Jump to content

Can't enable website blocking


Recommended Posts

I posted in the below Help forum because I couldn't check the "enable malicious website blocking" part of protection. I was told possibly infected and to move query over here to ask for help. I'm pasting in the requested logs below.

Old thread: https://forums.malwarebytes.org/index.php?showtopic=135199#entry744568

-- Hi I have been using Pro for sometime but on Thurs I noticed that my blue icon is now grey and I cannot check off to enable website blocking. Everything else seems to work, but I am concerned. I have run Chameleon and Anti-Rootkit and they seem to have come up clean. I have uninstalled and reinstalled, and many reboots, but still cannot check that box!.
 
On Thursday nite I submitted my problem to the "Paying customer -- Contact Support via email" but have received no reply (It's now Sunday evening). I am not able to do what I need to do on this computer because I'm afraid there is a malware problem since when I search on this problem those are the results that most often come up.
 
I was using MSE along with Pro, but today changed to AVG.
 
thanks for any good advice I can get!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720
Run by Harlequin Haven at 17:17:33 on 2013-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5880.2394 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe
C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Creative Element Power Tools\Startup.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\deepinvent\MailStore Home\MailStoreHome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Streets & Trips 2010\StreetsOlkShim.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRunOnce: [ (A0)] cmd /c "C:\Users\Harlequin Haven\Desktop\software\mbar\mbar.exe" /rdv /s
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\HARLEQ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Creative Element Power Tools Startup.lnk - C:\Program Files (x86)\Creative Element Power Tools\Startup.exe
StartupFolder: C:\Users\HARLEQ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{4DFAA3EC-847A-4646-880E-104273B15845} : DHCPNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 wdcs.trendmicro.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1  metrics.bitdefender.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-20 13:29; wrc@avast.com; C:\PROGRA~1\AVAST Software\Avast\WebRep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-5-18 231224]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\48230029.sys [2013-10-20 116440]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-12 203264]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-25 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-20 701512]
R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [2010-6-17 206120]
R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [2010-6-17 185640]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-8-14 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-8-14 270704]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2012-4-9 62184]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-2 172704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-20 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-7-24 852256]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2007-6-8 219544]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2008-6-3 168864]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2008-8-1 306560]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-4-21 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-24 346144]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-17 46136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-18 1038088]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-6-12 30192]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-21 19456]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-4-21 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-21 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-31 1255736]
SUnknown mbamchameleon;mbamchameleon; [x]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.
=============== Created Last 30 ================
.
2013-10-20 20:59:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-20 20:59:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 20:06:01 116440 ----a-w- C:\Windows\System32\drivers\48230029.sys
2013-10-20 20:05:23 91352 ----a-w- C:\Windows\System32\drivers\37EE5C39.sys
2013-10-20 19:14:35 -------- d-----w- C:\Users\Harlequin Haven\AppData\Roaming\AVG2014
2013-10-20 19:13:48 -------- d-----w- C:\Users\Harlequin Haven\AppData\Roaming\TuneUp Software
2013-10-20 19:11:23 -------- d-----w- C:\ProgramData\AVG2014
2013-10-20 19:03:57 -------- d-----w- C:\Users\Harlequin Haven\AppData\Local\MFAData
2013-10-20 19:03:57 -------- d-----w- C:\Users\Harlequin Haven\AppData\Local\Avg2014
2013-10-20 18:37:50 -------- d-----w- C:\Program Files\AVAST Software
2013-10-20 17:26:18 -------- d-----w- C:\Program Files\CCleaner
2013-10-20 16:26:48 -------- d-----w- C:\Users\Harlequin Haven\AppData\Roaming\AVAST Software
2013-10-20 16:22:36 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-18 12:45:44 24 --sha-w- C:\Users\Harlequin Haven\AppData\Roaming\1D959CA221C7573.sys
2013-10-18 12:45:30 -------- d-----w- C:\Program Files (x86)\jv16 PowerTools 2014
2013-10-18 01:43:19 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-17 21:27:10 -------- d-----w- C:\Program Files\Western Digital
2013-10-10 07:49:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-10 07:49:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-09 17:14:16 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 17:13:59 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-09 17:07:21 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 17:07:21 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-09 17:07:21 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-09 17:07:21 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-09 17:07:21 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-09 17:07:21 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-09 17:07:21 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-26 13:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
2013-09-26 01:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-09-23 22:33:36 271256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
==================== Find3M  ====================
.
2013-10-12 20:38:43 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-10-09 10:19:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 10:19:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-09 02:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-02 14:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 14:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-09-02 14:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 14:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-21 02:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 20:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2012-11-14 11:05:55 34693120 ----a-w- C:\Program Files (x86)\GUTECD1.tmp
.
============= FINISH: 17:18:07.02 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/30/2010 10:32:29 PM
System Uptime: 10/20/2013 4:07:56 PM (1 hours ago)
.
Motherboard: FOXCONN |  | 2A92 
Processor: AMD Athlon II X4 635 Processor | CPU 1 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 738.199 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.415 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 1863 GiB total, 1270.638 GiB free.
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP945: 10/19/2013 8:20:00 PM - Scheduled Checkpoint
RP946: 10/20/2013 12:23:12 PM - avast! antivirus system restore point
RP947: 10/20/2013 12:58:05 PM - Removed HP MediaSmart/TouchSmart Netflix
RP948: 10/20/2013 12:59:47 PM - Removed HP Officejet 6700 Product Improvement Study
RP949: 10/20/2013 1:01:49 PM - Removed Spinco Download Manager
RP950: 10/20/2013 1:28:26 PM - avast! antivirus system restore point
RP951: 10/20/2013 2:20:55 PM - Removed QuickTime
RP952: 10/20/2013 2:37:00 PM - avast! antivirus system restore point
RP953: 10/20/2013 3:10:15 PM - Installed AVG 2014
RP954: 10/20/2013 3:10:44 PM - Installed AVG 2014
RP955: 10/20/2013 4:41:11 PM - Configured HP
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1  wdcs.trendmicro.com
Hosts: 127.0.0.1  ads.bleepingcomputer.com
Hosts: 127.0.0.1  ox-d.majorgeeks.com
Hosts: 127.0.0.1  metrics.mcafee.com
Hosts: 127.0.0.1  metrics.bitdefender.com
Hosts: 127.0.0.1  analytics.microsoft.com
Hosts: 127.0.0.1  ads.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
AVG 2014
Catalyst Control Center InstallProxy
CCleaner
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Connect
Corel PaintShop Photo Pro X3
Creative Element Power Tools
CyberLink DVD Suite Deluxe
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Webcam Central
DHTML Editing Component
DriveImage XML (Private Edition)
DVD Menu Pack for HP MediaSmart Video
Google Apps
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GroupMail :: Personal Edition
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP FWUpdateEDO2
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP Odometer
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Setup
HP Support Information
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
ICA
IPM_PSP_CL
IPM_PSP_COM
Ipswitch WS_FTP 12
jv16 PowerTools 2012
jv16 PowerTools 2014
kuler
LabelPrint
LightScribe System Software
MailStore Home 8.1.0.9075
Malwarebytes Anti-Malware version 1.75.0.1300
Metron
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC90_CRT_x86
Monitor Webcam Driver (1.01.02.0804)  
Mozilla Firefox 24.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
muvee Reveal Seagate Edition
MyDefrag v4.2.9
Notepad++
PDF Settings CS4
PhotoNow!
Photoshop Camera Raw
Photoshop Camera Raw_x64
Picasa 3
PlayReady PC Runtime amd64
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
PSPPContent
PSPPRO_DCRAW
RadiAnt DICOM Viewer (64-bit)
RAIDXpert
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Setup
Spinco Download Manager
SpywareBlaster 5.0
Suite Shared Configuration CS4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WD Drive Utilities
WD Quick View
WD SmartWare
WD SmartWare Installer
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
10/20/2013 6:15:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.294.0).
10/20/2013 6:14:49 AM, Error: Microsoft Antimalware [2001]  - 
10/20/2013 6:14:46 AM, Error: Service Control Manager [7003]  - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
10/20/2013 6:14:46 AM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
10/20/2013 4:09:42 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/20/2013 4:09:42 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/20/2013 4:09:40 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
10/20/2013 4:05:23 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
10/20/2013 3:36:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}
10/20/2013 3:36:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {59484148-65C9-4467-A092-3F8380023772}
10/20/2013 3:35:42 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
10/20/2013 3:35:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/20/2013 3:35:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/20/2013 3:35:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/20/2013 3:35:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/20/2013 3:35:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/20/2013 3:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/20/2013 3:35:17 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiska Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/20/2013 3:35:14 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2013 3:19:19 PM, Error: Service Control Manager [7024]  - The AVG Firewall service terminated with service-specific error %%-536805289.
10/20/2013 2:14:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/20/2013 2:13:35 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
10/20/2013 2:13:29 PM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/20/2013 2:13:29 PM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/20/2013 2:13:29 PM, Error: Service Control Manager [7038]  - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/20/2013 2:13:29 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
10/20/2013 2:13:29 PM, Error: Service Control Manager [7000]  - The Network List Service service failed to start due to the following error:  The service did not start due to a logon failure.
10/20/2013 2:13:29 PM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
10/20/2013 2:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/20/2013 2:13:29 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x80070032.
10/20/2013 1:47:21 PM, Error: Service Control Manager [7034]  - The PCPitstop Scheduling service terminated unexpectedly.  It has done this 1 time(s).
10/20/2013 1:11:51 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/20/2013 1:11:51 PM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
10/20/2013 1:11:50 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/20/2013 1:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/19/2013 9:21:20 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/19/2013 6:13:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.246.0).
10/19/2013 5:48:37 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
10/18/2013 6:16:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.159.0).
10/17/2013 9:31:26 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
10/17/2013 6:27:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.87.0).
10/17/2013 1:42:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.53.0).
10/15/2013 8:42:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2288.0).
10/15/2013 2:22:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2225.0).
10/14/2013 7:09:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2190.0).
10/14/2013 6:25:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2127.0).
10/13/2013 6:16:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2102.0).
10/13/2013 6:10:07 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
10/13/2013 2:54:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.159.2116.0).
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

The system appears to probably be infected.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

ComboFix 13-10-21.01 - Harlequin Haven 10/22/2013  21:01:35.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5880.4431 [GMT -4:00]

Running from: c:\users\Harlequin Haven\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml

c:\programdata\99D2FE82C3.sys

c:\users\Harlequin Haven\AppData\Roaming\1D959CA221C7573.sys

c:\windows\SysWow64\aosmtp.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-09-23 to 2013-10-23  )))))))))))))))))))))))))))))))

.

.

2013-10-23 01:12 . 2013-10-23 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-23 00:49 . 2013-10-23 00:49 650 ----a-w- C:\FixitRegBackup.reg

2013-10-20 20:59 . 2013-10-20 20:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-10-20 20:59 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-20 20:06 . 2013-10-20 20:06 116440 ----a-w- c:\windows\system32\drivers\48230029.sys

2013-10-20 20:05 . 2013-10-20 20:05 91352 ----a-w- c:\windows\system32\drivers\37EE5C39.sys

2013-10-20 19:13 . 2013-10-20 19:13 -------- d-----w- c:\users\Harlequin Haven\AppData\Roaming\TuneUp Software

2013-10-20 19:11 . 2013-10-23 01:15 -------- d-----w- c:\programdata\AVG2014

2013-10-20 19:03 . 2013-10-20 19:03 -------- d-----w- c:\users\Harlequin Haven\AppData\Local\MFAData

2013-10-20 18:37 . 2013-10-20 19:36 -------- d-----w- c:\program files\AVAST Software

2013-10-20 17:26 . 2013-10-20 17:26 -------- d-----w- c:\program files\CCleaner

2013-10-20 16:26 . 2013-10-20 16:26 -------- d-----w- c:\users\Harlequin Haven\AppData\Roaming\AVAST Software

2013-10-20 16:22 . 2013-10-20 18:36 -------- d-----w- c:\programdata\AVAST Software

2013-10-18 12:45 . 2013-10-20 17:08 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2014

2013-10-18 01:43 . 2013-10-20 20:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-17 21:27 . 2013-10-17 21:27 -------- d-----w- c:\program files\Western Digital

2013-10-10 07:49 . 2013-09-21 03:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-10-10 07:49 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-10-09 17:14 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll

2013-10-09 17:13 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-10-09 17:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-09 17:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-09 17:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-09 17:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-09 17:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-09 17:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-09 17:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-09-23 22:33 . 2013-09-11 02:28 271256 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-12 20:38 . 2011-06-17 18:59 2828 --sha-w- c:\programdata\KGyGaAvL.sys

2013-10-10 07:14 . 2010-09-02 00:17 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-10-09 10:19 . 2012-04-01 20:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-09 10:19 . 2011-05-17 16:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-29 01:48 . 2013-10-09 17:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-05 02:25 . 2013-09-12 10:55 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 02:14 . 2013-09-12 10:55 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 02:13 . 2013-09-12 10:55 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 02:13 . 2013-09-12 10:55 1161216 ----a-w- c:\windows\system32\kernel32.dll

2013-08-02 02:12 . 2013-09-12 10:55 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-08-02 02:12 . 2013-09-12 10:55 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 6656 ----a-w- c:\windows\system32\apisetschema.dll

2013-08-02 02:12 . 2013-09-12 10:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:55 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 02:12 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-08-02 01:50 . 2013-09-12 10:55 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2013-08-02 01:48 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:55 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2013-08-02 01:09 . 2013-09-12 10:55 338432 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:59 . 2013-09-12 10:55 112640 ----a-w- c:\windows\system32\smss.exe

2013-08-02 00:43 . 2013-09-12 10:54 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-07-26 02:24 . 2013-09-12 10:54 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-07-26 02:24 . 2013-09-12 10:54 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-07-25 09:25 . 2013-08-14 10:57 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-14 10:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2012-11-14 11:05 . 2012-11-14 11:04 34693120 ----a-w- c:\program files (x86)\GUTECD1.tmp

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-31 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-08-14 5537136]

.

c:\users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Creative Element Power Tools Startup.lnk - c:\program files (x86)\Creative Element Power Tools\Startup.exe [2010-9-2 265384]

Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN22G1G26P05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files (x86)\NCNETWORKSDM\bin\sprtsvc.exe;c:\program files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [x]

S2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files (x86)\NCNETWORKSDM\bin\tgsrvc.exe;c:\program files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [x]

S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]

S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]

S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys;c:\windows\SYSNATIVE\Drivers\OA002Afx.sys [x]

S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Ufd.sys [x]

S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OA002Vid.sys [x]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-17 20:37 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:19]

.

2011-09-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-31 09:13]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 01:40]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 01:40]

.

2013-10-23 c:\windows\Tasks\HPCeeScheduleForHarlequin Haven.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

2013-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

.

------- Supplementary Scan -------

.


uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm



IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\

FF - prefs.js: browser.search.selectedEngine - Google



FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

.

------- File Associations -------

.

.txt=Notepad++_file

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]

@Denied: (A 2 3) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]

@="%SystemRoot%\\Explorer.exe"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]

@="DAO.Client"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]

@="{F86A7697-B88F-1300-8336-6A6969707277}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

c:\program files (x86)\SpywareBlaster\sbautoupdate.exe

c:\program files (x86)\SpywareBlaster\sbautoupdate.exe

c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2013-10-22  21:32:29 - machine was rebooted

ComboFix-quarantined-files.txt  2013-10-23 01:32

.

Pre-Run: 784,745,828,352 bytes free

Post-Run: 785,517,744,128 bytes free

.

- - End Of File - - 2769E7AABE846D78EE3F5752BC6E4E9C
Link to post
Share on other sites

  • Root Admin

Please uninstall Microsoft Security Essentials you should not have 2 antivirus programs installed at the same time.

 

After you've uninstalled Microsoft Security Essentials then please do the following.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.10.02.12

 

Windows 7 Service Pack 1 x64 FAT32

Internet Explorer 10.0.9200.16721

Harlequin Haven :: HARLEQUINHAVEN [administrator]

 

10/23/2013 8:47:03 AM

mbar-log-2013-10-23 (08-47-03).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 260250

Time elapsed: 27 minute(s), 19 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16721

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.200000 GHz

Memory total: 3353337856, free: 1980747776

 

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16721

 

File system is: FAT32

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.900000 GHz

Memory total: 6165516288, free: 3136942080

 

No address found

=======================================

Initializing...

------------ Kernel report ------------

     10/23/2013 08:44:37

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie64.sys

\SystemRoot\system32\DRIVERS\ahcix64s.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\netr28x.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_ahcix64s.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\drivers\usbscan.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\wdcsam64.sys

\SystemRoot\system32\DRIVERS\point64.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\RtsUStor.sys

\SystemRoot\system32\DRIVERS\OA002Vid.sys

\SystemRoot\system32\DRIVERS\OA002Ufd.sys

\SystemRoot\system32\drivers\usbaudio.sys

\??\C:\Windows\system32\Drivers\OA002Afx.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\adfs.SYS

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\Drivers\PROCEXP113.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\wininet.dll

\Windows\System32\usp10.dll

\Windows\System32\shlwapi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\imagehlp.dll

\Windows\System32\nsi.dll

\Windows\System32\psapi.dll

\Windows\System32\shell32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\gdi32.dll

\Windows\System32\difxapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\sechost.dll

\Windows\System32\Wldap32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\lpk.dll

\Windows\System32\setupapi.dll

\Windows\System32\iertutil.dll

\Windows\System32\user32.dll

\Windows\System32\normaliz.dll

\Windows\System32\msvcrt.dll

\Windows\System32\kernel32.dll

\Windows\System32\urlmon.dll

\Windows\System32\msctf.dll

\Windows\System32\ole32.dll

\Windows\System32\imm32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR7

Upper Device Object: 0xfffffa8005216420

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000b7\

Lower Device Object: 0xfffffa80056df120

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8007d6a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000086\

Lower Device Object: 0xfffffa8007d65b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8007d2d060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007a\

Lower Device Object: 0xfffffa8007d22b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8005b4a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000005b\

Lower Device Object: 0xfffffa80059e89c0

Lower Device Driver Name: \Driver\ahcix64s\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8005b4a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005b4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005b4a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80059e89c0, DeviceName: \Device\0000005b\, DriverName: \Driver\ahcix64s\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7E1BE820

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848  Numsec = 1928431616

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1928638464  Numsec = 24483840

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8007d2d060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007d2d910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007d2d060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007d22b60, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 5F107

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 3906961408

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 2000365289472 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8007d6a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007d6ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007d6a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007d65b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 512

Drive: 3, DevicePointer: 0xfffffa8005216420, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006276540, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005216420, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80056df120, DeviceName: \Device\000000b7\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 3

Scanning MBR on drive 3...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 0

 

Partition information:

 

    Partition 0 type is Other (0xb)

    Partition is ACTIVE.

    Partition starts at LBA: 63  Numsec = 15759702

    Partition file system is FAT32

    Partition is not bootable

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 8086618112 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_3_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_3_0_63_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_3_r.mbam...

Removal finished

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Home Premium x64

Ran by Harlequin Haven on Wed 10/23/2013 at  9:26:52.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"

Successfully deleted: [Folder] "C:\Users\Harlequin Haven\appdata\local\blekkotb_031"

Successfully deleted: [Folder] "C:\Users\Harlequin Haven\appdata\local\opencandy"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Users\Harlequin Haven\AppData\Roaming\mozilla\firefox\profiles\cfzxxe6w.default\user.js

Successfully deleted the following from C:\Users\Harlequin Haven\AppData\Roaming\mozilla\firefox\profiles\cfzxxe6w.default\prefs.js

 

user_pref("browser.search.order.1", "Blekko");

Emptied folder: C:\Users\Harlequin Haven\AppData\Roaming\mozilla\firefox\profiles\cfzxxe6w.default\minidumps [1 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\Harlequin Haven\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 10/23/2013 at  9:33:48.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

adw cleaner - found no threats and did not make a file

 

 


C:\Users\Harlequin Haven\Desktop\software\cnet2_radiantsetup1044439b_exe.exe a variant of Win32/InstallCore.D application

C:\Users\Harlequin Haven\Documents\Downloaded Program Updates\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application

C:\Users\Harlequin Haven\Documents\Downloaded Program Updates\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application

 

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013

Ran by Harlequin Haven (administrator) on HARLEQUINHAVEN on 23-10-2013 17:10:10

Running from C:\Users\Harlequin Haven\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Creative Element) C:\Program Files (x86)\Creative Element Power Tools\Startup.exe

(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe

(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe

(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

() C:\Windows\SysWOW64\WinMsgBalloonServer.exe

() C:\Windows\SysWOW64\WinMsgBalloonClient.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

() C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

() C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe

() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-30] (Google Inc.)

HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)

HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)

HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)

Startup: C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk

ShortcutTarget: Creative Element Power Tools Startup.lnk -> C:\Program Files (x86)\Creative Element Power Tools\Startup.exe (Creative Element)

Startup: C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {FCE4C95B-B382-4B50-AFFA-B828DCFC277C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {FCE4C95B-B382-4B50-AFFA-B828DCFC277C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=9wlanbUVL0ztdrBXpcwJMZtkt5c?q={searchTerms}

SearchScopes: HKCU - {FCE4C95B-B382-4B50-AFFA-B828DCFC277C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

 

FireFox:

========

FF ProfilePath: C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default

FF SelectedSearchEngine: Google



FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_43 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml

FF Extension: No Name - C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\Harlequin Haven\AppData\Roaming\Mozilla\Firefox\Profiles\cfzxxe6w.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

 

Chrome: 

=======



CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (YouTube) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Adblock Plus) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0

CHR Extension: (Google Search) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Gmail) - C:\Users\HARLEQ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

 

==================== Services (Whitelisted) =================

 

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)

S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-06-12] (Google)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)

R2 sprtsvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [206120 2010-06-17] (SupportSoft, Inc.)

R2 tgsrvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [185640 2010-06-17] (SupportSoft, Inc.)

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)

R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [63096 2013-06-18] (Xobni Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-04-21] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-10-23 17:10 - 2013-10-23 17:10 - 00000000 ____D C:\FRST

2013-10-23 17:08 - 2013-10-23 17:09 - 01955374 _____ (Farbar) C:\Users\Harlequin Haven\Desktop\FRST64.exe

2013-10-23 17:06 - 2013-10-23 17:06 - 00000389 _____ C:\Users\Harlequin Haven\Desktop\threats found.txt

2013-10-23 12:41 - 2013-10-23 12:41 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-23 11:01 - 2013-10-23 11:33 - 00000000 ____D C:\AdwCleaner

2013-10-23 10:39 - 2013-10-23 10:39 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\abzutsfs.sys

2013-10-23 10:08 - 2013-10-23 10:08 - 01060070 _____ C:\Users\Harlequin Haven\Desktop\AdwCleaner.exe

2013-10-23 09:33 - 2013-10-23 09:33 - 00003618 _____ C:\Users\Harlequin Haven\Desktop\JRT.txt

2013-10-23 09:26 - 2013-10-23 09:26 - 00000000 ____D C:\Windows\ERUNT

2013-10-23 08:38 - 2013-10-23 08:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-22 21:32 - 2013-10-22 21:32 - 00027584 _____ C:\ComboFix.txt

2013-10-22 21:15 - 2013-10-22 21:15 - 00013610 _____ C:\Windows\PFRO.log

2013-10-22 20:59 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-22 20:59 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-22 20:59 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-22 20:59 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-22 20:49 - 2013-10-23 08:37 - 00000650 _____ C:\FixitRegBackup.reg

2013-10-22 20:41 - 2013-10-22 21:33 - 00000000 ____D C:\Qoobox

2013-10-22 20:40 - 2013-10-22 21:29 - 00000000 ____D C:\Windows\erdnt

2013-10-22 20:37 - 2013-10-22 20:38 - 05136138 ____R (Swearware) C:\Users\Harlequin Haven\Desktop\ComboFix.exe

2013-10-20 18:51 - 2013-10-23 11:30 - 00000840 _____ C:\Windows\setupact.log

2013-10-20 18:51 - 2013-10-20 18:51 - 00000000 _____ C:\Windows\setuperr.log

2013-10-20 18:23 - 2013-10-20 18:24 - 06858592 _____ (Xobni) C:\Users\Harlequin Haven\Desktop\XobniSetup.exe

2013-10-20 18:21 - 2013-10-20 18:21 - 00000146 _____ C:\Users\Harlequin Haven\Desktop\fixing outlook.txt

2013-10-20 18:03 - 2013-10-20 18:05 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\malwarebytes_suppl_log_files

2013-10-20 18:02 - 2013-10-20 18:02 - 00001231 _____ C:\Users\Harlequin Haven\Desktop\Microsoft Outlook.lnk

2013-10-20 18:02 - 2013-10-20 18:02 - 00000151 _____ C:\Users\Harlequin Haven\Desktop\Paying customer -- Contact Support via email.txt

2013-10-20 16:59 - 2013-10-20 16:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-20 16:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-20 16:52 - 2013-10-20 16:52 - 00009574 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_165248.reg

2013-10-20 16:09 - 2013-10-20 16:34 - 00000335 _____ C:\local.conf

2013-10-20 16:06 - 2013-10-20 16:06 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys

2013-10-20 16:05 - 2013-10-20 16:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37EE5C39.sys

2013-10-20 15:13 - 2013-10-20 15:13 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\TuneUp Software

2013-10-20 15:11 - 2013-10-22 21:15 - 00000000 ____D C:\ProgramData\AVG2014

2013-10-20 15:03 - 2013-10-20 15:03 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\MFAData

2013-10-20 14:35 - 2013-10-20 14:35 - 00007688 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_143448.reg

2013-10-20 13:48 - 2013-10-20 13:48 - 00085832 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_134817.reg

2013-10-20 13:26 - 2013-10-20 13:26 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-10-20 13:26 - 2013-10-20 13:26 - 00000000 ____D C:\Program Files\CCleaner

2013-10-20 13:20 - 2013-10-23 11:28 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-10-20 12:26 - 2013-10-20 12:26 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\AVAST Software

2013-10-20 12:25 - 2013-10-23 10:12 - 00000034 _____ C:\Windows\AvastEmUpdate.ini

2013-10-20 12:24 - 2013-10-20 12:24 - 00003206 _____ C:\Windows\System32\Tasks\{17174424-5CF8-4DEF-82DD-1361635490F6}

2013-10-20 12:22 - 2013-10-20 14:36 - 00000000 ____D C:\ProgramData\AVAST Software

2013-10-20 12:15 - 2013-10-20 18:05 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\software

2013-10-20 12:14 - 2013-10-20 13:23 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts_PTbackup2.bak

2013-10-20 12:00 - 2013-10-20 13:06 - 00000940 _____ C:\Users\Harlequin Haven\Desktop\pc_tuneup_2013-10-20.txt

2013-10-20 11:59 - 2013-10-20 11:59 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2013-10-18 21:03 - 2013-10-23 15:03 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForHarlequin Haven.job

2013-10-18 21:03 - 2013-10-18 21:03 - 00003246 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHarlequin Haven

2013-10-18 08:45 - 2013-10-20 13:08 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2014

2013-10-18 08:45 - 2013-10-18 08:45 - 00000024 ___SH C:\Users\Harlequin Haven\AppData\Roaming\System5908ConfigCollection.dat

2013-10-18 08:45 - 2013-10-18 08:45 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014

2013-10-17 22:20 - 2013-10-17 22:20 - 00000000 ____D C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000

2013-10-17 22:19 - 2013-10-17 22:19 - 01440846 _____ C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-10-17 21:43 - 2013-10-23 09:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-17 21:38 - 2013-10-17 21:39 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007 (1).exe

2013-10-17 21:27 - 2013-10-17 21:29 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007.exe

2013-10-17 17:27 - 2013-10-17 17:27 - 00000000 ____D C:\Program Files\Western Digital

2013-10-10 03:49 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-10 03:49 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 03:49 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-10 03:48 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-10 03:48 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-10 03:48 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-10 03:48 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 03:48 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 03:48 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 03:48 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 03:48 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 03:48 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 03:48 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-09 13:14 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 13:14 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 13:14 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 13:14 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 13:14 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 13:14 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 13:14 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-09 13:14 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 13:14 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 13:14 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 13:14 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 13:14 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 13:14 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 13:14 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 13:14 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-09 13:14 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 13:14 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 13:14 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 13:14 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 13:14 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 13:14 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 13:14 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 13:14 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 13:14 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 13:14 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 13:14 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 13:14 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 13:14 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 13:13 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 13:13 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 13:13 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 13:13 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 13:13 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 13:13 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 13:13 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 13:13 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 13:13 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 13:13 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 13:13 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 13:13 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 13:13 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 13:13 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 13:13 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 13:13 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 13:13 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 13:13 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 13:13 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 13:13 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 13:07 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-09 13:07 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-07 19:23 - 2013-10-07 19:23 - 05549056 _____ C:\Users\Harlequin Haven\Documents\Samson's Vet Record for the year  Photos.msg

 

==================== One Month Modified Files and Folders =======

 

2013-10-23 17:10 - 2013-10-23 17:10 - 00000000 ____D C:\FRST

2013-10-23 17:09 - 2013-10-23 17:08 - 01955374 _____ (Farbar) C:\Users\Harlequin Haven\Desktop\FRST64.exe

2013-10-23 17:06 - 2013-10-23 17:06 - 00000389 _____ C:\Users\Harlequin Haven\Desktop\threats found.txt

2013-10-23 16:49 - 2010-08-30 22:31 - 01227566 _____ C:\Windows\WindowsUpdate.log

2013-10-23 16:36 - 2010-08-30 21:40 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-23 16:18 - 2012-04-01 16:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-23 15:03 - 2013-10-18 21:03 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForHarlequin Haven.job

2013-10-23 12:41 - 2013-10-23 12:41 - 00000000 ____D C:\Program Files (x86)\ESET

2013-10-23 12:22 - 2013-08-15 03:49 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat

2013-10-23 11:41 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-23 11:41 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-23 11:33 - 2013-10-23 11:01 - 00000000 ____D C:\AdwCleaner

2013-10-23 11:32 - 2010-08-30 21:41 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2013-10-23 11:30 - 2013-10-20 18:51 - 00000840 _____ C:\Windows\setupact.log

2013-10-23 11:30 - 2010-08-30 21:40 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-23 11:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-23 11:28 - 2013-10-20 13:20 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-10-23 11:00 - 2012-04-17 10:46 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Outlook Files

2013-10-23 10:50 - 2009-07-14 01:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-23 10:39 - 2013-10-23 10:39 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\abzutsfs.sys

2013-10-23 10:12 - 2013-10-20 12:25 - 00000034 _____ C:\Windows\AvastEmUpdate.ini

2013-10-23 10:08 - 2013-10-23 10:08 - 01060070 _____ C:\Users\Harlequin Haven\Desktop\AdwCleaner.exe

2013-10-23 09:58 - 2012-01-15 03:29 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{890221EF-523D-4963-9CD4-95741D4DC679}

2013-10-23 09:46 - 2009-07-14 01:13 - 00783290 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-23 09:33 - 2013-10-23 09:33 - 00003618 _____ C:\Users\Harlequin Haven\Desktop\JRT.txt

2013-10-23 09:26 - 2013-10-23 09:26 - 00000000 ____D C:\Windows\ERUNT

2013-10-23 09:11 - 2013-10-17 21:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-23 08:38 - 2013-10-23 08:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-23 08:37 - 2013-10-22 20:49 - 00000650 _____ C:\FixitRegBackup.reg

2013-10-23 07:53 - 2010-08-30 21:38 - 00000000 ____D C:\Program Files\MyDefrag v4.2.9

2013-10-22 21:33 - 2013-10-22 20:41 - 00000000 ____D C:\Qoobox

2013-10-22 21:33 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default

2013-10-22 21:32 - 2013-10-22 21:32 - 00027584 _____ C:\ComboFix.txt

2013-10-22 21:29 - 2013-10-22 20:40 - 00000000 ____D C:\Windows\erdnt

2013-10-22 21:17 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini

2013-10-22 21:15 - 2013-10-22 21:15 - 00013610 _____ C:\Windows\PFRO.log

2013-10-22 21:15 - 2013-10-20 15:11 - 00000000 ____D C:\ProgramData\AVG2014

2013-10-22 21:15 - 2011-07-14 18:49 - 00000000 ____D C:\ProgramData\MFAData

2013-10-22 20:57 - 2011-07-14 19:36 - 00000000 ____D C:\Program Files (x86)\AVG

2013-10-22 20:38 - 2013-10-22 20:37 - 05136138 ____R (Swearware) C:\Users\Harlequin Haven\Desktop\ComboFix.exe

2013-10-22 16:46 - 2010-09-02 18:19 - 00000000 ____D C:\Users\Harlequin Haven\Documents\important junk

2013-10-22 08:12 - 2013-04-21 10:31 - 00000000 ____D C:\ProgramData\firebird

2013-10-22 08:12 - 2010-09-02 16:32 - 00000000 ____D C:\Users\Harlequin Haven\Documents\MailStore Home

2013-10-21 23:57 - 2013-01-06 19:02 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2013_applications

2013-10-20 20:27 - 2013-06-25 13:59 - 00000000 ____D C:\Users\Harlequin Haven\Documents\1_recipes

2013-10-20 18:56 - 2011-06-17 17:09 - 00000590 _____ C:\Users\Harlequin Haven\AppData\Local\xobni_installer_updater.log

2013-10-20 18:51 - 2013-10-20 18:51 - 00000000 _____ C:\Windows\setuperr.log

2013-10-20 18:44 - 2011-06-17 17:09 - 00000000 ____D C:\Program Files (x86)\Xobni

2013-10-20 18:24 - 2013-10-20 18:23 - 06858592 _____ (Xobni) C:\Users\Harlequin Haven\Desktop\XobniSetup.exe

2013-10-20 18:21 - 2013-10-20 18:21 - 00000146 _____ C:\Users\Harlequin Haven\Desktop\fixing outlook.txt

2013-10-20 18:05 - 2013-10-20 18:03 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\malwarebytes_suppl_log_files

2013-10-20 18:05 - 2013-10-20 12:15 - 00000000 ____D C:\Users\Harlequin Haven\Desktop\software

2013-10-20 18:02 - 2013-10-20 18:02 - 00001231 _____ C:\Users\Harlequin Haven\Desktop\Microsoft Outlook.lnk

2013-10-20 18:02 - 2013-10-20 18:02 - 00000151 _____ C:\Users\Harlequin Haven\Desktop\Paying customer -- Contact Support via email.txt

2013-10-20 17:57 - 2010-09-10 06:13 - 00000000 ____D C:\ProgramData\Recovery

2013-10-20 16:59 - 2013-10-20 16:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-20 16:52 - 2013-10-20 16:52 - 00009574 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_165248.reg

2013-10-20 16:43 - 2010-07-24 17:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-10-20 16:34 - 2013-10-20 16:09 - 00000335 _____ C:\local.conf

2013-10-20 16:06 - 2013-10-20 16:06 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys

2013-10-20 16:05 - 2013-10-20 16:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37EE5C39.sys

2013-10-20 15:13 - 2013-10-20 15:13 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\TuneUp Software

2013-10-20 15:03 - 2013-10-20 15:03 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\MFAData

2013-10-20 14:36 - 2013-10-20 12:22 - 00000000 ____D C:\ProgramData\AVAST Software

2013-10-20 14:35 - 2013-10-20 14:35 - 00007688 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_143448.reg

2013-10-20 13:48 - 2013-10-20 13:48 - 00085832 _____ C:\Users\Harlequin Haven\Documents\cc_20131020_134817.reg

2013-10-20 13:47 - 2010-09-01 17:29 - 00000000 ____D C:\ProgramData\PCPitstop

2013-10-20 13:38 - 2010-09-02 15:17 - 00000000 ___DC C:\Users\Harlequin Haven\AppData\Local\MigWiz

2013-10-20 13:38 - 2009-07-24 15:22 - 00000000 ____D C:\Windows\Panther

2013-10-20 13:26 - 2013-10-20 13:26 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-10-20 13:26 - 2013-10-20 13:26 - 00000000 ____D C:\Program Files\CCleaner

2013-10-20 13:23 - 2013-10-20 12:14 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts_PTbackup2.bak

2013-10-20 13:08 - 2013-10-18 08:45 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2014

2013-10-20 13:06 - 2013-10-20 12:00 - 00000940 _____ C:\Users\Harlequin Haven\Desktop\pc_tuneup_2013-10-20.txt

2013-10-20 12:27 - 2011-02-01 14:09 - 00001945 _____ C:\Windows\epplauncher.mif

2013-10-20 12:26 - 2013-10-20 12:26 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\AVAST Software

2013-10-20 12:24 - 2013-10-20 12:24 - 00003206 _____ C:\Windows\System32\Tasks\{17174424-5CF8-4DEF-82DD-1361635490F6}

2013-10-20 12:14 - 2009-07-13 22:34 - 00575472 _____ C:\Windows\system32\Drivers\etc\hosts_PTBackup.bak

2013-10-20 11:59 - 2013-10-20 11:59 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2013-10-20 11:59 - 2010-09-01 17:26 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Notepad++

2013-10-20 11:59 - 2010-09-01 17:26 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-10-19 07:24 - 2012-11-08 15:47 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2013_newsetter

2013-10-19 07:17 - 2010-09-02 18:55 - 00000000 ____D C:\Users\Harlequin Haven\Documents\turnout info

2013-10-18 21:03 - 2013-10-18 21:03 - 00003246 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHarlequin Haven

2013-10-18 21:02 - 2010-09-01 14:25 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\HP Support Assistant

2013-10-18 21:02 - 2010-08-31 20:37 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\HpUpdate

2013-10-18 19:58 - 2012-01-21 15:32 - 00035328 _____ C:\Users\Harlequin Haven\Documents\black_mcsweeney.xls

2013-10-18 08:45 - 2013-10-18 08:45 - 00000024 ___SH C:\Users\Harlequin Haven\AppData\Roaming\System5908ConfigCollection.dat

2013-10-18 08:45 - 2013-10-18 08:45 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014

2013-10-17 22:20 - 2013-10-17 22:20 - 00000000 ____D C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000

2013-10-17 22:19 - 2013-10-17 22:19 - 01440846 _____ C:\Users\Harlequin Haven\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-10-17 21:55 - 2013-06-07 19:04 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2013_donation_letters

2013-10-17 21:39 - 2013-10-17 21:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007 (1).exe

2013-10-17 21:29 - 2013-10-17 21:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Harlequin Haven\Downloads\mbar-1.07.0.1007.exe

2013-10-17 17:28 - 2013-05-19 10:55 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-17 17:27 - 2013-10-17 17:27 - 00000000 ____D C:\Program Files\Western Digital

2013-10-17 17:27 - 2013-05-19 10:56 - 00000000 ____D C:\Program Files\Common Files\Western Digital

2013-10-17 17:27 - 2013-05-19 10:29 - 00000000 ____D C:\Program Files (x86)\Western Digital

2013-10-17 07:13 - 2010-12-26 09:42 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2011_applications

2013-10-17 06:24 - 2011-06-17 14:43 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\Corel

2013-10-16 18:16 - 2010-09-02 18:19 - 00000000 ____D C:\Users\Harlequin Haven\Documents\HHGDR Files

2013-10-16 10:07 - 2010-09-02 18:11 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Dog Stories

2013-10-13 11:13 - 2013-09-20 11:33 - 00049152 _____ C:\Users\Harlequin Haven\Documents\2013_auction.xls

2013-10-12 22:31 - 2010-08-30 21:40 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-12 22:31 - 2010-08-30 21:40 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-12 16:38 - 2011-06-17 14:59 - 00002828 ___SH C:\ProgramData\KGyGaAvL.sys

2013-10-12 16:38 - 2011-06-17 14:43 - 00000000 ____D C:\Users\Harlequin Haven\Documents\My PSP Files

2013-10-10 18:08 - 2010-09-02 18:54 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Phonelist

2013-10-10 09:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-10-10 04:23 - 2009-07-14 00:45 - 03042784 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-10 04:22 - 2012-08-14 17:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-10 04:22 - 2012-08-14 17:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-10 03:56 - 2011-06-17 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-10 03:37 - 2010-09-06 15:58 - 00777014 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-10 03:24 - 2013-08-15 03:05 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 03:14 - 2010-09-01 20:17 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 06:19 - 2012-04-01 16:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 06:19 - 2012-04-01 16:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 06:19 - 2011-05-17 12:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-08 16:21 - 2013-04-21 13:34 - 00000000 ____D C:\Users\Harlequin Haven\AppData\Local\Xobni

2013-10-08 10:02 - 2010-09-02 18:11 - 00000000 ____D C:\Users\Harlequin Haven\Documents\blood work

2013-10-08 09:55 - 2010-09-02 18:20 - 00000000 ____D C:\Users\Harlequin Haven\Documents\Mozart_art

2013-10-07 19:23 - 2013-10-07 19:23 - 05549056 _____ C:\Users\Harlequin Haven\Documents\Samson's Vet Record for the year  Photos.msg

2013-10-03 19:35 - 2012-01-11 17:16 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2012_applications

2013-09-30 11:05 - 2010-08-30 22:33 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

2013-09-26 14:49 - 2013-01-29 14:17 - 00024064 _____ C:\Users\Harlequin Haven\Documents\2013_medical_taxes.xls

2013-09-23 18:33 - 2010-08-30 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-23 09:36 - 2012-03-08 19:28 - 00000000 ____D C:\Users\Harlequin Haven\Documents\2012 donor_letters

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-10-21 00:25

 

==================== End Of Log ============================

 

 




Link to post
Share on other sites

 





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2013

Ran by Harlequin Haven at 2013-10-23 17:11:25

Running from C:\Users\Harlequin Haven\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

Adobe Acrobat 9 Pro (x32 Version: 9.5.5)

Adobe Acrobat 9.5.5 - CPSID_83708 (x32)

Adobe AIR (x32 Version: 3.8.0.1430)

Adobe Anchor Service CS4 (x32 Version: 2.0)

Adobe Anchor Service x64 CS4 (Version: 2.0)

Adobe Bridge CS4 (x32 Version: 3)

Adobe CMaps CS4 (x32 Version: 2.0)

Adobe CMaps x64 CS4 (Version: 2.0)

Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)

Adobe Color EU Extra Settings CS4 (x32 Version: 2.0)

Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)

Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0)

Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)

Adobe CSI CS4 (x32 Version: 1)

Adobe CSI CS4 x64 (Version: 1)

Adobe Default Language CS4 (x32 Version: 2.0)

Adobe Drive CS4 x64 (Version: 1)

Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Fonts All (x32 Version: 2.0)

Adobe Fonts All x64 (Version: 2.0)

Adobe Linguistics CS4 (x32 Version: 4.0.0)

Adobe Linguistics CS4 x64 (Version: 4.0.0)

Adobe Media Player (x32 Version: 1.1)

Adobe Output Module (x32 Version: 2.0)

Adobe PDF Library Files CS4 (x32 Version: 9.0)

Adobe PDF Library Files x64 CS4 (Version: 9.0)

Adobe Photoshop CS4 (64 Bit) (Version: 11.0)

Adobe Photoshop CS4 (x32 Version: 11.0)

Adobe Photoshop CS4 Support (x32 Version: 11.0)

Adobe Search for Help (x32 Version: 1.0)

Adobe Service Manager Extension (x32 Version: 1.0)

Adobe Setup (x32 Version: 2.0)

Adobe Type Support CS4 (x32 Version: 9.0)

Adobe Type Support x64 CS4 (Version: 9.0)

Adobe Update Manager CS4 (x32 Version: 6.0.0)

Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)

Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)

Adobe XMP Panels CS4 (x32 Version: 2.0)

AdobeColorCommonSetCMYK (x32 Version: 2.0)

AdobeColorCommonSetRGB (x32 Version: 2.0)

Advanced Audio FX Engine (x32 Version: 1.12.05)

Apple Application Support (x32 Version: 2.3)

Apple Software Update (x32 Version: 2.1.3.127)

Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270)

CCleaner (Version: 4.06)

CinemaNow Media Manager (x32 Version: 1.9.1.105)

Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)

Connect (x32 Version: 1.0.0.1)

Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000)

Corel PaintShop Photo Pro X3 (x32 Version: 1.6.1.263)

Creative Element Power Tools (x32 Version: 3.0.6)

CyberLink DVD Suite Deluxe (x32 Version: 7.0.2712)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Dell Webcam Central (x32 Version: 1.40.05)

DHTML Editing Component (x32 Version: 6.02.0001)

DriveImage XML (Private Edition) (x32 Version: 2.14)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715)

ESET Online Scanner v3 (x32)

Google Apps (x32 Version: 1.2.279.2381)

Google Chrome (x32 Version: 65.61.49249)

Google Desktop (x32 Version: 5.9.1005.12335)

Google Earth (x32 Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

Google Updater (x32 Version: 2.4.2432.1652)

GroupMail :: Personal Edition (x32 Version: 5.3.0.136)

Hardware Diagnostic Tools (Version: 6.0.5418.39)

Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)

HP Advisor (x32 Version: 3.4.12850.3526)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP FWUpdateEDO2 (x32 Version: 1.2.0.0)

HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)

HP MediaSmart DVD (x32 Version: 4.0.3902)

HP MediaSmart Music (x32 Version: 4.0.3910)

HP MediaSmart Photo (x32 Version: 4.0.3911)

HP MediaSmart SmartMenu (Version: 3.1.1.12)

HP MediaSmart Video (x32 Version: 4.0.3911)

HP Odometer (x32 Version: 2.10.0000)

HP Officejet 6700 Basic Device Software (Version: 25.0.619.0)

HP Officejet 6700 Help (x32 Version: 140.0.2.2)

HP Setup (x32 Version: 1.2.4048.3310)

HP Support Information (x32 Version: 10.1.0002)

HP Update (x32 Version: 5.003.001.001)

HPDiagnosticAlert (x32 Version: 1.00.0000)

I.R.I.S. OCR (x32 Version: 12.3.4.0)

ICA (x32 Version: 1.6.1.263)

IPM_PSP_CL (x32 Version: 1.00.0000)

IPM_PSP_COM (x32 Version: 1.00.0000)

Ipswitch WS_FTP 12 (x32 Version: 12.2)

jv16 PowerTools 2012 (x32 Version: )

jv16 PowerTools 2014 (x32 Version: )

kuler (x32 Version: 2.0)

LabelPrint (x32 Version: 2.5.2610)

LightScribe System Software (x32 Version: 1.18.11.1)

MailStore Home 8.1.0.9075 (x32 Version: 8.1.0.9075)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Metron (x32 Version: 6.11)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Expression Design 4 (x32 Version: 7.0.20516.0)

Microsoft Expression Encoder 4 (x32 Version: 4.0.1639.0)

Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1639.0)

Microsoft Expression Web 4 (x32 Version: 4.0.1303.0)

Microsoft Expression Web 4 Service Pack 2 (x32)

Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access database engine 2007 (English) (x32 Version: 12.0.6612.1000)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Streets & Trips 2010 (x32 Version: 17.0.19.2900)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable Package (x32 Version: 1.0.0)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Microsoft_VC90_CRT_x86 (x32 Version: 1.0.0)

Monitor Webcam Driver (1.01.02.0804)  

Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

muvee Reveal Seagate Edition (x32 Version: 7.0.41.11017)

MyDefrag v4.2.9 (Version: 4.0.0.0)

Notepad++ (x32 Version: 6.5)

PDF Settings CS4 (x32 Version: 9.0)

PhotoNow! (x32 Version: 1.1.6904)

Photoshop Camera Raw (x32 Version: 5.0)

Photoshop Camera Raw_x64 (Version: 5.0)

Picasa 3 (x32 Version: 3.9)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Power2Go (x32 Version: 6.1.3810)

PowerDirector (x32 Version: 8.0.2704)

PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)

PSPPContent (x32 Version: 1.00.0000)

PSPPRO_DCRAW (x32 Version: 13.0.0)

RadiAnt DICOM Viewer (64-bit) (x32 Version: 1.0.4.4439)

RAIDXpert (x32 Version: 3.2.1540.10)

Ralink RT2860 Wireless LAN Card (x32)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.30130)

Recovery Manager (x32 Version: 5.5.2719)

Roxio CinemaNow 2.0 (x32 Version: 1.0.262)

Setup (x32 Version: 1.6.1.263)

Spinco Download Manager (x32 Version: 1.0.0)

SpywareBlaster 5.0 (x32 Version: 5.0.0)

Suite Shared Configuration CS4 (x32 Version: 1.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)

WD Drive Utilities (x32 Version: 1.0.3.3)

WD Quick View (x32 Version: 2.2.0.8)

WD SmartWare (Version: 2.2.0.8)

WD SmartWare Installer (x32 Version: 2.2.0.8)

Xobni (x32 Version: 2.0.4.13745)

Xobni Core (x32 Version: 1.0.0)

 

==================== Restore Points  =========================

 

23-10-2013 12:22:05 Installed Microsoft Fix it 50535

23-10-2013 12:36:19 Installed Microsoft Fix it 50535

23-10-2013 14:04:34 Windows Update

23-10-2013 14:05:18 avast! antivirus system restore point

23-10-2013 14:11:01 avast! antivirus system restore point

23-10-2013 14:30:57 avast! antivirus system restore point

 

==================== Hosts content: ==========================

 

2009-07-13 22:34 - 2013-10-22 21:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0226E1C3-BEC7-47DE-AE93-0253E941132C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)

Task: {0B2045D6-A8FF-415D-959C-06CFA885FD1E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe

Task: {1BABDE22-854C-4493-BD69-634F0DE96DE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {28D9DFCC-9BDB-4530-81CE-DB72E361687D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()

Task: {36FA5ADA-2011-46CE-BDD7-FC9F93B715AB} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

Task: {3A2B07F8-43A3-4683-ACDE-6CD90675DCC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {3C8BB952-23DA-47E2-8465-7D4A300FA199} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {3CE70D8F-AB34-43A1-8CCD-C7C83DC657D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {659BEB22-838E-4294-AE53-5364E2DB2719} - System32\Tasks\HPCeeScheduleForHarlequin Haven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {726C6D0F-22DF-491D-A870-45CBD241C7F3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {73B3B03E-C7EE-439E-8BD4-ED0711D30659} - System32\Tasks\MyDefrag v4.2.9 Daily => C:\Program Files\MyDefrag v4.2.9\Scripts\OptimizeDaily.MyD [2009-12-25] ()

Task: {7A565075-1008-4367-885F-4638B82E7B77} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1023100906-4222923350-201167260-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {7A9DE0DC-8FFD-434A-BB5D-0988AE564581} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)

Task: {7B9CE53A-3390-4FBA-8625-08DE895217DA} - System32\Tasks\SpywareBlaster AutoUpdate => C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe [2013-03-01] ()

Task: {7BD60636-D21F-4911-B421-31B77929A9FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-01-23] (Microsoft)

Task: {7C8E7EAA-2F5C-4687-A8DC-CDD126E83DD7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe

Task: {7F840F1C-7D06-47DC-903B-D945AE472DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {991681BB-1292-4E36-9D8D-77DE4AA979C5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1999-12-31] (Microsoft Corporation)

Task: {9F4380F6-06A3-4369-83B7-A9520C24FF1C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe

Task: {A2F47E53-DA6B-44AB-9F32-EC90617BAC7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)

Task: {A6B2A3F0-F7B2-429E-B6F1-01BCFDC0EAF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B479AC4D-F48E-45A4-9043-4C15706B24E2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1023100906-4222923350-201167260-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {C8FFD5BA-8D6F-4D23-8679-053F38B7ACAF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1999-12-31] (Microsoft Corporation)

Task: {D13C83CC-AAD3-4084-8732-53C894A97537} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)

Task: {D6883784-B867-473F-8C2D-61F33A6D77D4} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11] (Google)

Task: {EB7955F9-E930-4872-A271-862975EBF78E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForHarlequin Haven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2010-09-02 18:18 - 2010-06-30 13:39 - 03071608 _____ () C:\Program Files\ipswitch\WS_FTP 12\res0409.dll

2009-12-16 02:44 - 2009-12-16 02:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll

2010-09-02 18:18 - 2010-06-30 13:34 - 00948496 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\LIBEAY32.dll

2010-09-02 18:18 - 2010-06-30 13:34 - 00153360 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\SSLEAY32.dll

2010-09-02 18:18 - 2010-06-30 13:39 - 03073144 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\res0409.dll

2009-09-13 20:06 - 2011-06-17 12:52 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll

2011-07-18 17:07 - 2011-07-18 17:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

2011-09-21 16:46 - 2011-09-21 16:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

2008-11-11 13:48 - 2008-11-11 13:48 - 00074240 _____ () C:\Program Files (x86)\Notepad++\plugins\NppNetNote.dll

2007-08-04 21:10 - 2007-08-04 21:10 - 00250368 _____ () C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2010-08-30 21:41 - 2010-01-28 20:34 - 00417792 _____ () C:\Program Files (x86)\SpywareBlaster\SQLite3SB.dll

2013-10-17 17:03 - 2013-10-08 20:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll

2013-10-17 17:03 - 2013-10-08 20:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll

2013-10-17 17:03 - 2013-10-08 20:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll

2013-10-17 17:03 - 2013-10-08 20:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll

2013-10-17 17:03 - 2013-10-08 20:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/23/2013 00:28:32 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/23/2013 00:28:31 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/23/2013 00:22:10 PM) (Source: Application Error) (User: )

Description: Faulting application name: WDBackupEngine.exe, version: 2.0.0.15, time stamp: 0x520b9c0c

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116

Exception code: 0xe0434352

Fault offset: 0x0000c41f

Faulting process id: 0xca8

Faulting application start time: 0xWDBackupEngine.exe0

Faulting application path: WDBackupEngine.exe1

Faulting module path: WDBackupEngine.exe2

Report Id: WDBackupEngine.exe3

 

Error: (10/23/2013 00:22:07 PM) (Source: .NET Runtime) (User: )

Description: Application: WDBackupEngine.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.OutOfMemoryException

Stack:

   at System.Threading.ExecutionContext.CreateCopy()

   at System.Threading._TimerCallback.PerformTimerCallback(System.Object)

 

Error: (10/23/2013 10:41:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/23/2013 10:41:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/23/2013 10:40:50 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/23/2013 10:40:49 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/23/2013 10:31:21 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary uvjsthjp.

 

System Error:

The system cannot find the file specified.

.

 

Error: (10/23/2013 10:25:15 AM) (Source: Application Error) (User: )

Description: Faulting application name: AvastUI.exe, version: 9.0.2006.159, time stamp: 0x525c2451

Faulting module name: AvastUI.exe, version: 9.0.2006.159, time stamp: 0x525c2451

Exception code: 0xc0000005

Fault offset: 0x000b7c6b

Faulting process id: 0xc78

Faulting application start time: 0xAvastUI.exe0

Faulting application path: AvastUI.exe1

Faulting module path: AvastUI.exe2

Report Id: AvastUI.exe3

 

 

System errors:

=============

Error: (10/23/2013 00:22:26 PM) (Source: Service Control Manager) (User: )

Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

 

Error: (10/23/2013 11:25:35 AM) (Source: DCOM) (User: )

Description: 1068WDBackup{59484148-65C9-4467-A092-3F8380023772}

 

Error: (10/23/2013 11:25:35 AM) (Source: DCOM) (User: )

Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73}

 

Error: (10/23/2013 11:25:00 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (10/23/2013 11:25:00 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (10/23/2013 11:24:42 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (10/23/2013 11:22:30 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (10/23/2013 11:22:20 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (10/23/2013 11:22:14 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (10/23/2013 11:21:52 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

 

Microsoft Office Sessions:

=========================

Error: (10/23/2013 00:28:32 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

 

Error: (10/23/2013 00:28:31 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

 

Error: (10/23/2013 00:22:10 PM) (Source: Application Error)(User: )

Description: WDBackupEngine.exe2.0.0.15520b9c0cKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41fca801ced004ea03a6e5C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll442b4df4-3bff-11e3-aafe-78e7d182385d

 

Error: (10/23/2013 00:22:07 PM) (Source: .NET Runtime)(User: )

Description: Application: WDBackupEngine.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.OutOfMemoryException

Stack:

   at System.Threading.ExecutionContext.CreateCopy()

   at System.Threading._TimerCallback.PerformTimerCallback(System.Object)

 

Error: (10/23/2013 10:41:29 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

 

Error: (10/23/2013 10:41:29 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

 

Error: (10/23/2013 10:40:50 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

 

Error: (10/23/2013 10:40:49 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

 

Error: (10/23/2013 10:31:21 AM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary uvjsthjp.

 

System Error:

The system cannot find the file specified.

 

Error: (10/23/2013 10:25:15 AM) (Source: Application Error)(User: )

Description: AvastUI.exe9.0.2006.159525c2451AvastUI.exe9.0.2006.159525c2451c0000005000b7c6bc7801cecffb3508d0dbC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeef06bd93-3bee-11e3-8929-78e7d182385d

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-10-22 21:09:00.398

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-10-22 21:08:59.945

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 43%

Total physical RAM: 5879.89 MB

Available physical RAM: 3295.75 MB

Total Pagefile: 11757.97 MB

Available Pagefile: 9099.2 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:919.55 GB) (Free:735.84 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:11.67 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1270.17 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 7E1BE820)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)

Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)

 

==================== End Of Log ============================


 


 


Link to post
Share on other sites

  • Root Admin

We'll run another tool later on to remove the MSE entry for you.  For now please do the following.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2013

Ran by Harlequin Haven at 2013-10-23 20:06:31 Run:1

Running from C:\Users\Harlequin Haven\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Users\Harlequin Haven\Desktop\software\cnet2_radiantsetup1044439b_exe.exe

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-30] (Google Inc.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {FCE4C95B-B382-4B50-AFFA-B828DCFC277C} URL = http://download.eset...lineScanner.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll

CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_43 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

Task: {3A2B07F8-43A3-4683-ACDE-6CD90675DCC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {7F840F1C-7D06-47DC-903B-D945AE472DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30] (Google Inc.)

Task: {A6B2A3F0-F7B2-429E-B6F1-01BCFDC0EAF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D6883784-B867-473F-8C2D-61F33A6D77D4} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11] (Google)

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

 

*****************

 

C:\Users\Harlequin Haven\Desktop\software\cnet2_radiantsetup1044439b_exe.exe => Moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCE4C95B-B382-4B50-AFFA-B828DCFC277C} => Key deleted successfully.

HKCR\CLSID\{FCE4C95B-B382-4B50-AFFA-B828DCFC277C} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FCE4C95B-B382-4B50-AFFA-B828DCFC277C} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{FCE4C95B-B382-4B50-AFFA-B828DCFC277C} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => Key deleted successfully.

HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCE4C95B-B382-4B50-AFFA-B828DCFC277C} => Key deleted successfully.

HKCR\CLSID\{FCE4C95B-B382-4B50-AFFA-B828DCFC277C} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.

HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.

HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} => Key deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll not found.

C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_43 => Key deleted successfully.

C:\Windows\SysWOW64\npdeployJava1.dll => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A2B07F8-43A3-4683-ACDE-6CD90675DCC5} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A2B07F8-43A3-4683-ACDE-6CD90675DCC5} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F840F1C-7D06-47DC-903B-D945AE472DD1} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F840F1C-7D06-47DC-903B-D945AE472DD1} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6B2A3F0-F7B2-429E-B6F1-01BCFDC0EAF1} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6B2A3F0-F7B2-429E-B6F1-01BCFDC0EAF1} => Key deleted successfully.

C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6883784-B867-473F-8C2D-61F33A6D77D4} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6883784-B867-473F-8C2D-61F33A6D77D4} => Key deleted successfully.

C:\Windows\System32\Tasks\Google Software Updater => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Software Updater => Key deleted successfully.

C:\Windows\Tasks\Google Software Updater.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Great, that looks good.
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 
Next, please run a Full Disk Check on your system drive [ typically the C: drive ].  If needed here are some links on how to run a Disk Check.

On Windows XP the disk check log is in the Event Logs under Application with a heading source of  Winlogon
On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit
On Windows 8 the disk check log is in the Event Logs under Application with a heading source of  Chkdsk

How to Run a Chkdsk Function on Windows XP

How to view and manage event logs in Event Viewer in Windows XP

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Check a Drive for Errors with "chkdsk" in Windows 8

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.