Can't enable website blocking

hhdanemom · October 22, 2013

I posted in the below Help forum because I couldn't check the "enable malicious website blocking" part of protection. I was told possibly infected and to move query over here to ask for help. I'm pasting in the requested logs below.

Old thread: https://forums.malwarebytes.org/index.php?showtopic=135199#entry744568

-- Hi I have been using Pro for sometime but on Thurs I noticed that my blue icon is now grey and I cannot check off to enable website blocking. Everything else seems to work, but I am concerned. I have run Chameleon and Anti-Rootkit and they seem to have come up clean. I have uninstalled and reinstalled, and many reboots, but still cannot check that box!.

On Thursday nite I submitted my problem to the "Paying customer -- Contact Support via email" but have received no reply (It's now Sunday evening). I am not able to do what I need to do on this computer because I'm afraid there is a malware problem since when I search on this problem those are the results that most often come up.

I was using MSE along with Pro, but today changed to AVG.

thanks for any good advice I can get!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16720

Run by Harlequin Haven at 17:17:33 on 2013-10-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.2394 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2014\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe

C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Program Files (x86)\Xobni\XobniService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Windows\SysWOW64\WinMsgBalloonServer.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Creative Element Power Tools\Startup.exe

C:\Windows\system32\RunDll32.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Notepad++\notepad++.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\deepinvent\MailStore Home\MailStoreHome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Streets & Trips 2010\StreetsOlkShim.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrvx.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRunOnce: [ (A0)] cmd /c "C:\Users\Harlequin Haven\Desktop\software\mbar\mbar.exe" /rdv /s

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\HARLEQ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Creative Element Power Tools Startup.lnk - C:\Program Files (x86)\Creative Element Power Tools\Startup.exe

StartupFolder: C:\Users\HARLEQ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk - C:\Windows\System32\RunDll32.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.254.254

TCP: Interfaces\{4DFAA3EC-847A-4646-880E-104273B15845} : DHCPNameServer = 192.168.254.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 wdcs.trendmicro.com

Hosts: 127.0.0.1 ads.bleepingcomputer.com

Hosts: 127.0.0.1 ox-d.majorgeeks.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 metrics.bitdefender.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-10-20 13:29; wrc@avast.com; C:\PROGRA~1\AVAST Software\Avast\WebRep\FF

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-5-18 231224]

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]

R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\48230029.sys [2013-10-20 116440]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-12 203264]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-25 1358944]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-20 701512]

R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [2010-6-17 206120]

R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [2010-6-17 185640]

R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-8-14 1042808]

R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-8-14 270704]

R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2012-4-9 62184]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-2 172704]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-20 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-7-24 852256]

R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2007-6-8 219544]

R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2008-6-3 168864]

R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2008-8-1 306560]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-4-21 251496]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-24 346144]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-17 46136]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-18 1038088]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-6-12 30192]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-21 19456]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-4-21 16152]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-21 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-31 1255736]

SUnknown mbamchameleon;mbamchameleon; [x]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]

FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"

.

=============== Created Last 30 ================

.

2013-10-20 20:59:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-10-20 20:59:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-20 20:06:01 116440 ----a-w- C:\Windows\System32\drivers\48230029.sys

2013-10-20 20:05:23 91352 ----a-w- C:\Windows\System32\drivers\37EE5C39.sys

2013-10-20 19:14:35 -------- d-----w- C:\Users\Harlequin Haven\AppData\Roaming\AVG2014

2013-10-20 19:13:48 -------- d-----w- C:\Users\Harlequin Haven\AppData\Roaming\TuneUp Software

2013-10-20 19:11:23 -------- d-----w- C:\ProgramData\AVG2014

2013-10-20 19:03:57 -------- d-----w- C:\Users\Harlequin Haven\AppData\Local\MFAData

2013-10-20 19:03:57 -------- d-----w- C:\Users\Harlequin Haven\AppData\Local\Avg2014

2013-10-20 18:37:50 -------- d-----w- C:\Program Files\AVAST Software

2013-10-20 17:26:18 -------- d-----w- C:\Program Files\CCleaner

2013-10-20 16:26:48 -------- d-----w- C:\Users\Harlequin Haven\AppData\Roaming\AVAST Software

2013-10-20 16:22:36 -------- d-----w- C:\ProgramData\AVAST Software

2013-10-18 12:45:44 24 --sha-w- C:\Users\Harlequin Haven\AppData\Roaming\1D959CA221C7573.sys

2013-10-18 12:45:30 -------- d-----w- C:\Program Files (x86)\jv16 PowerTools 2014

2013-10-18 01:43:19 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-17 21:27:10 -------- d-----w- C:\Program Files\Western Digital

2013-10-10 07:49:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-10 07:49:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-09 17:14:16 633856 ----a-w- C:\Windows\System32\comctl32.dll

2013-10-09 17:13:59 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-10-09 17:07:21 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-10-09 17:07:21 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-10-09 17:07:21 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-10-09 17:07:21 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-10-09 17:07:21 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-10-09 17:07:21 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-10-09 17:07:21 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-09-26 13:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys

2013-09-26 01:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys

2013-09-23 22:33:36 271256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

.

==================== Find3M ====================

.

2013-10-12 20:38:43 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys

2013-10-09 10:19:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-09 10:19:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-09 02:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-02 14:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-09-02 14:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-09-02 14:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-09-02 14:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll

2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll

2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll

2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll

2013-08-21 02:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-08-01 20:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2012-11-14 11:05:55 34693120 ----a-w- C:\Program Files (x86)\GUTECD1.tmp

.

============= FINISH: 17:18:07.02 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/30/2010 10:32:29 PM

System Uptime: 10/20/2013 4:07:56 PM (1 hours ago)

.

Motherboard: FOXCONN | | 2A92

Processor: AMD Athlon II X4 635 Processor | CPU 1 | 2900/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 738.199 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.415 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 1863 GiB total, 1270.638 GiB free.

L: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP945: 10/19/2013 8:20:00 PM - Scheduled Checkpoint

RP946: 10/20/2013 12:23:12 PM - avast! antivirus system restore point

RP947: 10/20/2013 12:58:05 PM - Removed HP MediaSmart/TouchSmart Netflix

RP948: 10/20/2013 12:59:47 PM - Removed HP Officejet 6700 Product Improvement Study

RP949: 10/20/2013 1:01:49 PM - Removed Spinco Download Manager

RP950: 10/20/2013 1:28:26 PM - avast! antivirus system restore point

RP951: 10/20/2013 2:20:55 PM - Removed QuickTime

RP952: 10/20/2013 2:37:00 PM - avast! antivirus system restore point

RP953: 10/20/2013 3:10:15 PM - Installed AVG 2014

RP954: 10/20/2013 3:10:44 PM - Installed AVG 2014

RP955: 10/20/2013 4:41:11 PM - Configured HP

.

==== Hosts File Hijack ======================

.

Hosts: 127.0.0.1 wdcs.trendmicro.com

Hosts: 127.0.0.1 ads.bleepingcomputer.com

Hosts: 127.0.0.1 ox-d.majorgeeks.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

.

==== Installed Programs ======================

.

Adobe Acrobat 9 Pro

Adobe Acrobat 9.5.5 - CPSID_83708

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Drive CS4 x64

Adobe ExtendScript Toolkit CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

AVG 2014

Catalyst Control Center InstallProxy

CCleaner

CinemaNow Media Manager

Compatibility Pack for the 2007 Office system

Connect

Corel PaintShop Photo Pro X3

Creative Element Power Tools

CyberLink DVD Suite Deluxe

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Webcam Central

DHTML Editing Component

DriveImage XML (Private Edition)

DVD Menu Pack for HP MediaSmart Video

Google Apps

Google Chrome

Google Desktop

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GroupMail :: Personal Edition

Hardware Diagnostic Tools

Hewlett-Packard ACLM.NET v1.1.2.0

HP Advisor

HP Customer Experience Enhancements

HP FWUpdateEDO2

HP MediaSmart CinemaNow 2.0

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP Odometer

HP Officejet 6700 Basic Device Software

HP Officejet 6700 Help

HP Setup

HP Support Information

HP Update

HPDiagnosticAlert

I.R.I.S. OCR

ICA

IPM_PSP_CL

IPM_PSP_COM

Ipswitch WS_FTP 12

jv16 PowerTools 2012

jv16 PowerTools 2014

kuler

LabelPrint

LightScribe System Software

MailStore Home 8.1.0.9075

Malwarebytes Anti-Malware version 1.75.0.1300

Metron

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Expression Design 4

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Expression Web 4

Microsoft Expression Web 4 Service Pack 2

Microsoft Mouse and Keyboard Center

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access database engine 2007 (English)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Streets & Trips 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable Package

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Microsoft_VC90_CRT_x86

Monitor Webcam Driver (1.01.02.0804)

Mozilla Firefox 24.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

muvee Reveal Seagate Edition

MyDefrag v4.2.9

Notepad++

PDF Settings CS4

PhotoNow!

Photoshop Camera Raw

Photoshop Camera Raw_x64

Picasa 3

PlayReady PC Runtime amd64

Power2Go

PowerDirector

PrimoPDF -- brought to you by Nitro PDF Software

PSPPContent

PSPPRO_DCRAW

RadiAnt DICOM Viewer (64-bit)

RAIDXpert

Ralink RT2860 Wireless LAN Card

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Recovery Manager

Roxio CinemaNow 2.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft Expression Design 4 (KB2667730)

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Setup

Spinco Download Manager

SpywareBlaster 5.0

Suite Shared Configuration CS4

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

Visual Studio 2012 x64 Redistributables

Visual Studio 2012 x86 Redistributables

WD Drive Utilities

WD Quick View

WD SmartWare

WD SmartWare Installer

Xobni

Xobni Core

.

==== Event Viewer Messages From Past Week ========

.

10/20/2013 6:15:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.294.0).

10/20/2013 6:14:49 AM, Error: Microsoft Antimalware [2001] -

10/20/2013 6:14:46 AM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

10/20/2013 6:14:46 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

10/20/2013 4:09:42 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

10/20/2013 4:09:42 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

10/20/2013 4:09:40 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

10/20/2013 4:05:23 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

10/20/2013 3:36:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}

10/20/2013 3:36:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {59484148-65C9-4467-A092-3F8380023772}

10/20/2013 3:35:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2013 3:35:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/20/2013 3:35:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/20/2013 3:35:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/20/2013 3:35:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/20/2013 3:35:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/20/2013 3:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/20/2013 3:35:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiska Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2013 3:35:14 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2013 3:19:19 PM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.

10/20/2013 2:14:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

10/20/2013 2:13:35 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

10/20/2013 2:13:29 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/20/2013 2:13:29 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/20/2013 2:13:29 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/20/2013 2:13:29 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.

10/20/2013 2:13:29 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

10/20/2013 2:13:29 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

10/20/2013 2:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/20/2013 2:13:29 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.

10/20/2013 1:47:21 PM, Error: Service Control Manager [7034] - The PCPitstop Scheduling service terminated unexpectedly. It has done this 1 time(s).

10/20/2013 1:11:51 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/20/2013 1:11:51 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

10/20/2013 1:11:50 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/20/2013 1:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

10/19/2013 9:21:20 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

10/19/2013 6:13:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.246.0).

10/19/2013 5:48:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

10/18/2013 6:16:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.159.0).

10/17/2013 9:31:26 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

10/17/2013 6:27:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.87.0).

10/17/2013 1:42:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.53.0).

10/15/2013 8:42:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2288.0).

10/15/2013 2:22:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2225.0).

10/14/2013 7:09:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2190.0).

10/14/2013 6:25:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2127.0).

10/13/2013 6:16:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2102.0).

10/13/2013 6:10:07 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

10/13/2013 2:54:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2116.0).

.

==== End Of File ===========================

AdvancedSetup · October 22, 2013

The system appears to probably be infected.

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

hhdanemom · October 23, 2013

ComboFix 13-10-21.01 - Harlequin Haven 10/22/2013 21:01:35.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.4431 [GMT -4:00]

Running from: c:\users\Harlequin Haven\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml

c:\programdata\99D2FE82C3.sys

c:\users\Harlequin Haven\AppData\Roaming\1D959CA221C7573.sys

c:\windows\SysWow64\aosmtp.dll

.

((((((((((((((((((((((((( Files Created from 2013-09-23 to 2013-10-23 )))))))))))))))))))))))))))))))

.

2013-10-23 01:12 . 2013-10-23 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-23 00:49 . 2013-10-23 00:49 650 ----a-w- C:\FixitRegBackup.reg

2013-10-20 20:59 . 2013-10-20 20:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-10-20 20:59 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-20 20:06 . 2013-10-20 20:06 116440 ----a-w- c:\windows\system32\drivers\48230029.sys

2013-10-20 20:05 . 2013-10-20 20:05 91352 ----a-w- c:\windows\system32\drivers\37EE5C39.sys

2013-10-20 19:13 . 2013-10-20 19:13 -------- d-----w- c:\users\Harlequin Haven\AppData\Roaming\TuneUp Software

2013-10-20 19:11 . 2013-10-23 01:15 -------- d-----w- c:\programdata\AVG2014

2013-10-20 19:03 . 2013-10-20 19:03 -------- d-----w- c:\users\Harlequin Haven\AppData\Local\MFAData

2013-10-20 18:37 . 2013-10-20 19:36 -------- d-----w- c:\program files\AVAST Software

2013-10-20 17:26 . 2013-10-20 17:26 -------- d-----w- c:\program files\CCleaner

2013-10-20 16:26 . 2013-10-20 16:26 -------- d-----w- c:\users\Harlequin Haven\AppData\Roaming\AVAST Software

2013-10-20 16:22 . 2013-10-20 18:36 -------- d-----w- c:\programdata\AVAST Software

2013-10-18 12:45 . 2013-10-20 17:08 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2014

2013-10-18 01:43 . 2013-10-20 20:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-17 21:27 . 2013-10-17 21:27 -------- d-----w- c:\program files\Western Digital

2013-10-10 07:49 . 2013-09-21 03:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-10-10 07:49 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-10-09 17:14 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll

2013-10-09 17:13 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-10-09 17:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-09 17:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-09 17:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-09 17:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-09 17:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-09 17:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-09 17:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-09-23 22:33 . 2013-09-11 02:28 271256 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-12 20:38 . 2011-06-17 18:59 2828 --sha-w- c:\programdata\KGyGaAvL.sys

2013-10-10 07:14 . 2010-09-02 00:17 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-10-09 10:19 . 2012-04-01 20:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-09 10:19 . 2011-05-17 16:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-29 01:48 . 2013-10-09 17:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-05 02:25 . 2013-09-12 10:55 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 02:14 . 2013-09-12 10:55 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 02:13 . 2013-09-12 10:55 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 02:13 . 2013-09-12 10:55 1161216 ----a-w- c:\windows\system32\kernel32.dll

2013-08-02 02:12 . 2013-09-12 10:55 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-08-02 02:12 . 2013-09-12 10:55 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 6656 ----a-w- c:\windows\system32\apisetschema.dll

2013-08-02 02:12 . 2013-09-12 10:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-08-02 01:50 . 2013-09-12 10:55 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2013-08-02 01:48 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2013-08-02 01:09 . 2013-09-12 10:55 338432 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:59 . 2013-09-12 10:55 112640 ----a-w- c:\windows\system32\smss.exe

2013-08-02 00:43 . 2013-09-12 10:54 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-07-26 02:24 . 2013-09-12 10:54 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-07-26 02:24 . 2013-09-12 10:54 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-07-25 09:25 . 2013-08-14 10:57 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-14 10:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2012-11-14 11:05 . 2012-11-14 11:04 34693120 ----a-w- c:\program files (x86)\GUTECD1.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-31 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-08-14 5537136]

.

c:\users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Creative Element Power Tools Startup.lnk - c:\program files (x86)\Creative Element Power Tools\Startup.exe [2010-9-2 265384]

Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN22G1G26P05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files (x86)\NCNETWORKSDM\bin\sprtsvc.exe;c:\program files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [x]

S2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files (x86)\NCNETWORKSDM\bin\tgsrvc.exe;c:\program files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [x]

S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]

S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]

S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys;c:\windows\SYSNATIVE\Drivers\OA002Afx.sys [x]

S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Ufd.sys [x]

S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Vid.sys [x]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-17 20:37 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:19]

.

2011-09-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-31 09:13]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 01:40]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 01:40]

.

2013-10-23 c:\windows\Tasks\HPCeeScheduleForHarlequin Haven.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

2013-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

------- File Associations -------

.

.txt=Notepad++_file

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]

@Denied: (A 2 3) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]

@="%SystemRoot%\\Explorer.exe"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]

@="DAO.Client"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]

@="{F86A7697-B88F-1300-8336-6A6969707277}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

c:\program files (x86)\SpywareBlaster\sbautoupdate.exe

c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2013-10-22 21:32:29 - machine was rebooted

ComboFix-quarantined-files.txt 2013-10-23 01:32

.

Pre-Run: 784,745,828,352 bytes free

Post-Run: 785,517,744,128 bytes free

.

- - End Of File - - 2769E7AABE846D78EE3F5752BC6E4E9C

AdvancedSetup · October 23, 2013

Please uninstall Microsoft Security Essentials you should not have 2 antivirus programs installed at the same time.

After you've uninstalled Microsoft Security Essentials then please do the following.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

hhdanemom · October 23, 2013

Microsoft Security Essentials is not showing as a program on my computer and I have tried everything I could find to uninstall it and yet it appears to still be here. How do I get it off?

hhdanemom · October 23, 2013

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 FAT32

Internet Explorer 10.0.9200.16721

Harlequin Haven :: HARLEQUINHAVEN [administrator]

10/23/2013 8:47:03 AM

mbar-log-2013-10-23 (08-47-03).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 260250

Time elapsed: 27 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.200000 GHz

Memory total: 3353337856, free: 1980747776

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: FAT32

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.900000 GHz

Memory total: 6165516288, free: 3136942080

No address found

=======================================

Initializing...

------------ Kernel report ------------

10/23/2013 08:44:37

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie64.sys

\SystemRoot\system32\DRIVERS\ahcix64s.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\netr28x.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_ahcix64s.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\drivers\usbscan.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\wdcsam64.sys

\SystemRoot\system32\DRIVERS\point64.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\RtsUStor.sys

\SystemRoot\system32\DRIVERS\OA002Vid.sys

\SystemRoot\system32\DRIVERS\OA002Ufd.sys

\SystemRoot\system32\drivers\usbaudio.sys

\??\C:\Windows\system32\Drivers\OA002Afx.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\adfs.SYS

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\Drivers\PROCEXP113.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\wininet.dll

\Windows\System32\usp10.dll

\Windows\System32\shlwapi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\imagehlp.dll

\Windows\System32\nsi.dll

\Windows\System32\psapi.dll

\Windows\System32\shell32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\gdi32.dll

\Windows\System32\difxapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\sechost.dll

\Windows\System32\Wldap32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\lpk.dll

\Windows\System32\setupapi.dll

\Windows\System32\iertutil.dll

\Windows\System32\user32.dll

\Windows\System32\normaliz.dll

\Windows\System32\msvcrt.dll

\Windows\System32\kernel32.dll

\Windows\System32\urlmon.dll

\Windows\System32\msctf.dll

\Windows\System32\ole32.dll

\Windows\System32\imm32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR7

Upper Device Object: 0xfffffa8005216420

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000b7\

Lower Device Object: 0xfffffa80056df120

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8007d6a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000086\

Lower Device Object: 0xfffffa8007d65b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8007d2d060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007a\

Lower Device Object: 0xfffffa8007d22b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8005b4a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000005b\

Lower Device Object: 0xfffffa80059e89c0

Lower Device Driver Name: \Driver\ahcix64s\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8005b4a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005b4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005b4a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80059e89c0, DeviceName: \Device\0000005b\, DriverName: \Driver\ahcix64s\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7E1BE820

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1928431616

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1928638464 Numsec = 24483840

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8007d2d060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007d2d910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007d2d060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007d22b60, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 5F107

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 3906961408

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000365289472 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8007d6a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007d6ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007d6a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007d65b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 512

Drive: 3, DevicePointer: 0xfffffa8005216420, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006276540, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005216420, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80056df120, DeviceName: \Device\000000b7\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 3

Scanning MBR on drive 3...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 15759702

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 8086618112 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_3_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_3_0_63_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_3_r.mbam...

Removal finished

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Home Premium x64

Ran by Harlequin Haven on Wed 10/23/2013 at 9:26:52.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"

Successfully deleted: [Folder] "C:\Users\Harlequin Haven\appdata\local\blekkotb_031"

Successfully deleted: [Folder] "C:\Users\Harlequin Haven\appdata\local\opencandy"

~~~ FireFox

Successfully deleted: [File] C:\Users\Harlequin Haven\AppData\Roaming\mozilla\firefox\profiles\cfzxxe6w.default\user.js

Successfully deleted the following from C:\Users\Harlequin Haven\AppData\Roaming\mozilla\firefox\profiles\cfzxxe6w.default\prefs.js

user_pref("browser.search.order.1", "Blekko");

Emptied folder: C:\Users\Harlequin Haven\AppData\Roaming\mozilla\firefox\profiles\cfzxxe6w.default\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Harlequin Haven\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 10/23/2013 at 9:33:48.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adw cleaner - found no threats and did not make a file

C:\Users\Harlequin Haven\Desktop\software\cnet2_radiantsetup1044439b_exe.exe a variant of Win32/InstallCore.D application

C:\Users\Harlequin Haven\Documents\Downloaded Program Updates\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application

C:\Users\Harlequin Haven\Documents\Downloaded Program Updates\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013

Ran by Harlequin Haven (administrator) on HARLEQUINHAVEN on 23-10-2013 17:10:10

Running from C:\Users\Harlequin Haven\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Creative Element) C:\Program Files (x86)\Creative Element Power Tools\Startup.exe

(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe

(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe

(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

() C:\Windows\SysWOW64\WinMsgBalloonServer.exe

() C:\Windows\SysWOW64\WinMsgBalloonClient.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

() C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe

() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-30] (Google Inc.)

HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)

HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)

HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)

Startup: C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk

ShortcutTarget: Creative Element Power Tools Startup.lnk -> C:\Program Files (x86)\Creative Element Power Tools\Startup.exe (Creative Element)

Startup: C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {FCE4C95B-B382-4B50-AFFA-B828DCFC277C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {FCE4C95B-B382-4B50-AFFA-B828DCFC277C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=9wlanbUVL0ztdrBXpcwJMZtkt5c?q={searchTerms}

SearchScopes: HKCU - {FCE4C95B-B382-4B50-AFFA-B828DCFC277C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:

========

FF ProfilePath: C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_43 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml

FF Extension: No Name - C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

Chrome:

=======

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (YouTube) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Adblock Plus) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0

CHR Extension: (Google Search) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)

S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-06-12] (Google)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)

R2 sprtsvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [206120 2010-06-17] (SupportSoft, Inc.)

R2 tgsrvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [185640 2010-06-17] (SupportSoft, Inc.)

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)

R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [63096 2013-06-18] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-04-21] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-23 17:10 - 2013-10-23 17:10 - 00000000 ____D C:\FRST

2013-10-23 17:08 - 2013-10-23 17:09 - 01955374 _____ (Farbar) C:\Users\Harlequin Haven\Desktop\FRST64.exe

2013-10-23 17:06 - 2013-10-23 17:06 - 00000389 _____ C:\Users\Harlequin Haven\Desktop\threats found.txt

2013-10-23 12:41 - 2013-10-23 12:41 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-23 11:01 - 2013-10-23 11:33 - 00000000 ____D C:\AdwCleaner

2013-10-23 10:39 - 2013-10-23 10:39 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\abzutsfs.sys

2013-10-23 10:08 - 2013-10-23 10:08 - 01060070 _____ C:\Users\Harlequin Haven\Desktop\AdwCleaner.exe

2013-10-23 09:33 - 2013-10-23 09:33 - 00003618 _____ C:\Users\Harlequin Haven\Desktop\JRT.txt

2013-10-23 09:26 - 2013-10-23 09:26 - 00000000 ____D C:\Windows\ERUNT

2013-10-23 08:38 - 2013-10-23 08:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-22 21:32 - 2013-10-22 21:32 - 00027584 _____ C:\ComboFix.txt

2013-10-22 21:15 - 2013-10-22 21:15 - 00013610 _____ C:\Windows\PFRO.log

2013-10-22 20:59 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-22 20:59 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-22 20:59 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-22 20:49 - 2013-10-23 08:37 - 00000650 _____ C:\FixitRegBackup.reg

2013-10-22 20:41 - 2013-10-22 21:33 - 00000000 ____D C:\Qoobox

2013-10-22 20:40 - 2013-10-22 21:29 - 00000000 ____D C:\Windows\erdnt

2013-10-22 20:37 - 2013-10-22 20:38 - 05136138 ____R (Swearware) C:\Users\Harlequin Haven\Desktop\ComboFix.exe

2013-10-20 18:51 - 2013-10-23 11:30 - 00000840 _____ C:\Windows\setupact.log

2013-10-20 18:51 - 2013-10-20 18:51 - 00000000 _____ C:\Windows\setuperr.log

2013-10-20 18:23 - 2013-10-20 18:24 - 06858592 _____ (Xobni) C:\Users\Harlequin Haven\Desktop\XobniSetup.exe

2013-10-20 18:21 - 2013-10-20 18:21 - 00000146 _____ C:\Users\Harlequin Haven\Desktop\fixing outlook.txt

2013-10-20 18:03 - 2013-10-20 18:05 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\malwarebytes_suppl_log_files

2013-10-20 18:02 - 2013-10-20 18:02 - 00001231 _____ C:\Users\Harlequin Haven\Desktop\Microsoft Outlook.lnk

2013-10-20 18:02 - 2013-10-20 18:02 - 00000151 _____ C:\Users\Harlequin Haven\Desktop\Paying customer -- Contact Support via email.txt

2013-10-20 16:59 - 2013-10-20 16:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-20 16:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-20 16:52 - 2013-10-20 16:52 - 00009574 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_165248.reg

2013-10-20 16:09 - 2013-10-20 16:34 - 00000335 _____ C:\local.conf

2013-10-20 16:06 - 2013-10-20 16:06 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys

2013-10-20 16:05 - 2013-10-20 16:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37EE5C39.sys

2013-10-20 15:13 - 2013-10-20 15:13 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\TuneUp Software

2013-10-20 15:11 - 2013-10-22 21:15 - 00000000 ____D C:\ProgramData\AVG2014

2013-10-20 15:03 - 2013-10-20 15:03 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\MFAData

2013-10-20 14:35 - 2013-10-20 14:35 - 00007688 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_143448.reg

2013-10-20 13:48 - 2013-10-20 13:48 - 00085832 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_134817.reg

2013-10-20 13:26 - 2013-10-20 13:26 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-10-20 13:26 - 2013-10-20 13:26 - 00000000 ____D C:\Program Files\CCleaner

2013-10-20 13:20 - 2013-10-23 11:28 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-10-20 12:26 - 2013-10-20 12:26 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\AVAST Software

2013-10-20 12:25 - 2013-10-23 10:12 - 00000034 _____ C:\Windows\AvastEmUpdate.ini

2013-10-20 12:24 - 2013-10-20 12:24 - 00003206 _____ C:\Windows\System32\Tasks\{17174424-5CF8-4DEF-82DD-1361635490F6}

2013-10-20 12:22 - 2013-10-20 14:36 - 00000000 ____D C:\ProgramData\AVAST Software

2013-10-20 12:15 - 2013-10-20 18:05 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\software

2013-10-20 12:14 - 2013-10-20 13:23 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts_PTbackup2.bak

2013-10-20 12:00 - 2013-10-20 13:06 - 00000940 _____ C:\Users\Harlequin Haven\Desktop\pc_tuneup_2013-10-20.txt

2013-10-20 11:59 - 2013-10-20 11:59 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2013-10-18 21:03 - 2013-10-23 15:03 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForHarlequin Haven.job

2013-10-18 21:03 - 2013-10-18 21:03 - 00003246 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHarlequin Haven

2013-10-18 08:45 - 2013-10-20 13:08 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2014

2013-10-18 08:45 - 2013-10-18 08:45 - 00000024 ___SH C:\Users\Harlequin Haven\AppData\Roaming\System5908ConfigCollection.dat

2013-10-18 08:45 - 2013-10-18 08:45 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014

2013-10-17 22:20 - 2013-10-17 22:20 - 00000000 ____D C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000

2013-10-17 22:19 - 2013-10-17 22:19 - 01440846 _____ C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-10-17 21:43 - 2013-10-23 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-17 21:38 - 2013-10-17 21:39 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007 (1).exe

2013-10-17 21:27 - 2013-10-17 21:29 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007.exe

2013-10-17 17:27 - 2013-10-17 17:27 - 00000000 ____D C:\Program Files\Western Digital

2013-10-10 03:49 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-10 03:49 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 03:49 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-10 03:48 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-10 03:48 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-10 03:48 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 03:48 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 03:48 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 03:48 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 03:48 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 03:48 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-09 13:14 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 13:14 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 13:14 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 13:14 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 13:14 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 13:14 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 13:14 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-09 13:14 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 13:14 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 13:14 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 13:14 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 13:14 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 13:14 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 13:14 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 13:14 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-09 13:14 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 13:14 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 13:14 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 13:14 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 13:14 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 13:14 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 13:14 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 13:14 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 13:14 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 13:14 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 13:14 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 13:14 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 13:14 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 13:13 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 13:13 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 13:13 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 13:13 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 13:13 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 13:13 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 13:13 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 13:13 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 13:13 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 13:13 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 13:13 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 13:13 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 13:13 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 13:13 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 13:13 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 13:13 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 13:13 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 13:13 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 13:13 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 13:13 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 13:07 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-07 19:23 - 2013-10-07 19:23 - 05549056 _____ C:\Users\Harlequin Haven\Documents\Samson's Vet Record for the year Photos.msg

==================== One Month Modified Files and Folders =======

2013-10-23 17:10 - 2013-10-23 17:10 - 00000000 ____D C:\FRST

2013-10-23 17:09 - 2013-10-23 17:08 - 01955374 _____ (Farbar) C:\Users\Harlequin Haven\Desktop\FRST64.exe

2013-10-23 17:06 - 2013-10-23 17:06 - 00000389 _____ C:\Users\Harlequin Haven\Desktop\threats found.txt

2013-10-23 16:49 - 2010-08-30 22:31 - 01227566 _____ C:\Windows\WindowsUpdate.log

2013-10-23 16:36 - 2010-08-30 21:40 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-23 16:18 - 2012-04-01 16:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-23 15:03 - 2013-10-18 21:03 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForHarlequin Haven.job

2013-10-23 12:41 - 2013-10-23 12:41 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-23 12:22 - 2013-08-15 03:49 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat

2013-10-23 11:41 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-23 11:41 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-23 11:33 - 2013-10-23 11:01 - 00000000 ____D C:\AdwCleaner

2013-10-23 11:32 - 2010-08-30 21:41 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2013-10-23 11:30 - 2013-10-20 18:51 - 00000840 _____ C:\Windows\setupact.log

2013-10-23 11:30 - 2010-08-30 21:40 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-23 11:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-23 11:28 - 2013-10-20 13:20 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-10-23 11:00 - 2012-04-17 10:46 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Outlook Files

2013-10-23 10:50 - 2009-07-14 01:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-23 10:39 - 2013-10-23 10:39 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\abzutsfs.sys

2013-10-23 10:12 - 2013-10-20 12:25 - 00000034 _____ C:\Windows\AvastEmUpdate.ini

2013-10-23 10:08 - 2013-10-23 10:08 - 01060070 _____ C:\Users\Harlequin Haven\Desktop\AdwCleaner.exe

2013-10-23 09:58 - 2012-01-15 03:29 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{890221EF-523D-4963-9CD4-95741D4DC679}

2013-10-23 09:46 - 2009-07-14 01:13 - 00783290 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-23 09:33 - 2013-10-23 09:33 - 00003618 _____ C:\Users\Harlequin Haven\Desktop\JRT.txt

2013-10-23 09:26 - 2013-10-23 09:26 - 00000000 ____D C:\Windows\ERUNT

2013-10-23 09:11 - 2013-10-17 21:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-23 08:38 - 2013-10-23 08:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-23 08:37 - 2013-10-22 20:49 - 00000650 _____ C:\FixitRegBackup.reg

2013-10-23 07:53 - 2010-08-30 21:38 - 00000000 ____D C:\Program Files\MyDefrag v4.2.9

2013-10-22 21:33 - 2013-10-22 20:41 - 00000000 ____D C:\Qoobox

2013-10-22 21:33 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default

2013-10-22 21:32 - 2013-10-22 21:32 - 00027584 _____ C:\ComboFix.txt

2013-10-22 21:29 - 2013-10-22 20:40 - 00000000 ____D C:\Windows\erdnt

2013-10-22 21:17 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini

2013-10-22 21:15 - 2013-10-22 21:15 - 00013610 _____ C:\Windows\PFRO.log

2013-10-22 21:15 - 2013-10-20 15:11 - 00000000 ____D C:\ProgramData\AVG2014

2013-10-22 21:15 - 2011-07-14 18:49 - 00000000 ____D C:\ProgramData\MFAData

2013-10-22 20:57 - 2011-07-14 19:36 - 00000000 ____D C:\Program Files (x86)\AVG

2013-10-22 20:38 - 2013-10-22 20:37 - 05136138 ____R (Swearware) C:\Users\Harlequin Haven\Desktop\ComboFix.exe

2013-10-22 16:46 - 2010-09-02 18:19 - 00000000 ____D C:\Users\Harlequin Haven\Documents\important junk

2013-10-22 08:12 - 2013-04-21 10:31 - 00000000 ____D C:\ProgramData\firebird

2013-10-22 08:12 - 2010-09-02 16:32 - 00000000 ____D C:\Users\Harlequin Haven\Documents\MailStore Home

2013-10-21 23:57 - 2013-01-06 19:02 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2013_applications

2013-10-20 20:27 - 2013-06-25 13:59 - 00000000 ____D C:\Users\Harlequin Haven\Documents\1_recipes

2013-10-20 18:56 - 2011-06-17 17:09 - 00000590 _____ C:\Users\Harlequin Haven\AppData\Local\xobni_installer_updater.log

2013-10-20 18:51 - 2013-10-20 18:51 - 00000000 _____ C:\Windows\setuperr.log

2013-10-20 18:44 - 2011-06-17 17:09 - 00000000 ____D C:\Program Files (x86)\Xobni

2013-10-20 18:24 - 2013-10-20 18:23 - 06858592 _____ (Xobni) C:\Users\Harlequin Haven\Desktop\XobniSetup.exe

2013-10-20 18:21 - 2013-10-20 18:21 - 00000146 _____ C:\Users\Harlequin Haven\Desktop\fixing outlook.txt

2013-10-20 18:05 - 2013-10-20 18:03 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\malwarebytes_suppl_log_files

2013-10-20 18:05 - 2013-10-20 12:15 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\software

2013-10-20 18:02 - 2013-10-20 18:02 - 00001231 _____ C:\Users\Harlequin Haven\Desktop\Microsoft Outlook.lnk

2013-10-20 18:02 - 2013-10-20 18:02 - 00000151 _____ C:\Users\Harlequin Haven\Desktop\Paying customer -- Contact Support via email.txt

2013-10-20 17:57 - 2010-09-10 06:13 - 00000000 ____D C:\ProgramData\Recovery

2013-10-20 16:59 - 2013-10-20 16:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-20 16:52 - 2013-10-20 16:52 - 00009574 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_165248.reg

2013-10-20 16:43 - 2010-07-24 17:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-10-20 16:34 - 2013-10-20 16:09 - 00000335 _____ C:\local.conf

2013-10-20 16:06 - 2013-10-20 16:06 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys

2013-10-20 16:05 - 2013-10-20 16:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37EE5C39.sys

2013-10-20 15:13 - 2013-10-20 15:13 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\TuneUp Software

2013-10-20 15:03 - 2013-10-20 15:03 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\MFAData

2013-10-20 14:36 - 2013-10-20 12:22 - 00000000 ____D C:\ProgramData\AVAST Software

2013-10-20 14:35 - 2013-10-20 14:35 - 00007688 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_143448.reg

2013-10-20 13:48 - 2013-10-20 13:48 - 00085832 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_134817.reg

2013-10-20 13:47 - 2010-09-01 17:29 - 00000000 ____D C:\ProgramData\PCPitstop

2013-10-20 13:38 - 2010-09-02 15:17 - 00000000 ___DC C:\Users\Harlequin Haven\AppData\Local\MigWiz

2013-10-20 13:38 - 2009-07-24 15:22 - 00000000 ____D C:\Windows\Panther

2013-10-20 13:26 - 2013-10-20 13:26 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-10-20 13:26 - 2013-10-20 13:26 - 00000000 ____D C:\Program Files\CCleaner

2013-10-20 13:23 - 2013-10-20 12:14 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts_PTbackup2.bak

2013-10-20 13:08 - 2013-10-18 08:45 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2014

2013-10-20 13:06 - 2013-10-20 12:00 - 00000940 _____ C:\Users\Harlequin Haven\Desktop\pc_tuneup_2013-10-20.txt

2013-10-20 12:27 - 2011-02-01 14:09 - 00001945 _____ C:\Windows\epplauncher.mif

2013-10-20 12:26 - 2013-10-20 12:26 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\AVAST Software

2013-10-20 12:24 - 2013-10-20 12:24 - 00003206 _____ C:\Windows\System32\Tasks\{17174424-5CF8-4DEF-82DD-1361635490F6}

2013-10-20 12:14 - 2009-07-13 22:34 - 00575472 _____ C:\Windows\system32\Drivers\etc\hosts_PTBackup.bak

2013-10-20 11:59 - 2013-10-20 11:59 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2013-10-20 11:59 - 2010-09-01 17:26 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Notepad++

2013-10-20 11:59 - 2010-09-01 17:26 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-10-19 07:24 - 2012-11-08 15:47 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2013_newsetter

2013-10-19 07:17 - 2010-09-02 18:55 - 00000000 ____D C:\Users\Harlequin Haven\Documents\turnout info

2013-10-18 21:03 - 2013-10-18 21:03 - 00003246 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHarlequin Haven

2013-10-18 21:02 - 2010-09-01 14:25 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\HP Support Assistant

2013-10-18 21:02 - 2010-08-31 20:37 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\HpUpdate

2013-10-18 19:58 - 2012-01-21 15:32 - 00035328 _____ C:\Users\Harlequin Haven\Documents\black_mcsweeney.xls

2013-10-18 08:45 - 2013-10-18 08:45 - 00000024 ___SH C:\Users\Harlequin Haven\AppData\Roaming\System5908ConfigCollection.dat

2013-10-18 08:45 - 2013-10-18 08:45 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014

2013-10-17 22:20 - 2013-10-17 22:20 - 00000000 ____D C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000

2013-10-17 22:19 - 2013-10-17 22:19 - 01440846 _____ C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-10-17 21:55 - 2013-06-07 19:04 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2013_donation_letters

2013-10-17 21:39 - 2013-10-17 21:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007 (1).exe

2013-10-17 21:29 - 2013-10-17 21:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007.exe

2013-10-17 17:28 - 2013-05-19 10:55 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-17 17:27 - 2013-10-17 17:27 - 00000000 ____D C:\Program Files\Western Digital

2013-10-17 17:27 - 2013-05-19 10:56 - 00000000 ____D C:\Program Files\Common Files\Western Digital

2013-10-17 17:27 - 2013-05-19 10:29 - 00000000 ____D C:\Program Files (x86)\Western Digital

2013-10-17 07:13 - 2010-12-26 09:42 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2011_applications

2013-10-17 06:24 - 2011-06-17 14:43 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\Corel

2013-10-16 18:16 - 2010-09-02 18:19 - 00000000 ____D C:\Users\Harlequin Haven\Documents\HHGDR Files

2013-10-16 10:07 - 2010-09-02 18:11 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Dog Stories

2013-10-13 11:13 - 2013-09-20 11:33 - 00049152 _____ C:\Users\Harlequin Haven\Documents\2013_auction.xls

2013-10-12 22:31 - 2010-08-30 21:40 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-12 22:31 - 2010-08-30 21:40 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-12 16:38 - 2011-06-17 14:59 - 00002828 ___SH C:\ProgramData\KGyGaAvL.sys

2013-10-12 16:38 - 2011-06-17 14:43 - 00000000 ____D C:\Users\Harlequin Haven\Documents\My PSP Files

2013-10-10 18:08 - 2010-09-02 18:54 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Phonelist

2013-10-10 09:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-10-10 04:23 - 2009-07-14 00:45 - 03042784 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-10 04:22 - 2012-08-14 17:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 04:22 - 2012-08-14 17:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 03:56 - 2011-06-17 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-10 03:37 - 2010-09-06 15:58 - 00777014 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-10 03:24 - 2013-08-15 03:05 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 03:14 - 2010-09-01 20:17 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 06:19 - 2012-04-01 16:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 06:19 - 2012-04-01 16:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 06:19 - 2011-05-17 12:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-08 16:21 - 2013-04-21 13:34 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\Xobni

2013-10-08 10:02 - 2010-09-02 18:11 - 00000000 ____D C:\Users\Harlequin Haven\Documents\blood work

2013-10-08 09:55 - 2010-09-02 18:20 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Mozart_art

2013-10-07 19:23 - 2013-10-07 19:23 - 05549056 _____ C:\Users\Harlequin Haven\Documents\Samson's Vet Record for the year Photos.msg

2013-10-03 19:35 - 2012-01-11 17:16 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2012_applications

2013-09-30 11:05 - 2010-08-30 22:33 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

2013-09-26 14:49 - 2013-01-29 14:17 - 00024064 _____ C:\Users\Harlequin Haven\Documents\2013_medical_taxes.xls

2013-09-23 18:33 - 2010-08-30 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-23 09:36 - 2012-03-08 19:28 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2012 donor_letters

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-21 00:25

==================== End Of Log ============================

hhdanemom · October 23, 2013

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2013

Ran by Harlequin Haven at 2013-10-23 17:11:25

Running from C:\Users\Harlequin Haven\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat 9 Pro (x32 Version: 9.5.5)

Adobe Acrobat 9.5.5 - CPSID_83708 (x32)

Adobe AIR (x32 Version: 3.8.0.1430)

Adobe Anchor Service CS4 (x32 Version: 2.0)

Adobe Anchor Service x64 CS4 (Version: 2.0)

Adobe Bridge CS4 (x32 Version: 3)

Adobe CMaps CS4 (x32 Version: 2.0)

Adobe CMaps x64 CS4 (Version: 2.0)

Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)

Adobe Color EU Extra Settings CS4 (x32 Version: 2.0)

Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)

Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0)

Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)

Adobe CSI CS4 (x32 Version: 1)

Adobe CSI CS4 x64 (Version: 1)

Adobe Default Language CS4 (x32 Version: 2.0)

Adobe Drive CS4 x64 (Version: 1)

Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Fonts All (x32 Version: 2.0)

Adobe Fonts All x64 (Version: 2.0)

Adobe Linguistics CS4 (x32 Version: 4.0.0)

Adobe Linguistics CS4 x64 (Version: 4.0.0)

Adobe Media Player (x32 Version: 1.1)

Adobe Output Module (x32 Version: 2.0)

Adobe PDF Library Files CS4 (x32 Version: 9.0)

Adobe PDF Library Files x64 CS4 (Version: 9.0)

Adobe Photoshop CS4 (64 Bit) (Version: 11.0)

Adobe Photoshop CS4 (x32 Version: 11.0)

Adobe Photoshop CS4 Support (x32 Version: 11.0)

Adobe Search for Help (x32 Version: 1.0)

Adobe Service Manager Extension (x32 Version: 1.0)

Adobe Setup (x32 Version: 2.0)

Adobe Type Support CS4 (x32 Version: 9.0)

Adobe Type Support x64 CS4 (Version: 9.0)

Adobe Update Manager CS4 (x32 Version: 6.0.0)

Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)

Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)

Adobe XMP Panels CS4 (x32 Version: 2.0)

AdobeColorCommonSetCMYK (x32 Version: 2.0)

AdobeColorCommonSetRGB (x32 Version: 2.0)

Advanced Audio FX Engine (x32 Version: 1.12.05)

Apple Application Support (x32 Version: 2.3)

Apple Software Update (x32 Version: 2.1.3.127)

Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270)

CCleaner (Version: 4.06)

CinemaNow Media Manager (x32 Version: 1.9.1.105)

Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)

Connect (x32 Version: 1.0.0.1)

Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000)

Corel PaintShop Photo Pro X3 (x32 Version: 1.6.1.263)

Creative Element Power Tools (x32 Version: 3.0.6)

CyberLink DVD Suite Deluxe (x32 Version: 7.0.2712)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Dell Webcam Central (x32 Version: 1.40.05)

DHTML Editing Component (x32 Version: 6.02.0001)

DriveImage XML (Private Edition) (x32 Version: 2.14)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715)

ESET Online Scanner v3 (x32)

Google Apps (x32 Version: 1.2.279.2381)

Google Chrome (x32 Version: 65.61.49249)

Google Desktop (x32 Version: 5.9.1005.12335)

Google Earth (x32 Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

Google Updater (x32 Version: 2.4.2432.1652)

GroupMail :: Personal Edition (x32 Version: 5.3.0.136)

Hardware Diagnostic Tools (Version: 6.0.5418.39)

Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)

HP Advisor (x32 Version: 3.4.12850.3526)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP FWUpdateEDO2 (x32 Version: 1.2.0.0)

HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)

HP MediaSmart DVD (x32 Version: 4.0.3902)

HP MediaSmart Music (x32 Version: 4.0.3910)

HP MediaSmart Photo (x32 Version: 4.0.3911)

HP MediaSmart SmartMenu (Version: 3.1.1.12)

HP MediaSmart Video (x32 Version: 4.0.3911)

HP Odometer (x32 Version: 2.10.0000)

HP Officejet 6700 Basic Device Software (Version: 25.0.619.0)

HP Officejet 6700 Help (x32 Version: 140.0.2.2)

HP Setup (x32 Version: 1.2.4048.3310)

HP Support Information (x32 Version: 10.1.0002)

HP Update (x32 Version: 5.003.001.001)

HPDiagnosticAlert (x32 Version: 1.00.0000)

I.R.I.S. OCR (x32 Version: 12.3.4.0)

ICA (x32 Version: 1.6.1.263)

IPM_PSP_CL (x32 Version: 1.00.0000)

IPM_PSP_COM (x32 Version: 1.00.0000)

Ipswitch WS_FTP 12 (x32 Version: 12.2)

jv16 PowerTools 2012 (x32 Version: )

jv16 PowerTools 2014 (x32 Version: )

kuler (x32 Version: 2.0)

LabelPrint (x32 Version: 2.5.2610)

LightScribe System Software (x32 Version: 1.18.11.1)

MailStore Home 8.1.0.9075 (x32 Version: 8.1.0.9075)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Metron (x32 Version: 6.11)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Expression Design 4 (x32 Version: 7.0.20516.0)

Microsoft Expression Encoder 4 (x32 Version: 4.0.1639.0)

Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1639.0)

Microsoft Expression Web 4 (x32 Version: 4.0.1303.0)

Microsoft Expression Web 4 Service Pack 2 (x32)

Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access database engine 2007 (English) (x32 Version: 12.0.6612.1000)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Streets & Trips 2010 (x32 Version: 17.0.19.2900)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable Package (x32 Version: 1.0.0)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Microsoft_VC90_CRT_x86 (x32 Version: 1.0.0)

Monitor Webcam Driver (1.01.02.0804)

Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

muvee Reveal Seagate Edition (x32 Version: 7.0.41.11017)

MyDefrag v4.2.9 (Version: 4.0.0.0)

Notepad++ (x32 Version: 6.5)

PDF Settings CS4 (x32 Version: 9.0)

PhotoNow! (x32 Version: 1.1.6904)

Photoshop Camera Raw (x32 Version: 5.0)

Photoshop Camera Raw_x64 (Version: 5.0)

Picasa 3 (x32 Version: 3.9)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Power2Go (x32 Version: 6.1.3810)

PowerDirector (x32 Version: 8.0.2704)

PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)

PSPPContent (x32 Version: 1.00.0000)

PSPPRO_DCRAW (x32 Version: 13.0.0)

RadiAnt DICOM Viewer (64-bit) (x32 Version: 1.0.4.4439)

RAIDXpert (x32 Version: 3.2.1540.10)

Ralink RT2860 Wireless LAN Card (x32)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130)

Recovery Manager (x32 Version: 5.5.2719)

Roxio CinemaNow 2.0 (x32 Version: 1.0.262)

Setup (x32 Version: 1.6.1.263)

Spinco Download Manager (x32 Version: 1.0.0)

SpywareBlaster 5.0 (x32 Version: 5.0.0)

Suite Shared Configuration CS4 (x32 Version: 1.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)

WD Drive Utilities (x32 Version: 1.0.3.3)

WD Quick View (x32 Version: 2.2.0.8)

WD SmartWare (Version: 2.2.0.8)

WD SmartWare Installer (x32 Version: 2.2.0.8)

Xobni (x32 Version: 2.0.4.13745)

Xobni Core (x32 Version: 1.0.0)

==================== Restore Points =========================

23-10-2013 12:22:05 Installed Microsoft Fix it 50535

23-10-2013 12:36:19 Installed Microsoft Fix it 50535

23-10-2013 14:04:34 Windows Update

23-10-2013 14:05:18 avast! antivirus system restore point

23-10-2013 14:11:01 avast! antivirus system restore point

23-10-2013 14:30:57 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-10-22 21:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0226E1C3-BEC7-47DE-AE93-0253E941132C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)

Task: {0B2045D6-A8FF-415D-959C-06CFA885FD1E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe

Task: {1BABDE22-854C-4493-BD69-634F0DE96DE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {28D9DFCC-9BDB-4530-81CE-DB72E361687D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()

Task: {36FA5ADA-2011-46CE-BDD7-FC9F93B715AB} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

Task: {3A2B07F8-43A3-4683-ACDE-6CD90675DCC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {3C8BB952-23DA-47E2-8465-7D4A300FA199} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {3CE70D8F-AB34-43A1-8CCD-C7C83DC657D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {659BEB22-838E-4294-AE53-5364E2DB2719} - System32\Tasks\HPCeeScheduleForHarlequin Haven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {726C6D0F-22DF-491D-A870-45CBD241C7F3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {73B3B03E-C7EE-439E-8BD4-ED0711D30659} - System32\Tasks\MyDefrag v4.2.9 Daily => C:\Program Files\MyDefrag v4.2.9\Scripts\OptimizeDaily.MyD [2009-12-25] ()

Task: {7A565075-1008-4367-885F-4638B82E7B77} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1023100906-4222923350-201167260-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {7A9DE0DC-8FFD-434A-BB5D-0988AE564581} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)

Task: {7B9CE53A-3390-4FBA-8625-08DE895217DA} - System32\Tasks\SpywareBlaster AutoUpdate => C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe [2013-03-01] ()

Task: {7BD60636-D21F-4911-B421-31B77929A9FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-01-23] (Microsoft)

Task: {7C8E7EAA-2F5C-4687-A8DC-CDD126E83DD7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe

Task: {7F840F1C-7D06-47DC-903B-D945AE472DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {991681BB-1292-4E36-9D8D-77DE4AA979C5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1999-12-31] (Microsoft Corporation)

Task: {9F4380F6-06A3-4369-83B7-A9520C24FF1C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe

Task: {A2F47E53-DA6B-44AB-9F32-EC90617BAC7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)

Task: {A6B2A3F0-F7B2-429E-B6F1-01BCFDC0EAF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B479AC4D-F48E-45A4-9043-4C15706B24E2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1023100906-4222923350-201167260-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {C8FFD5BA-8D6F-4D23-8679-053F38B7ACAF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1999-12-31] (Microsoft Corporation)

Task: {D13C83CC-AAD3-4084-8732-53C894A97537} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)

Task: {D6883784-B867-473F-8C2D-61F33A6D77D4} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11] (Google)

Task: {EB7955F9-E930-4872-A271-862975EBF78E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForHarlequin Haven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2010-09-02 18:18 - 2010-06-30 13:39 - 03071608 _____ () C:\Program Files\ipswitch\WS_FTP 12\res0409.dll

2009-12-16 02:44 - 2009-12-16 02:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll

2010-09-02 18:18 - 2010-06-30 13:34 - 00948496 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\LIBEAY32.dll

2010-09-02 18:18 - 2010-06-30 13:34 - 00153360 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\SSLEAY32.dll

2010-09-02 18:18 - 2010-06-30 13:39 - 03073144 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\res0409.dll

2009-09-13 20:06 - 2011-06-17 12:52 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll

2011-07-18 17:07 - 2011-07-18 17:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

2011-09-21 16:46 - 2011-09-21 16:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

2008-11-11 13:48 - 2008-11-11 13:48 - 00074240 _____ () C:\Program Files (x86)\Notepad++\plugins\NppNetNote.dll

2007-08-04 21:10 - 2007-08-04 21:10 - 00250368 _____ () C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2010-08-30 21:41 - 2010-01-28 20:34 - 00417792 _____ () C:\Program Files (x86)\SpywareBlaster\SQLite3SB.dll

2013-10-17 17:03 - 2013-10-08 20:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll

2013-10-17 17:03 - 2013-10-08 20:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll

2013-10-17 17:03 - 2013-10-08 20:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll

2013-10-17 17:03 - 2013-10-08 20:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll

2013-10-17 17:03 - 2013-10-08 20:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/23/2013 00:28:32 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/23/2013 00:28:31 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/23/2013 00:22:10 PM) (Source: Application Error) (User: )

Description: Faulting application name: WDBackupEngine.exe, version: 2.0.0.15, time stamp: 0x520b9c0c

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116

Exception code: 0xe0434352

Fault offset: 0x0000c41f

Faulting process id: 0xca8

Faulting application start time: 0xWDBackupEngine.exe0

Faulting application path: WDBackupEngine.exe1

Faulting module path: WDBackupEngine.exe2

Report Id: WDBackupEngine.exe3

Error: (10/23/2013 00:22:07 PM) (Source: .NET Runtime) (User: )

Description: Application: WDBackupEngine.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.OutOfMemoryException

Stack:

at System.Threading.ExecutionContext.CreateCopy()

at System.Threading._TimerCallback.PerformTimerCallback(System.Object)

Error: (10/23/2013 10:41:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/23/2013 10:41:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/23/2013 10:40:50 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/23/2013 10:40:49 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/23/2013 10:31:21 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary uvjsthjp.

System Error:

The system cannot find the file specified.

.

Error: (10/23/2013 10:25:15 AM) (Source: Application Error) (User: )

Description: Faulting application name: AvastUI.exe, version: 9.0.2006.159, time stamp: 0x525c2451

Faulting module name: AvastUI.exe, version: 9.0.2006.159, time stamp: 0x525c2451

Exception code: 0xc0000005

Fault offset: 0x000b7c6b

Faulting process id: 0xc78

Faulting application start time: 0xAvastUI.exe0

Faulting application path: AvastUI.exe1

Faulting module path: AvastUI.exe2

Report Id: AvastUI.exe3

System errors:

=============

Error: (10/23/2013 00:22:26 PM) (Source: Service Control Manager) (User: )

Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (10/23/2013 11:25:35 AM) (Source: DCOM) (User: )

Description: 1068WDBackup{59484148-65C9-4467-A092-3F8380023772}

Error: (10/23/2013 11:25:35 AM) (Source: DCOM) (User: )

Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73}

Error: (10/23/2013 11:25:00 AM) (Source: Service Control Manager) (User: )