NVIDIA DriversNVIDIA Graphics Driver 314.07NVIDIA HD Audio Driver 1.3.23.1NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.12.12NVIDIA Update ComponentsON_OFF Charge B11.1102.1OpenOffice.org 3.4Paint Shop Pro 7Pogo GamesPublishers' Assistant-EpicQuite Imposing 3 (English)RealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealUpgrade 1.1Rocketfish HD Webcam Pro Driver (1.00.06.00)Rocketfish Live! CentralRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Update ManagerSeason Match Trilogy BundleSecurity Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Skype Click to CallSkype™ 6.11StarOffice 9TeamViewer 9The Weather Channel AppThe Weather Channel Desktop 6Visual C++ Runtime for Dragon NaturallySpeaking.==== Event Viewer Messages From Past Week ========.3/4/2014 7:37:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== ***Second Log*** DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2Run by Linda at 20:22:21 on 2014-03-04Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3325.1659 [GMT -6:00].AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exeC:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exeC:\Program Files\Gigabyte\EasySaver\ESSVR.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\PCTechHotline\PCTechHotlineSvc.exeC:\Program Files\Pogo Games\PGMTrusted.exeC:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\TeamViewer\Version9\TeamViewer_Service.exeC:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exeC:\Windows\system32\taskhost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Realtek\Audio\HDA\RtHDVBg.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Real\RealPlayer\Update\realsched.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Sun\StarOffice 9\program\soffice.exeC:\Program Files\Sun\StarOffice 9\program\soffice.binC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exec:\program files\teamviewer\version9\TeamViewer.exeC:\Program Files\TeamViewer\Version9\tv_w32.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k SDRSVC.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, optimized for Bing and MSNuProxyOverride = <local>uURLSearchHooks: <No Name>: - LocalServer32 - <no file>BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startupuRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [RtHDVBg_Dolby] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE4 mRun: [Dolby Home Theater v4] "c:\program files\dolby home theater v4\pcee4.exe" -autostartmRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.inimRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam pro\live! central\RFLVCentral2.exe" /mode2mRun: [V0740Mon.exe] c:\windows\V0740Mon.exemRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /noguimRun: [PCTechHotline] "c:\program files\pctechhotline\PCTechHotline.exe" /STARTUPStartupFolder: c:\users\linda\appdata\roaming\micros~1\windows\startm~1\programs\startup\starof~1.lnk - c:\program files\sun\staroffice 9\program\quickstart.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.2TCP: Interfaces\{11E946F7-7D2C-4488-B39D-A954C08CEFB7} : DHCPNameServer = 12.175.230.61TCP: Interfaces\{53C5C4AA-309C-40A9-83C7-4632EA2FEAAA} : DHCPNameServer = 192.168.1.2Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllSSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - c:\users\linda\appdata\roaming\mozilla\firefox\profiles\0mrbr13r.default-1389812222052\FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dllFF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dllFF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dllFF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dllFF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-2 49944]R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-2 178304]R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-9-29 19056]R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-4 18544]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-4 774392]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-4 403440]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-4 35656]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-4 70384]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-3 50344]R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2012-9-29 68136]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-15 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-15 701512]R2 PCTechHotlineSvc;PCTechHotlineService;c:\program files\pctechhotline\PCTechHotlineSvc.exe [2014-3-3 701800]R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-10-31 519920]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-2-9 383264]R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-1-8 4915040]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2013-8-26 144640]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-7-28 44928]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-7-28 64256]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-3-4 31560]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-15 22856]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-9-29 414824]R3 V0740Vid;Rocketfish HD Webcam Pro Driver;c:\windows\system32\drivers\V0740Vid.sys [2013-8-26 322880]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2012-9-29 24944]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-14 108032]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-4 1343400]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520].=============== Created Last 30 ================.2014-03-05 02:03:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2014-03-05 02:03:16 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-05 01:30:07 -------- d-----w- c:\windows\ERUNT2014-03-05 01:20:37 -------- d-----w- C:\AdwCleaner2014-03-04 15:36:08 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ccb6791c-2ccb-4f56-a51b-8a999f1aed26}\mpengine.dll2014-03-03 06:00:38 -------- d-----w- c:\users\linda\appdata\roaming\PC Tech Hotline2014-03-03 06:00:17 -------- d-----w- c:\program files\PCTechHotline2014-03-03 05:57:41 -------- d-----w- c:\users\linda\appdata\local\SlimWare Utilities Inc2014-03-03 05:57:27 -------- d-----w- c:\program files\DriverUpdate2014-03-03 03:46:25 -------- d-----w- c:\users\linda\appdata\local\Tuguu_SL2014-02-26 04:14:48 -------- d-----w- c:\windows\Migration2014-02-14 07:14:01 251392 ----a-w- c:\program files\internet explorer\IEShims.dll2014-02-14 07:14:01 235224 ----a-w- c:\program files\internet explorer\sqmapi.dll2014-02-14 07:14:00 7211008 ----a-w- c:\program files\internet explorer\F12Resources.dll2014-02-14 07:14:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2014-02-14 07:14:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb2014-02-14 07:14:00 271360 ----a-w- c:\program files\internet explorer\ieproxy.dll2014-02-14 07:05:05 454656 ----a-w- c:\windows\system32\vbscript.dll2014-02-13 15:46:11 2048 ----a-w- c:\windows\system32\msxml3r.dll2014-02-13 15:46:11 1237504 ----a-w- c:\windows\system32\msxml3.dll2014-02-13 15:46:01 1987584 ----a-w- c:\windows\system32\d3d10warp.dll2014-02-13 15:46:00 3419136 ----a-w- c:\windows\system32\d2d1.dll2014-02-13 15:45:58 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe2014-02-13 15:45:58 572416 ----a-w- c:\windows\system32\RMActivate.exe2014-02-13 15:45:57 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll2014-02-13 15:45:57 87040 ----a-w- c:\windows\system32\secproc_ssp.dll2014-02-13 15:45:57 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe2014-02-13 15:45:57 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe2014-02-13 15:45:57 428032 ----a-w- c:\windows\system32\secproc.dll2014-02-13 15:45:57 423936 ----a-w- c:\windows\system32\secproc_isv.dll2014-02-13 15:45:57 390144 ----a-w- c:\windows\system32\msdrm.dll.==================== Find3M ====================.2014-03-05 01:35:55 17488 ----a-w- c:\windows\gdrv.sys2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll2014-02-06 01:16:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-02-06 01:16:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-12-19 03:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-12-18 12:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe.============= FINISH: 20:23:16.77 ===============

What can I do with this thing... Malwarebytes won't update now (7 days out of date), I've removed 6 or so programs from the add/remove programs list including search dial... I've ran adwcleaner, and Junkware removal tool.... Still the sticky ***BLEEP*** is still on every window you open up. Malwarebytes still won't update..

I posted yesterday, and I haven't heard from anyone! I'll upload the logs. Please see my previous post https://forums.malwarebytes.org/index.php?showtopic=143179%C2'> I really need some help guys, I would certainly appreciate it!! I've gotten no replies at all! ComboFix.txt hijackthis.log

I'm seeing AVG stuff in there.. there should be no avg on this cpu! Anyways, Your help would be GREATLY appreciated! Thanks again guys! I rely on you for over 150+ computers I've installed your software on for my clients!

Here is the ComboFix Log... ComboFix 14-02-24.02 - Darrell 02/27/2014 18:36:53.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1349 [GMT -6:00] Running from: c:\users\Darrell\Downloads\ComboFix.exe AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-01-28 to 2014-02-28 ))))))))))))))))))))))))))))))) . . 2014-02-28 00:45 . 2014-02-28 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-27 22:57 . 2014-02-27 22:57 388096 ----a-r- c:\users\Darrell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-02-27 22:57 . 2014-02-27 22:57 -------- d-----w- c:\program files (x86)\Trend Micro 2014-02-27 22:50 . 2014-02-27 22:50 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-02-27 21:46 . 2014-02-27 21:46 -------- d-----w- c:\users\Darrell\AppData\Roaming\Malwarebytes 2014-02-27 21:46 . 2014-02-27 21:46 -------- d-----w- c:\programdata\Malwarebytes 2014-02-27 21:46 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-27 21:46 . 2014-02-27 21:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-02-26 09:04 . 2014-02-26 09:04 -------- d-----w- c:\windows\Migration 2014-02-25 10:59 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{471E6C75-47F0-476B-94C7-D58230021405}\mpengine.dll 2014-02-21 06:12 . 2014-02-13 00:37 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2014-02-20 04:51 . 2014-02-20 04:52 -------- d-----w- c:\users\PawPrints 2014-02-13 09:02 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-13 09:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-12 09:34 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll 2014-02-12 09:33 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-02-12 09:33 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-02-12 09:33 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-02-12 09:33 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-23 22:45 . 2012-06-05 22:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-23 22:45 . 2011-06-30 18:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 15:05 . 2013-12-04 05:48 440672 ----a-w- c:\windows\system32\drivers\aswndisflt.sys 2014-02-17 09:00 . 2011-11-05 18:31 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-02-09 20:04 . 2014-01-01 20:23 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-02-09 20:04 . 2012-04-28 07:35 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-02-09 20:04 . 2012-04-28 07:34 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-02-09 20:04 . 2012-04-28 07:34 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-02-09 20:04 . 2012-04-28 07:34 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-02-09 20:04 . 2012-04-28 07:34 43152 ----a-w- c:\windows\avastSS.scr 2014-01-16 00:42 . 2014-01-16 00:42 608032 ----a-w- C:\SecurityScanner.dll 2014-01-01 20:22 . 2013-04-03 04:43 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-19 03:09 . 2014-01-19 15:27 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-18 12:13 . 2012-04-28 17:41 270496 ------w- c:\windows\system32\MpSigStub.exe 2013-12-04 05:53 . 2013-04-03 04:43 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-12-04 05:53 . 2012-04-28 07:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-12-04 05:53 . 2013-12-04 05:48 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-12-03 09:12 . 2013-12-03 09:12 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-03 09:12 . 2013-12-03 09:12 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-03 09:12 . 2013-12-03 09:12 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-03 09:12 . 2013-12-03 09:12 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-03 09:12 . 2013-12-03 09:12 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-03 09:12 . 2013-12-03 09:12 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-03 09:12 . 2013-12-03 09:12 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-03 09:12 . 2013-12-03 09:12 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-03 09:12 . 2013-12-03 09:12 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-03 09:12 . 2013-12-03 09:12 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-03 09:12 . 2013-12-03 09:12 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-03 09:12 . 2013-12-03 09:12 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-03 09:12 . 2013-12-03 09:12 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-03 09:12 . 2013-12-03 09:12 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-03 09:12 . 2013-12-03 09:12 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-03 09:12 . 2013-12-03 09:12 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-03 09:12 . 2013-12-03 09:12 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-03 09:12 . 2013-12-03 09:12 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-03 09:12 . 2013-12-03 09:12 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-03 09:12 . 2013-12-03 09:12 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-03 09:12 . 2013-12-03 09:12 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-03 09:12 . 2013-12-03 09:12 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-03 09:12 . 2013-12-03 09:12 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-03 09:12 . 2013-12-03 09:12 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-03 09:12 . 2013-12-03 09:12 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-03 09:12 . 2013-12-03 09:12 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-03 09:12 . 2013-12-03 09:12 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-03 09:12 . 2013-12-03 09:12 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-03 09:12 . 2013-12-03 09:12 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-03 09:12 . 2013-12-03 09:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-03 09:12 . 2013-12-03 09:12 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-03 09:12 . 2013-12-03 09:12 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-03 09:12 . 2013-12-03 09:12 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-03 09:12 . 2013-12-03 09:12 413696 ----a-w- c:\windows\system32\html.iec 2013-12-03 09:12 . 2013-12-03 09:12 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-03 09:12 . 2013-12-03 09:12 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-03 09:12 . 2013-12-03 09:12 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-03 09:12 . 2013-12-03 09:12 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-03 09:12 . 2013-12-03 09:12 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-03 09:12 . 2013-12-03 09:12 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-03 09:12 . 2013-12-03 09:12 235520 ----a-w- c:\windows\system32\url.dll 2013-12-03 09:12 . 2013-12-03 09:12 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-03 09:12 . 2013-12-03 09:12 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-03 09:12 . 2013-12-03 09:12 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-03 09:12 . 2013-12-03 09:12 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-03 09:12 . 2013-12-03 09:12 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-12-03 09:12 . 2013-12-03 09:12 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-03 09:12 . 2013-12-03 09:12 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-03 09:12 . 2013-12-03 09:12 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-03 09:12 . 2013-12-03 09:12 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-03 09:12 . 2013-12-03 09:12 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-03 09:12 . 2013-12-03 09:12 101376 ----a-w- c:\windows\system32\inseng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] c:\program files (x86)\Yontoo Layers\YontooIEClient.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmazonMP3DownloaderHelper"="c:\users\Darrell\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-09 400704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-04-10 295512] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-09 3767096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjYxNjM5NDY0LUZMMTArMS1ERFQrNDA4MTMtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRjEwTTEyQisxLUYxMFRCKzItU1QxMFRCRisx∏=90&ver=10.0.1424" [?] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-15 6282040] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-1-16 1182536] QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2013\QBW32.EXE -silent [2014-1-16 1185096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe;c:\windows\SYSNATIVE\lxbmcoms.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [x] S3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-22 02:55 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 22:45] . 2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22 09:21] . 2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22 09:21] . 2014-02-05 c:\windows\Tasks\HPCeeScheduleForDARRELL-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43] . 2014-02-27 c:\windows\Tasks\HPCeeScheduleForDarrell.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-02-09 20:04 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] "lxbmmon.exe"="c:\program files (x86)\Lexmark 4200 Series\lxbmmon.exe" [2009-04-27 230056] "GENIE"="c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2013-02-18 348888] "LanuchApp"="c:\program files (x86)\NETGEAR\A6200\LanuchApp.exe" [2012-07-11 15136] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.2 Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\u5qx8n0b.default\ FF - prefs.js: browser.search.selectedEngine - Bing . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-02-27 18:49:09 ComboFix-quarantined-files.txt 2014-02-28 00:49 ComboFix2.txt 2014-02-27 23:38 . Pre-Run: 385,220,739,072 bytes free Post-Run: 384,922,578,944 bytes free . - - End Of File - - D018066BC3548D43C1F224F50E8CF540 1F691FF5B785D6413BC581CC9565F0D8

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:33:10 PM, on 2/27/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (file missing) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjYxNjM5NDY0LUZMMTArMS1ERFQrNDA4MTMtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRjEwTTEyQisxLUYxMFRCKzItU1QxMFRCRisx"&"prod=90"&"ver=10.0.1424 O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\Darrell\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbm_device - - C:\Windows\system32\lxbmcoms.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: PGMTrusted - iWin Inc. - C:\Program Files (x86)\Pogo Games\PGMTrusted.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: NETGEAR A6200 Service (WNDA6200) - Unknown owner - C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe -- End of file - 15284 bytes

Wheww... I met my match on this one I guess. Problem: Can't update malwarebytes "Run-time error '6' Overflow, also screensaver is saying no accelerated graphics found or enabled etc.. etc... And notifyapp can't connect (I haven't addressed this one yet) That's how it started. Then a whole new bag of worms. I started out in safe mode, and couldn't update malwarebytes. I tried chameleon, didn't work updating either. I used mbam-clean, re-installed, and I still couldn't update so that didn't work. I tried Chameleon again... no go.. I ran Hijack this, ( can't find the log file) I know it created a restore point... I ran combofix... Can't find the log either.. ughh. Today must be an off day. Combo fix deleted a bunch of files, I know you need the logs... I'll try to do the steps again and get the logs for you. Any idea's while I'm getting the logs would be great... Thanks!