Jump to content

windows update keeps saying failed


Lunatic
 Share

Recommended Posts

I ran malwarebytes with full scan selected, by the time I noticed it, I had 5 infections.  I clicked abort scan, then selected to remove the malware.  I then ran the quick scan and had more alerts.  I removed those as well.  Tried to update windows again, still no luck.  It keeps saying failed to update on any type of security files.  I noticed I forgot to disable my anti virus, so I ran malwarebytes again, quick scan, antivirus off.  Here's the dds files 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Josh at 22:58:42 on 2013-11-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7931.5804 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
uRun: [CLink_Installer.Activation] "C:\Users\Josh\AppData\Local\Temp\CLink_Installer\McciInitializer.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CHECKF~1.LNK - C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHILIP~1.LNK - C:\Program Files (x86)\Philips\GoGear Mix Device Manager\main.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{AC7639EF-5A13-4901-903B-7B4823D0BD48} : NameServer = 208.67.222.222
TCP: Interfaces\{AC7639EF-5A13-4901-903B-7B4823D0BD48} : DHCPNameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{AC7639EF-5A13-4901-903B-7B4823D0BD48}\3456E647572797C496E6B643639303 : DHCPNameServer = 192.168.0.1 66.112.11.88
TCP: Interfaces\{AC7639EF-5A13-4901-903B-7B4823D0BD48}\A4022427F677E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\
FF - prefs.js: browser.startup.homepage - 
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - e24b91780000000000006eac4c99adaf
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15917
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.018:03:31
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4960
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-26 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-26 28800]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2012-2-27 90096]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-25 98208]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-30 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-30 701512]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2013-4-1 441344]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-11 46136]
R3 azvusb;Virtual USB Hub;C:\Windows\System32\drivers\azvusb.sys [2009-8-24 54784]
R3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2011-1-26 4608]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-8-2 32880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-29 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-25 38528]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-30 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-3-15 97552]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-8-2 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-8-2 12384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-25 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-24 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-5-10 14544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203264]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
S4 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-01 05:21:32 -------- d-----w- C:\Windows\Microsoft Antimalware
2013-12-01 04:40:04 -------- d-----w- C:\1ba0f66455d58824317caa97
2013-12-01 04:00:58 -------- d-----w- C:\FRST
2013-12-01 03:47:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 03:47:34 -------- d-----w- C:\Users\Josh\AppData\Local\Programs
2013-12-01 01:46:23 -------- d-----w- C:\Users\Josh\AppData\Local\LogMeIn Rescue Applet
2013-11-30 21:12:13 -------- d-----w- C:\Windows\CheckSur
2013-11-30 20:06:24 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-30 20:06:24 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-30 20:06:24 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-30 20:06:24 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-30 20:06:24 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-30 20:06:24 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-30 20:06:24 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-30 19:37:55 49940480 ----a-w- C:\Program Files (x86)\GUT16ED.tmp
2013-11-30 19:37:55 -------- d-----w- C:\Program Files (x86)\GUM16DD.tmp
2013-11-21 02:33:53 -------- d-----w- C:\Users\Josh\AppData\Roaming\AVG2014
2013-11-21 02:32:38 -------- d-----w- C:\Users\Josh\AppData\Roaming\TuneUp Software
2013-11-21 02:31:22 -------- d--h--w- C:\$AVG
2013-11-21 02:31:22 -------- d-----w- C:\ProgramData\AVG2014
2013-11-21 02:30:35 -------- d-----w- C:\Program Files (x86)\AVG
2013-11-21 02:28:30 -------- d-----w- C:\Users\Josh\AppData\Local\Avg2014
2013-11-21 02:28:29 -------- d-----w- C:\Users\Josh\AppData\Local\MFAData
2013-11-21 01:25:38 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F25EE051-8461-4B48-9148-EEE47D533721}\mpengine.dll
2013-11-20 00:52:40 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B225B460-86F0-4CAB-B9EA-B75DA2D3DD9E}\mpengine.dll
2013-11-19 02:21:11 -------- d-----w- C:\Program Files\iPod
2013-11-19 02:21:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-19 02:21:10 -------- d-----w- C:\Program Files\iTunes
2013-11-19 02:21:10 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-11-19 02:14:54 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-11-18 23:15:47 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-14 00:28:01 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 00:28:00 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-06 14:16:16 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE41E4-07A8-4ADF-81BA-08A53B8F45A8}\gapaengine.dll
2013-11-06 03:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 03:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 05:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M  ====================
.
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-01 04:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-25 04:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 17:10:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 17:10:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-08 12:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-01 06:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-10 06:43:02 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 22:59:01.39 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2010 5:00:50 PM
System Uptime: 11/30/2013 10:36:15 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1444
Processor: AMD Athlon II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 151.973 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 0.792 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP447: 11/25/2013 5:33:49 PM - Windows Update
RP448: 11/26/2013 7:58:14 AM - Windows Update
RP449: 11/29/2013 2:16:25 PM - Windows Update
RP450: 11/30/2013 1:36:26 PM - Windows Update
RP451: 11/30/2013 1:54:47 PM - Windows Update
RP452: 11/30/2013 2:06:38 PM - Windows Update
RP454: 11/30/2013 3:12:05 PM - Windows Update
RP455: 11/30/2013 7:01:43 PM - Windows Update
RP456: 11/30/2013 7:51:00 PM - Windows Update
RP457: 11/30/2013 9:55:10 PM - Windows Update
RP458: 11/30/2013 10:39:16 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
Adobe Shockwave Player 12.0
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amazon Kindle
Amazon MP3 Downloader 1.0.17
AMD Fuel
Angry Birds
Angry Birds Seasons
Angry Birds Star Wars
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Audacity 2.0
AudibleManager
AVG 2014
BB FlashBack Express
Bejeweled 2 Deluxe
Best Buy pc app
Big Fish Games: Game Manager
Blackhawk Striker 2
Bonjour
BufferChm
Build-a-lot 2
C6100
c6100_Help
Catalina Savings Printer
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CenturyLink Installer
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Civ3 Conquests v1.22 Full
Civilization III Complete Edition
Copy
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink Power2Go 8
CyberLink PowerDVD 9
CyberLink WaveEditor 2
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DivX Codec
DocProc
Dora's Carnival Adventure
Download Manager 2.3.10
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Expstudio Audio Editor FREE
Facebook Video Calling 1.2.0.287
FATE
Fax
ffdshow [rev 3154] [2009-12-09]
Final Drive Nitro
Game Booster 3
GoGear Mix Device Manager
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Helium
Heroes of Hellas 2 - Olympia
HiJackThis
Holdem Manager
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Documentation
HP Games
HP Imaging Device Functions 13.0
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Power Manager
HP Quick Launch
HP Setup
HP Smart Web Printing 4.51
HP Software Framework
HP Solution Center 13.0
HP Support Assistant
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
iCloud
iDailyDiary 3.85
IPTInstaller
iTunes
Java 7 Update 45
Java Auto Updater
Java 6 Update 20 (64-bit)
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
MiniTool Partition Wizard Home Edition 8.0
MotioninJoy ds3 driver version 0.6.0001
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Network64
Norton Online Backup
OCR Software by I.R.I.S. 13.0
Paper Jamz Pro 1.8.0
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
PokerStars.net
Polar Bowler
Polar Golfer
PopGameBox
PostgreSQL 8.4
Power2Go
PowerDirector
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
RollerCoaster Tycoon 3 Platinum
Roxio CinemaNow 2.0
RtVOsd
Scan
Shop for HP Supplies
Sid Meier's Civilization 4
Skype Click to Call
Skype™ 5.10
SlingHealth ActiveX
SmartWebPrinting
SolutionCenter
SpongeBob SquarePants - Lights, Camera, Pants!
SpongeBob SquarePants - Nighty Nightmare
SpongeBob SquarePants - The Movie
SpongeBob SquarePants® Operation Krabby Patty
Status
swMSM
Synaptics Pointing Device Driver
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
ToneSync for Windows
Toolbox
TrayApp
TVCenter
Ultimate Poker
Unity Web Player
UnloadSupport
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WebReg
Wheel of Fortune 2
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
Yahoo! Toolbar
ZC DVD Ripper 2.2.5
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/30/2013 8:43:31 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 8:21:55 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 8:20:24 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 8:20:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/30/2013 8:20:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/30/2013 8:20:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/30/2013 8:19:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
11/30/2013 8:19:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/30/2013 8:19:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgdiska AVGIDSDriver Avgldx64 CLVirtualDrive discache MpFilter spldr Wanarpv6
11/30/2013 8:19:55 PM, Error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 8:19:55 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 8:19:46 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/30/2013 7:30:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2709981).
11/30/2013 7:30:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2592687).
11/30/2013 7:20:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
11/30/2013 7:20:37 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 7:19:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/30/2013 7:19:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/30/2013 7:19:20 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia CLVirtualDrive DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/30/2013 7:19:19 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 7:19:19 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/30/2013 7:19:19 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 7:19:19 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 7:19:19 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 7:19:19 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/30/2013 7:19:18 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/30/2013 7:19:18 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11/30/2013 7:19:18 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/30/2013 7:19:18 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/30/2013 7:17:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/30/2013 7:07:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
11/30/2013 7:04:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.980.0).
11/30/2013 2:07:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.972.0).
11/30/2013 10:40:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
11/30/2013 10:36:54 PM, Error: Service Control Manager [7023]  - The Microsoft Antimalware Service service terminated with the following error:  %%-2147024894
11/30/2013 10:36:46 PM, Error: volmgr [46]  - Crash dump initialization failed!
11/30/2013 1:45:43 PM, Error: Service Control Manager [7000]  - The postgresql-8.4 - PostgreSQL Server 8.4 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/30/2013 1:45:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the postgresql-8.4 - PostgreSQL Server 8.4 service to connect.
11/29/2013 2:18:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
11/24/2013 12:53:20 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
11/24/2013 12:53:20 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
11/24/2013 12:53:20 PM, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs....

 

Kevin...

Link to post
Share on other sites

Thanks for your reply!  

 

# AdwCleaner v3.014 - Report created 01/12/2013 at 13:58:06

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Josh - JOSH-HP

# Running from : C:\Users\Josh\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Systweak

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Search Toolbar

Folder Deleted : C:\Program Files\Babylon

Folder Deleted : C:\Users\Josh\AppData\Local\Conduit

Folder Deleted : C:\Users\Josh\AppData\Local\PackageAware

Folder Deleted : C:\Users\Josh\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Josh\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Josh\AppData\Roaming\digitalsite

Folder Deleted : C:\Users\Josh\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\Extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\Extensions\{67097627-fd8e-4f6b-af4b-ecb65e50112e}

Folder Deleted : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok

File Deleted : C:\END

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Check for Updates.lnk

File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\bProtector_extensions.rdf

File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\searchplugins\Babylon.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml

File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\searchplugins\Conduit.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\user.js

File Deleted : C:\Windows\System32\Tasks\digitalsite

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKCU\Software\Google\Chrome\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS

Key Deleted : HKLM\SOFTWARE\e4da8bbd3deb49

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3285873

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_3d-billiards-online-games_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_3d-billiards-online-games_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cue-club_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cue-club_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_real-pool_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_real-pool_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16736

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant]

 

-\\ Mozilla Firefox v4.0.1 (en-US)

 

[ File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\prefs.js ]

 

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 25);

Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");

Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "0CB95A50DACCC80FE6C0B0D4205CDBDE");

Line Deleted : user_pref("extensions.BabylonToolbar.lastActv", "25");

Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 25);

Line Deleted : user_pref("extensions.facemoods.aflt", "_#umail3");

Line Deleted : user_pref("extensions.facemoods.firstRun", false);

Line Deleted : user_pref("extensions.facemoods.lastActv", "25");

Line Deleted : user_pref("CT3285873.autoDisableScopes", -1);

Line Deleted : user_pref("CT3285873.UserID", "UN71716112512895400");

Line Deleted : user_pref("CT3285873.installDate", "9/3/2013 20:51:24");

Line Deleted : user_pref("CT3285873.FF19Solved", "true");


Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V1 Customized Web Search");

Line Deleted : user_pref("CT3285873.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3285873.defaultSearchXPETakeover", "true");

Line Deleted : user_pref("smartbar.originalSearchEngine", "Google");



Line Deleted : user_pref("CT3285873.keyword", "true");

Line Deleted : user_pref("CT3285873.addressUrlXPETakeover", "true");




 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [12609 octets] - [01/12/2013 13:54:45]

AdwCleaner[s0].txt - [12211 octets] - [01/12/2013 13:58:06]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12272 octets] ##########

 

 


Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.01.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Josh :: JOSH-HP [administrator]

 

Protection: Enabled

 

12/1/2013 2:06:34 PM

mbam-log-2013-12-01 (14-06-34).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 316863

Time elapsed: 10 minute(s), 43 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Link to post
Share on other sites

I ran this yesterday, afterwards I got online with microsoft online support.  He went through my computer with me and told me I had a very bad infection.  He told me I wouldn't be able to clean it up myself, then proceeded to sell me their support.  I politely declined, and told him I would go at it on my own.  

 

It ran, gave me the option to check for updates, update failed again, same error code.

Link to post
Share on other sites

Ok run the following:

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs...

Link to post
Share on other sites

Farbar Service Scanner Version: 23-11-2013

Ran by Josh (administrator) on 01-12-2013 at 15:24:03

Running from "C:\Users\Josh\Downloads"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013

Ran by Josh (administrator) on JOSH-HP on 01-12-2013 15:25:49

Running from C:\Users\Josh\Desktop\FRST64

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(PCTV Systems S.à r.l.) C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Josh\Downloads\FSS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)

HKLM-x32\...\Winlogon: [userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)

HKCU\...\Run: [igndlm.exe] - C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)

HKCU\...\Run: [RemoTerm.exe] - C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe [227160 2012-05-10] (PCTV Systems S.à r.l.)

HKCU\...\Run: [CLink_Installer.Activation] - "C:\Users\Josh\AppData\Local\Temp\CLink_Installer\McciInitializer.exe" <===== ATTENTION

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [107816 2011-10-27] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [485672 2011-10-31] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] - C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48056 2012-11-09] (CenturyLink Inc)

HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-04-24] (RealNetworks, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)

HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Mcx1-JOSH-HP.Josh-HP\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 

HKU\postgres\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\postgres\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKU\postgres\...\Run: [igndlm.exe] - C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)

HKU\postgres\...\Run: [boxoft Tools] - "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun

HKU\postgres\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-03-09] (TomTom)

HKU\postgres\...\Run: [steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent

HKU\postgres\...\Run: [CPN Notifier] - C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe

HKU\postgres\...\Run: [Facebook Update] - C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-14] (Facebook Inc.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

Startup: C:\Users\Mcx1-JOSH-HP.Josh-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

Startup: C:\Users\postgres.Josh-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {0EC873EC-7C54-49A8-BB20-74859F39C869} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKLM - {FE78F677-DE01-43F8-AC8E-13547F30F95E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {0EC873EC-7C54-49A8-BB20-74859F39C869} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKLM-x32 - {FE78F677-DE01-43F8-AC8E-13547F30F95E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKCU - {0EC873EC-7C54-49A8-BB20-74859F39C869} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKCU - {F6066676-1EEB-BD50-8DCD-39409136EB4C} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

SearchScopes: HKCU - {FE78F677-DE01-43F8-AC8E-13547F30F95E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab

DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166

Tcpip\..\Interfaces\{AC7639EF-5A13-4901-903B-7B4823D0BD48}: [NameServer]208.67.222.222

 

FireFox:

========

FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF Plugin-x32: @fileplanet.com/fpdlm - C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Josh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Josh\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF SearchPlugin: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\searchplugins\bing-zugo.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

FF Extension: Search Toolbar - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\Extensions\searchtoolbar@zugo.com

FF Extension: Yahoo! Mail Notifier - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\en9al0yn.default\Extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======



CHR Extension: (Angry Birds) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0

CHR Extension: (Google Docs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (RealDownloader) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_1

CHR Extension: (Google Wallet) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1

CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

 

==================== Services (Whitelisted) =================

 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-01-04] (Advanced Micro Devices, Inc.)

S4 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

R2 HPSLPSVC; C:\Users\Josh\AppData\Local\Temp\7zS4A6C\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2012-08-02] (Alcatel-Lucent)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)

S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

 

==================== Drivers (Whitelisted) ====================

 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)

R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)

R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-01-26] (Windows ® Codename Longhorn DDK provider)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90096 2011-09-08] (CyberLink)

R3 GEARAspiWDM; C:\Windows\SysWow64\DRIVERS\GEARAspiWDM.sys [15664 2012-06-08] (GEAR Software Inc.)

S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [33792 2005-03-09] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

S3 vdrive; system32\DRIVERS\vdrive.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-01 15:24 - 2013-12-01 15:24 - 01959184 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe

2013-12-01 15:24 - 2013-12-01 15:24 - 00002381 _____ C:\Users\Josh\Downloads\FSS.txt

2013-12-01 15:23 - 2013-12-01 15:23 - 00360881 _____ (Farbar) C:\Users\Josh\Downloads\FSS.exe

2013-12-01 15:03 - 2013-12-01 15:03 - 00000000 ____D C:\99a85db903c2020b19a4

2013-12-01 15:01 - 2013-12-01 15:01 - 00347304 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\MicrosoftFixit.wu.LB.52309358897320458.1.1.Run.exe

2013-12-01 14:43 - 2013-12-01 14:43 - 00000000 ____D C:\23de2380d5fb8f2026622e10

2013-12-01 13:54 - 2013-12-01 13:59 - 00000000 ____D C:\AdwCleaner

2013-12-01 13:53 - 2013-12-01 13:53 - 01110034 _____ C:\Users\Josh\Desktop\AdwCleaner.exe

2013-12-01 12:03 - 2013-12-01 12:03 - 00109074 _____ C:\Users\Josh\Downloads\Extras.Txt

2013-12-01 12:03 - 2013-12-01 12:03 - 00001197 _____ C:\Users\Josh\Desktop\New Text Document.txt

2013-12-01 12:00 - 2013-12-01 12:00 - 00132680 _____ C:\Users\Josh\Downloads\OTL.Txt

2013-12-01 11:40 - 2013-12-01 11:40 - 00602112 _____ (OldTimer Tools) C:\Users\Josh\Downloads\OTL.exe

2013-11-30 23:39 - 2013-11-30 23:39 - 00000000 _____ C:\Windows\system32\config\SOFTWAREa469d335

2013-11-30 23:21 - 2013-11-30 23:21 - 00000000 ____D C:\Windows\Microsoft Antimalware

2013-11-30 22:46 - 2013-11-30 22:59 - 00030925 _____ C:\Users\Josh\Desktop\dds.txt

2013-11-30 22:46 - 2013-11-30 22:59 - 00018290 _____ C:\Users\Josh\Desktop\attach.txt

2013-11-30 22:37 - 2013-12-01 14:02 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1899622257-360536697-4193078249-1000

2013-11-30 22:37 - 2013-12-01 14:02 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1899622257-360536697-4193078249-1000

2013-11-30 22:28 - 2013-11-30 22:29 - 00688992 ____R (Swearware) C:\Users\Josh\Desktop\dds.com

2013-11-30 22:02 - 2013-12-01 15:25 - 00000000 ____D C:\Users\Josh\Desktop\FRST64

2013-11-30 22:00 - 2013-11-30 22:00 - 00000000 ____D C:\FRST

2013-11-30 21:47 - 2013-11-30 21:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Josh\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-30 21:47 - 2013-11-30 21:47 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-30 21:47 - 2013-11-30 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-30 21:13 - 2013-12-01 14:02 - 00000280 _____ C:\Windows\setupact.log

2013-11-30 21:13 - 2013-11-30 22:36 - 00002414 _____ C:\Windows\PFRO.log

2013-11-30 21:13 - 2013-11-30 21:13 - 00000000 _____ C:\Windows\setuperr.log

2013-11-30 19:57 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2013-11-30 19:46 - 2013-11-30 19:46 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Josh\Downloads\Support-LogMeInRescue.exe

2013-11-30 19:46 - 2013-11-30 19:46 - 00000000 ____D C:\Users\Josh\AppData\Local\LogMeIn Rescue Applet

2013-11-30 18:47 - 2013-11-30 18:47 - 00347304 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\MicrosoftFixit.wu.LB.15030928604186234.2.1.Run.exe

2013-11-30 15:12 - 2013-11-30 15:12 - 00000000 ____D C:\Windows\CheckSur

2013-11-30 15:00 - 2013-11-30 15:07 - 457019995 _____ C:\Users\Josh\Downloads\Windows6.1-KB947821-v31-x64.msu

2013-11-30 14:06 - 2013-09-04 06:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-11-30 14:06 - 2013-09-04 06:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-11-30 14:06 - 2013-09-04 06:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-11-30 14:06 - 2013-09-04 06:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-11-30 14:06 - 2013-09-04 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-11-30 14:06 - 2013-09-04 06:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-11-30 14:06 - 2013-09-04 06:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-11-30 13:52 - 2013-11-30 13:52 - 00347304 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\MicrosoftFixit.wu.LB.1473092683429498.1.1.Run.exe

2013-11-30 13:37 - 2013-11-30 13:38 - 00000000 ____D C:\Program Files (x86)\GUM16DD.tmp

2013-11-30 13:37 - 2013-11-30 13:37 - 49940480 _____ C:\Program Files (x86)\GUT16ED.tmp

2013-11-29 16:23 - 2013-11-29 16:23 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software

2013-11-29 16:23 - 2013-11-29 16:23 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

2013-11-29 14:17 - 2013-11-29 14:17 - 00000336 _____ C:\Users\Josh\Desktop\ToneSync for Windows.appref-ms

2013-11-29 14:17 - 2013-11-29 14:17 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zedge Europe AS

2013-11-25 17:34 - 2013-11-25 17:34 - 00001066 _____ C:\Users\Josh\Desktop\Pictures - Shortcut.lnk

2013-11-23 19:27 - 2013-11-23 19:27 - 00000000 ____D C:\Users\Josh\Desktop\Self Help

2013-11-20 20:33 - 2013-11-20 20:33 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-11-20 20:33 - 2013-11-20 20:33 - 00000000 ____D C:\Users\Josh\AppData\Roaming\AVG2014

2013-11-20 20:32 - 2013-11-29 16:23 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk

2013-11-20 20:32 - 2013-11-20 20:32 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TuneUp Software

2013-11-20 20:31 - 2013-11-30 13:49 - 00000000 ____D C:\ProgramData\AVG2014

2013-11-20 20:31 - 2013-11-20 20:31 - 00000000 ___HD C:\$AVG

2013-11-20 20:30 - 2013-11-20 20:30 - 00000000 ____D C:\Program Files (x86)\AVG

2013-11-20 20:28 - 2013-11-20 20:46 - 00000000 ____D C:\Users\Josh\AppData\Local\Avg2014

2013-11-20 20:28 - 2013-11-20 20:28 - 04436568 _____ (AVG Technologies) C:\Users\Josh\Downloads\avg_free_stb_all_2014_4158_cnet.exe

2013-11-20 20:28 - 2013-11-20 20:28 - 00000000 ____D C:\Users\Josh\AppData\Local\MFAData

2013-11-20 20:26 - 2013-11-20 20:26 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-11-20 20:21 - 2013-11-20 20:21 - 00256302 _____ C:\Users\Josh\Downloads\GoogleUpdate.adm

2013-11-20 19:22 - 2013-11-20 19:23 - 13670584 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\mseinstall.exe

2013-11-19 19:38 - 2013-11-19 19:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-11-18 20:23 - 2013-11-18 20:23 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-11-18 20:21 - 2013-11-18 20:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-18 20:21 - 2013-11-18 20:23 - 00000000 ____D C:\Program Files\iTunes

2013-11-18 20:21 - 2013-11-18 20:22 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-18 20:21 - 2013-11-18 20:21 - 00000000 ____D C:\Program Files\iPod

2013-11-18 20:14 - 2013-11-18 20:14 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2013-11-18 20:11 - 2013-11-18 20:11 - 00429320 _____ () C:\Users\Josh\Downloads\ToneSyncSetup.exe

2013-11-16 10:21 - 2013-11-16 10:22 - 70555976 _____ (Apple Inc.) C:\Users\Josh\Downloads\iCloudSetup.exe

2013-11-14 17:02 - 2013-10-12 02:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-14 17:02 - 2013-10-12 02:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-14 17:02 - 2013-10-12 02:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-14 17:02 - 2013-10-12 02:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-14 17:02 - 2013-10-12 02:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-14 17:02 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-14 17:02 - 2013-10-12 01:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-14 17:02 - 2013-10-12 01:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-14 17:02 - 2013-10-12 01:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-14 17:02 - 2013-10-12 01:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-14 17:02 - 2013-10-12 00:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-14 17:02 - 2013-10-12 00:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-14 17:02 - 2013-10-11 23:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-14 17:02 - 2013-10-11 23:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-14 17:01 - 2013-10-12 02:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-14 17:01 - 2013-10-12 02:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-14 17:01 - 2013-10-12 02:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-14 17:01 - 2013-10-12 02:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-14 17:01 - 2013-10-12 02:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-14 17:01 - 2013-10-12 02:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-14 17:01 - 2013-10-12 02:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-14 17:01 - 2013-10-12 02:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-14 17:01 - 2013-10-12 02:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-14 17:01 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-14 17:01 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-14 17:01 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-14 17:01 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-14 17:01 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-14 17:01 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-14 17:01 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-14 17:01 - 2013-10-12 01:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-14 16:59 - 2013-11-25 17:35 - 00000000 ____D C:\Users\Josh\Desktop\Autumn

2013-11-13 18:28 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 18:28 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 18:27 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 18:27 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 18:27 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 18:27 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 18:27 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 18:27 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 18:27 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 18:27 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 18:27 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 18:27 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 18:27 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 18:27 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 18:27 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-13 18:27 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 18:27 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 18:27 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 18:27 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 18:27 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 18:27 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 18:27 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 18:27 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 18:27 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 18:27 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 18:27 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 18:27 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 18:27 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 18:27 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 18:27 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-05 21:55 - 2013-11-05 21:55 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys

2013-11-04 21:52 - 2013-11-04 21:52 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

 

==================== One Month Modified Files and Folders =======

 

2013-12-01 15:25 - 2013-11-30 22:02 - 00000000 ____D C:\Users\Josh\Desktop\FRST64

2013-12-01 15:24 - 2013-12-01 15:24 - 01959184 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe

2013-12-01 15:24 - 2013-12-01 15:24 - 00002381 _____ C:\Users\Josh\Downloads\FSS.txt

2013-12-01 15:23 - 2013-12-01 15:23 - 00360881 _____ (Farbar) C:\Users\Josh\Downloads\FSS.exe

2013-12-01 15:23 - 2010-09-25 02:37 - 01937769 _____ C:\Windows\WindowsUpdate.log

2013-12-01 15:10 - 2013-02-22 20:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-01 15:03 - 2013-12-01 15:03 - 00000000 ____D C:\99a85db903c2020b19a4

2013-12-01 15:03 - 2011-09-09 18:51 - 00002148 _____ C:\Windows\epplauncher.mif

2013-12-01 15:01 - 2013-12-01 15:01 - 00347304 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\MicrosoftFixit.wu.LB.52309358897320458.1.1.Run.exe

2013-12-01 14:52 - 2012-01-01 21:47 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899622257-360536697-4193078249-1000UA.job

2013-12-01 14:43 - 2013-12-01 14:43 - 00000000 ____D C:\23de2380d5fb8f2026622e10

2013-12-01 14:33 - 2011-05-02 14:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-01 14:10 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-01 14:10 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-01 14:02 - 2013-11-30 22:37 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1899622257-360536697-4193078249-1000

2013-12-01 14:02 - 2013-11-30 22:37 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1899622257-360536697-4193078249-1000

2013-12-01 14:02 - 2013-11-30 21:13 - 00000280 _____ C:\Windows\setupact.log

2013-12-01 14:02 - 2011-05-02 14:04 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-01 14:02 - 2011-01-26 21:04 - 00000031 _____ C:\Windows\system32\bbcap.err

2013-12-01 14:02 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-01 13:59 - 2013-12-01 13:54 - 00000000 ____D C:\AdwCleaner

2013-12-01 13:53 - 2013-12-01 13:53 - 01110034 _____ C:\Users\Josh\Desktop\AdwCleaner.exe

2013-12-01 12:03 - 2013-12-01 12:03 - 00109074 _____ C:\Users\Josh\Downloads\Extras.Txt

2013-12-01 12:03 - 2013-12-01 12:03 - 00001197 _____ C:\Users\Josh\Desktop\New Text Document.txt

2013-12-01 12:00 - 2013-12-01 12:00 - 00132680 _____ C:\Users\Josh\Downloads\OTL.Txt

2013-12-01 11:40 - 2013-12-01 11:40 - 00602112 _____ (OldTimer Tools) C:\Users\Josh\Downloads\OTL.exe

2013-12-01 11:11 - 2011-09-09 18:44 - 00000000 ____D C:\ProgramData\MFAData

2013-12-01 11:05 - 2012-01-01 21:47 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899622257-360536697-4193078249-1000Core.job

2013-11-30 23:39 - 2013-11-30 23:39 - 00000000 _____ C:\Windows\system32\config\SOFTWAREa469d335

2013-11-30 23:21 - 2013-11-30 23:21 - 00000000 ____D C:\Windows\Microsoft Antimalware

2013-11-30 22:59 - 2013-11-30 22:46 - 00030925 _____ C:\Users\Josh\Desktop\dds.txt

2013-11-30 22:59 - 2013-11-30 22:46 - 00018290 _____ C:\Users\Josh\Desktop\attach.txt

2013-11-30 22:36 - 2013-11-30 21:13 - 00002414 _____ C:\Windows\PFRO.log

2013-11-30 22:29 - 2013-11-30 22:28 - 00688992 ____R (Swearware) C:\Users\Josh\Desktop\dds.com

2013-11-30 22:00 - 2013-11-30 22:00 - 00000000 ____D C:\FRST

2013-11-30 21:47 - 2013-11-30 21:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Josh\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-30 21:47 - 2013-11-30 21:47 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-30 21:47 - 2013-11-30 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-30 21:13 - 2013-11-30 21:13 - 00000000 _____ C:\Windows\setuperr.log

2013-11-30 21:05 - 2009-09-06 19:57 - 00000000 ____D C:\Windows\Panther

2013-11-30 20:55 - 2011-09-09 18:39 - 00000000 ____D C:\Users\Josh\AppData\Roaming\WildTangent

2013-11-30 20:55 - 2010-09-25 02:54 - 00000000 ____D C:\ProgramData\WildTangent

2013-11-30 20:13 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-11-30 19:46 - 2013-11-30 19:46 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Josh\Downloads\Support-LogMeInRescue.exe

2013-11-30 19:46 - 2013-11-30 19:46 - 00000000 ____D C:\Users\Josh\AppData\Local\LogMeIn Rescue Applet

2013-11-30 19:42 - 2011-09-09 13:51 - 00000000 ____D C:\Users\Josh\AppData\Local\Downloaded Installations

2013-11-30 19:42 - 2011-09-09 13:37 - 00000000 ____D C:\Program Files (x86)\HTC

2013-11-30 18:59 - 2010-09-25 02:54 - 00000000 ____D C:\Program Files (x86)\HP Games

2013-11-30 18:47 - 2013-11-30 18:47 - 00347304 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\MicrosoftFixit.wu.LB.15030928604186234.2.1.Run.exe

2013-11-30 15:12 - 2013-11-30 15:12 - 00000000 ____D C:\Windows\CheckSur

2013-11-30 15:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration

2013-11-30 15:07 - 2013-11-30 15:00 - 457019995 _____ C:\Users\Josh\Downloads\Windows6.1-KB947821-v31-x64.msu

2013-11-30 14:57 - 2011-07-08 17:28 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Apple Computer

2013-11-30 14:56 - 2011-07-08 17:28 - 00000000 ____D C:\Users\Josh\AppData\Local\Apple Computer

2013-11-30 14:15 - 2009-07-13 23:13 - 00797402 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-30 14:14 - 2011-01-08 00:33 - 00775974 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-11-30 13:52 - 2013-11-30 13:52 - 00347304 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\MicrosoftFixit.wu.LB.1473092683429498.1.1.Run.exe

2013-11-30 13:49 - 2013-11-20 20:31 - 00000000 ____D C:\ProgramData\AVG2014

2013-11-30 13:47 - 2011-02-09 19:54 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment

2013-11-30 13:45 - 2013-08-24 16:03 - 00000000 ____D C:\Users\postgres.Josh-HP

2013-11-30 13:38 - 2013-11-30 13:37 - 00000000 ____D C:\Program Files (x86)\GUM16DD.tmp

2013-11-30 13:37 - 2013-11-30 13:37 - 49940480 _____ C:\Program Files (x86)\GUT16ED.tmp

2013-11-30 13:37 - 2011-01-17 16:40 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJosh

2013-11-30 13:37 - 2011-01-17 16:40 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForJosh.job

2013-11-29 16:23 - 2013-11-29 16:23 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software

2013-11-29 16:23 - 2013-11-29 16:23 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

2013-11-29 16:23 - 2013-11-20 20:32 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk

2013-11-29 16:15 - 2010-11-23 18:21 - 00000000 ____D C:\Users\postgres

2013-11-29 14:17 - 2013-11-29 14:17 - 00000336 _____ C:\Users\Josh\Desktop\ToneSync for Windows.appref-ms

2013-11-29 14:17 - 2013-11-29 14:17 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zedge Europe AS

2013-11-25 17:35 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Josh\Desktop\Autumn

2013-11-25 17:34 - 2013-11-25 17:34 - 00001066 _____ C:\Users\Josh\Desktop\Pictures - Shortcut.lnk

2013-11-24 17:56 - 2011-09-14 11:41 - 00000000 ____D C:\Users\Josh\Documents\My Kindle Content

2013-11-23 21:55 - 2013-08-24 16:05 - 00777524 _____ C:\blitzerr.txt

2013-11-23 19:27 - 2013-11-23 19:27 - 00000000 ____D C:\Users\Josh\Desktop\Self Help

2013-11-20 20:46 - 2013-11-20 20:28 - 00000000 ____D C:\Users\Josh\AppData\Local\Avg2014

2013-11-20 20:33 - 2013-11-20 20:33 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-11-20 20:33 - 2013-11-20 20:33 - 00000000 ____D C:\Users\Josh\AppData\Roaming\AVG2014

2013-11-20 20:32 - 2013-11-20 20:32 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TuneUp Software

2013-11-20 20:31 - 2013-11-20 20:31 - 00000000 ___HD C:\$AVG

2013-11-20 20:30 - 2013-11-20 20:30 - 00000000 ____D C:\Program Files (x86)\AVG

2013-11-20 20:28 - 2013-11-20 20:28 - 04436568 _____ (AVG Technologies) C:\Users\Josh\Downloads\avg_free_stb_all_2014_4158_cnet.exe

2013-11-20 20:28 - 2013-11-20 20:28 - 00000000 ____D C:\Users\Josh\AppData\Local\MFAData

2013-11-20 20:26 - 2013-11-20 20:26 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-11-20 20:26 - 2011-05-02 14:04 - 00000000 ____D C:\Program Files (x86)\Google

2013-11-20 20:21 - 2013-11-20 20:21 - 00256302 _____ C:\Users\Josh\Downloads\GoogleUpdate.adm

2013-11-20 19:33 - 2010-11-23 19:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-11-20 19:25 - 2012-08-18 07:55 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-20 19:25 - 2012-08-18 07:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-11-20 19:23 - 2013-11-20 19:22 - 13670584 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\mseinstall.exe

2013-11-19 19:38 - 2013-11-19 19:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2013-11-19 04:21 - 2010-11-23 17:17 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-11-18 20:23 - 2013-11-18 20:23 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-11-18 20:23 - 2013-11-18 20:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-18 20:23 - 2013-11-18 20:21 - 00000000 ____D C:\Program Files\iTunes

2013-11-18 20:22 - 2013-11-18 20:21 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-18 20:21 - 2013-11-18 20:21 - 00000000 ____D C:\Program Files\iPod

2013-11-18 20:14 - 2013-11-18 20:14 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2013-11-18 20:14 - 2011-03-31 19:34 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-11-18 20:11 - 2013-11-18 20:11 - 00429320 _____ () C:\Users\Josh\Downloads\ToneSyncSetup.exe

2013-11-17 11:28 - 2010-11-23 17:07 - 00000000 ____D C:\Users\Josh\AppData\Local\VirtualStore

2013-11-16 10:25 - 2011-07-08 17:26 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-11-16 10:22 - 2013-11-16 10:21 - 70555976 _____ (Apple Inc.) C:\Users\Josh\Downloads\iCloudSetup.exe

2013-11-15 07:41 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2013-11-14 16:59 - 2013-07-14 21:36 - 00000000 ____D C:\Windows\system32\MRT

2013-11-14 05:20 - 2010-11-24 11:25 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-09 17:05 - 2011-06-25 12:25 - 00000000 ____D C:\Users\Josh\AppData\Local\PokerStars.NET

2013-11-05 21:55 - 2013-11-05 21:55 - 00150808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys

2013-11-04 21:52 - 2013-11-04 21:52 - 00240920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2013-11-03 07:35 - 2013-04-21 17:47 - 00000000 ____D C:\Users\Josh\AppData\Roaming\HpUpdate

 

Some content of TEMP:

====================

C:\Users\Josh\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-11-24 13:43

 

==================== End Of Log ============================

 


 



Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013

Ran by Josh at 2013-12-01 15:26:48

Running from C:\Users\Josh\Desktop\FRST64

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

 

==================== Installed Programs ======================

 

64 Bit HP CIO Components Installer (Version: 7.2.8)

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

Acrobat.com (x32 Version: 1.6.65)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)

Adobe AIR (x32 Version: 3.7.0.2090)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Reader X (10.1.8) (x32 Version: 10.1.8)

Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)

AIO_CDA_ProductContext (x32 Version: 130.0.365.000)

AIO_CDA_Software (x32 Version: 130.0.365.000)

AIO_Scan (x32 Version: 130.0.365.000)

Amazon Kindle (HKCU)

Amazon Kindle (x32)

Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)

AMD Fuel (Version: 2011.0104.2155.39304)

Angry Birds (x32 Version: 3.0.0)

Angry Birds (x32 Version: 3.3.0)

Angry Birds Seasons (x32 Version: 2.4.1)

Angry Birds Star Wars (x32 Version: 1.2.0)

Apple Application Support (x32 Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.1.116)

Apple Software Update (x32 Version: 2.1.3.127)

Atheros Driver Installation Program (x32 Version: 9.0)

ATI Catalyst Install Manager (Version: 3.0.808.0)

Audacity 2.0 (x32)

AudibleManager (x32 Version: 2001681646.48.56.11610594)

AVG 2014 (Version: 14.0.3629)

AVG 2014 (Version: 14.0.4259)

AVG 2014 (Version: 2014.0.4259)

BB FlashBack Express (x32 Version: 2.8.1.1761)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)

Best Buy pc app (HKCU Version: 3.2.523.2)

Best Buy pc app (Version: 3.2.0.0)

Best Buy pc app (x32 Version: 3.2.0.0)

Big Fish Games: Game Manager (x32 Version: 3.0.1.60)

Blackhawk Striker 2 (x32 Version: 2.2.0.95)

Bonjour (Version: 3.0.0.10)

BufferChm (x32 Version: 130.0.331.000)

Build-a-lot 2 (x32 Version: 2.2.0.95)

C6100 (x32 Version: 130.0.365.000)

c6100_Help (x32 Version: 82.0.256.000)

Catalina Savings Printer (x32 Version: 1.0.0)

Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0104.2155.39304)

Catalyst Control Center InstallProxy (x32 Version: 2010.0617.855.14122)

Catalyst Control Center InstallProxy (x32 Version: 2011.0104.2155.39304)

Catalyst Control Center Localization All (x32 Version: 2011.0104.2155.39304)

CCC Help Chinese Standard (x32 Version: 2011.0104.2154.39304)

CCC Help Chinese Traditional (x32 Version: 2011.0104.2154.39304)

CCC Help Czech (x32 Version: 2011.0104.2154.39304)

CCC Help Danish (x32 Version: 2011.0104.2154.39304)

CCC Help Dutch (x32 Version: 2011.0104.2154.39304)

CCC Help English (x32 Version: 2011.0104.2154.39304)

CCC Help Finnish (x32 Version: 2011.0104.2154.39304)

CCC Help French (x32 Version: 2011.0104.2154.39304)

CCC Help German (x32 Version: 2011.0104.2154.39304)

CCC Help Greek (x32 Version: 2011.0104.2154.39304)

CCC Help Hungarian (x32 Version: 2011.0104.2154.39304)

CCC Help Italian (x32 Version: 2011.0104.2154.39304)

CCC Help Japanese (x32 Version: 2011.0104.2154.39304)

CCC Help Korean (x32 Version: 2011.0104.2154.39304)

CCC Help Norwegian (x32 Version: 2011.0104.2154.39304)

CCC Help Polish (x32 Version: 2011.0104.2154.39304)

CCC Help Portuguese (x32 Version: 2011.0104.2154.39304)

CCC Help Russian (x32 Version: 2011.0104.2154.39304)

CCC Help Spanish (x32 Version: 2011.0104.2154.39304)

CCC Help Swedish (x32 Version: 2011.0104.2154.39304)

CCC Help Thai (x32 Version: 2011.0104.2154.39304)

CCC Help Turkish (x32 Version: 2011.0104.2154.39304)

ccc-core-static (x32 Version: 2011.0104.2155.39304)

ccc-utility64 (Version: 2011.0104.2155.39304)

CCleaner (Version: 3.27)

CenturyLink Installer (x32 Version: 1.0)

Chuzzle Deluxe (x32 Version: 2.2.0.95)

CinemaNow Media Manager (x32 Version: 1.9.1.105)

Cisco EAP-FAST Module (x32 Version: 2.2.14)

Cisco LEAP Module (x32 Version: 1.0.19)

Cisco PEAP Module (x32 Version: 1.1.6)

Civ3 Conquests v1.22 Full (x32)

Civilization III Complete Edition (x32 Version: 1.00.0000)

Copy (x32 Version: 130.0.428.000)

Coupon Printer for Windows (x32 Version: 5.0.0.1)

CyberLink DVD Suite (x32 Version: 7.0.3003)

CyberLink MediaShow (x32 Version: 5.0.1616)

CyberLink Power2Go 8 (x32 Version: 8.0.0.1031)

CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217)

CyberLink WaveEditor 2 (x32 Version: 2.0.2204)

CyberLink YouCam (x32 Version: 3.1.3130)

D3DX10 (x32 Version: 15.4.2368.0902)

Destinations (x32 Version: 130.0.0.0)

DeviceDiscovery (x32 Version: 130.0.465.000)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)

DivX Codec (x32 Version: 6.6.1)

DocProc (x32 Version: 13.0.0.0)

Dora's Carnival Adventure (x32 Version: 2.2.0.95)

Download Manager 2.3.10 (x32 Version: 2.3.10)

Energy Star Digital Logo (x32 Version: 1.0.1)

Escape Rosecliff Island (x32 Version: 2.2.0.95)

ESU for Microsoft Windows 7 (x32 Version: 1.0.0)

Expstudio Audio Editor FREE (Version: 4.31)

Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)

FATE (x32 Version: 2.2.0.95)

Fax (x32 Version: 130.0.418.000)

ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0)

Final Drive Nitro (x32 Version: 2.2.0.95)

Game Booster 3 (x32 Version: 3.5)

GoGear Mix Device Manager (x32 Version: 0.1)

Google Chrome (x32 Version: 31.0.1650.57)

Google Earth (x32 Version: 7.1.1.1888)

Google Update Helper (x32 Version: 1.3.21.165)

GPBaseService2 (x32 Version: 130.0.371.000)

Helium (x32 Version: 1.0.0)

Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)

HiJackThis (x32 Version: 1.0.0)

Holdem Manager (x32)

HP Advisor (x32 Version: 3.4.10262.3295)

HP Customer Experience Enhancements (x32 Version: 6.0.1.4)

HP Customer Participation Program 13.0 (Version: 13.0)

HP Documentation (x32 Version: 1.1.1.0)

HP Games (x32 Version: 1.0.1.3)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)

HP Photo Creations (x32 Version: 1.0.0.3611)

HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0)

HP Photosmart Essential 3.5 (Version: 3.5)

HP Power Manager (x32 Version: 1.0.3)

HP Quick Launch (x32 Version: 2.3.6)

HP Setup (x32 Version: 8.1.4186.3400)

HP Smart Web Printing 4.51 (Version: 4.51)

HP Software Framework (x32 Version: 4.0.108.1)

HP Solution Center 13.0 (Version: 13.0)

HP Support Assistant (x32 Version: 5.1.10.7)

HP Update (x32 Version: 5.005.000.002)

HP Wireless Assistant (Version: 4.0.9.0)

HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3)

HPDiagnosticAlert (x32 Version: 1.00.0000)

HPPhotoGadget (x32 Version: 130.0.282.000)

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)

HPPhotosmartEssential (x32 Version: 2.04.0000)

HPProductAssistant (x32 Version: 130.0.371.000)

HPSSupply (x32 Version: 130.0.371.000)

HTC BMP USB Driver (x32 Version: 1.0.5375)

HTC Driver Installer (x32 Version: 4.1.0.001)

iCloud (Version: 3.0.2.163)

iDailyDiary 3.85 (x32)

IPTInstaller (x32 Version: 4.0.8)

iTunes (Version: 11.1.3.8)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

Java 6 Update 20 (64-bit) (Version: 6.0.200)

Jewel Quest 3 (x32 Version: 2.2.0.95)

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

LabelPrint (x32 Version: 2.5.2907)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MarketResearch (x32 Version: 130.0.374.000)

Mesh Runtime (x32 Version: 15.4.5722.2)

Messenger Companion (x32 Version: 15.4.3502.0922)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)

Microsoft Security Client (Version: 4.3.0219.0)

Microsoft Security Essentials (Version: 4.3.219.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)

MiniTool Partition Wizard Home Edition 8.0 (x32)

MotioninJoy ds3 driver version 0.6.0001 (Version: 0.5.0001)

Mozilla Firefox 4.0.1 (x86 en-US) (x32 Version: 4.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

Network64 (Version: 130.0.572.000)

Network64 (Version: 140.0.221.000)

Norton Online Backup (x32 Version: 2.1.17869)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

Paper Jamz Pro 1.8.0 (x32 Version: 1.8.0)

Penguins! (x32 Version: 2.2.0.95)

PhotoNow! (x32 Version: 1.1.6904)

Plants vs. Zombies (x32 Version: 2.2.0.95)

Poker Superstars III (x32 Version: 2.2.0.95)

PokerStars.net (x32)

Polar Bowler (x32 Version: 2.2.0.95)

Polar Golfer (x32 Version: 2.2.0.95)

PopGameBox (x32 Version: V1.0)

PostgreSQL 8.4 (x32 Version: 8.4)

Power2Go (x32 Version: 6.1.4204)

PowerDirector (x32 Version: 8.0.3003)

QuickTime (x32 Version: 7.74.80.86)

RealDownloader (x32 Version: 1.3.1)

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)

RealPlayer (x32 Version: 16.0.0)

Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30120)

RealUpgrade 1.1 (x32 Version: 1.1.0)

Recovery Manager (x32 Version: 5.5.3023)

RollerCoaster Tycoon 3 Platinum (x32 Version: 1.00.000)

Roxio CinemaNow 2.0 (x32 Version: 1.0.278)

RtVOsd (Version: 1.0.6)

Scan (x32 Version: 13.0.0.0)

Shop for HP Supplies (Version: 13.0)

Sid Meier's Civilization 4 (x32 Version: 1.74)

Skype Click to Call (x32 Version: 5.6.8442)

Skype™ 5.10 (x32 Version: 5.10.116)

SlingHealth ActiveX (x32 Version: 1,1,0,21)

SmartWebPrinting (x32 Version: 130.0.457.000)

SolutionCenter (x32 Version: 130.0.373.000)

SpongeBob SquarePants - Lights, Camera, Pants! (x32 Version: 1.0)

SpongeBob SquarePants - Nighty Nightmare (x32 Version: 1.0)

SpongeBob SquarePants - The Movie (x32 Version: 1.0)

SpongeBob SquarePants® Operation Krabby Patty (x32)

Status (x32 Version: 130.0.469.000)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 15.3.29.0)

TomTom HOME 2.8.1.2218 (x32 Version: 2.8.1.2218)

TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)

ToneSync for Windows (HKCU Version: 1.2.2.285)

Toolbox (x32 Version: 130.0.648.000)

TrayApp (x32 Version: 130.0.422.000)

TVCenter (Version: 6.4.3.882)

Ultimate Poker (x32 Version: 3.0.4273)

Unity Web Player (HKCU Version: )

UnloadSupport (x32 Version: 11.0.0)

Virtual Families (x32 Version: 2.2.0.95)

Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)

WebReg (x32 Version: 130.0.132.017)

Wheel of Fortune 2 (x32 Version: 2.2.0.95)

WinDirStat 1.1.2 (HKCU)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Family Safety (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3502.0922)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3502.0922)

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live Sync (x32 Version: 14.0.8117.416)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

WinRAR 4.01 (32-bit) (x32 Version: 4.01.0)

Yahoo! Toolbar (x32)

ZC DVD Ripper 2.2.5 (x32)

Zuma Deluxe (x32 Version: 2.2.0.95)

 

==================== Restore Points  =========================

 

25-11-2013 23:33:49 Windows Update

26-11-2013 13:58:14 Windows Update

29-11-2013 20:16:25 Windows Update

30-11-2013 19:36:26 Windows Update

30-11-2013 19:54:47 Windows Update

30-11-2013 20:06:38 Windows Update

30-11-2013 21:12:05 Windows Update

01-12-2013 01:01:43 Windows Update

01-12-2013 01:51:00 Windows Update

01-12-2013 03:55:10 Windows Update

01-12-2013 04:39:16 Windows Update

01-12-2013 13:18:27 Windows Update

01-12-2013 20:43:01 Windows Update

01-12-2013 21:03:06 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {036BA897-A5E9-4CD2-AB1C-18A9D56C1893} - System32\Tasks\{8AA8F16A-C062-4251-B75B-1856802C84DE} => C:\Program Files (x86)\Amazon\Kindle\Kindle.exe [2011-08-26] (Amazon.com)

Task: {0C992151-625E-4930-AEC2-566632AC1061} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)

Task: {137DDABF-5EA4-4294-B498-7291DF4C8004} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {17FF36AC-E00E-4A6E-A917-7807E4423150} - \DigitalSite No Task File

Task: {18D05572-C83A-4F93-8EA8-429EADE1AC6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2081E270-DB37-41D2-8B9D-11BBCE934F0A} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-JOSH-HP => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)

Task: {36086237-8281-45CC-8A8B-73B78F663A0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02] (Google Inc.)

Task: {3AA97445-F998-418B-9C44-D5204583BE8D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1899622257-360536697-4193078249-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {47EA05EF-FFB7-4CFB-929D-88E1BF27D940} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02] (Google Inc.)

Task: {4B57C349-12FD-4A35-B36B-8AF4E74817AF} - System32\Tasks\{9D6A1D3B-8EC3-4E88-9411-CBBDB5392BAA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)

Task: {6E51C49F-4D7B-4E44-AB6A-BDEAB9DAC655} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1899622257-360536697-4193078249-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {839BFF30-93F2-413A-A438-016F8F880973} - System32\Tasks\HPCeeScheduleForJosh => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)

Task: {9BD03E1E-A23D-4DA5-AA12-51586B26E9DC} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\Autoupdate.exe [2013-06-27] ()

Task: {AFBCDFEA-2264-4AEB-AEE5-304D8399B509} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1899622257-360536697-4193078249-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {B2A5E9C9-3D72-46FE-AA6D-C315CA873B04} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1899622257-360536697-4193078249-1000Core => C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14] (Facebook Inc.)

Task: {B4AEB189-415F-4D2F-B43D-65BFB4BEC820} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)

Task: {C841EA85-9D4A-487C-AAB6-FA5D8CC85756} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

Task: {D4CB1CB4-3ECB-46DD-9704-A074427E80EF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-08-02] (CyberLink)

Task: {DD4D4C4C-1A6C-4E7B-AB75-4E40F3E86F2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2011-01-25] (HP)

Task: {E320B980-C7F0-4033-B06C-C0AD0C632DE1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1899622257-360536697-4193078249-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {EE58F161-7ECA-406D-9BFF-B04E44554B06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)

Task: {F2F9F46A-0009-4DF4-819E-8F7235B50067} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1899622257-360536697-4193078249-1000UA => C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14] (Facebook Inc.)

Task: {F9BB7274-CD25-4D62-8F25-A05F3D707084} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899622257-360536697-4193078249-1000Core.job => C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899622257-360536697-4193078249-1000UA.job => C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForJosh.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-01-04 21:54 - 2011-01-04 21:54 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-08-24 16:00 - 2011-01-27 23:15 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll

2013-08-24 16:00 - 2009-02-12 13:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll

2013-08-24 16:00 - 2005-07-20 04:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2012-02-27 18:09 - 2011-10-27 19:27 - 00623912 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2011-10-28 09:27 - 2011-10-28 09:27 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2013-11-20 20:26 - 2013-11-14 05:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll

2013-11-20 20:26 - 2013-11-14 05:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll

2013-11-20 20:26 - 2013-11-14 05:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll

2013-11-20 20:26 - 2013-11-14 05:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

2013-11-20 20:26 - 2013-11-14 05:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:20D3A172

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

Name: Photosmart C6100 series

Description: Photosmart C6100 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/01/2013 03:03:21 PM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)

Description: HRESULT:0x80070643

Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

 

Error: (12/01/2013 03:03:21 PM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU

 

Error: (12/01/2013 02:43:27 PM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)

Description: HRESULT:0x80070643

Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

 

Error: (12/01/2013 02:43:27 PM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU

 

Error: (12/01/2013 02:31:51 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (12/01/2013 02:31:50 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationTypes, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (12/01/2013 02:31:50 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (12/01/2013 02:31:49 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationClientsideProviders, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (12/01/2013 02:31:49 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationClient, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002

 

Error: (12/01/2013 02:31:48 PM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002

 

 

System errors:

=============

Error: (12/01/2013 03:03:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

 

Error: (12/01/2013 02:43:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

 

Error: (12/01/2013 02:02:19 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Antimalware Service service terminated with the following error: 

%%-2147024894

 

Error: (12/01/2013 02:02:13 PM) (Source: volmgr) (User: )

Description: Crash dump initialization failed!

 

Error: (12/01/2013 02:01:37 PM) (Source: volmgr) (User: )

Description: Crash dump initialization failed!

 

Error: (12/01/2013 02:01:37 PM) (Source: volmgr) (User: )

Description: Crash dump initialization failed!

 

Error: (12/01/2013 11:06:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

 

Error: (11/30/2013 10:40:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

 

Error: (11/30/2013 10:36:54 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Antimalware Service service terminated with the following error: 

%%-2147024894

 

Error: (11/30/2013 10:36:46 PM) (Source: volmgr) (User: )

Description: Crash dump initialization failed!

 

 

Microsoft Office Sessions:

=========================

Error: (12/01/2013 03:03:21 PM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)

Description: HRESULT:0x80070643

Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

 

Error: (12/01/2013 03:03:21 PM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (12/01/2013 02:43:27 PM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)

Description: HRESULT:0x80070643

Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation.

 

Error: (12/01/2013 02:43:27 PM) (Source: MsiInstaller)(User: NT AUTHORITY)

Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (12/01/2013 02:31:51 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002 

WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (12/01/2013 02:31:50 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationTypes, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002 

UIAutomationTypes, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (12/01/2013 02:31:50 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002 

UIAutomationProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (12/01/2013 02:31:49 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationClientsideProviders, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002 

UIAutomationClientsideProviders, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (12/01/2013 02:31:49 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: UIAutomationClient, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002 

UIAutomationClient, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

 

Error: (12/01/2013 02:31:48 PM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Failed to compile: System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002 

System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 33%

Total physical RAM: 7930.9 MB

Available physical RAM: 5299.26 MB

Total Pagefile: 15859.98 MB

Available Pagefile: 12771.55 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:281.49 GB) (Free:151 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:16.31 GB) (Free:0.8 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 82337274)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

Not sure if you were looking for that part or this part.

Ad-Aware   20131201 Agnitum   20131201 AhnLab-V3   20131201 AntiVir   20131201 Antiy-AVL   20131129 Avast   20131201 AVG   20131201 Baidu-International   20131201 BitDefender   20131201 Bkav   20131129 ByteHero   20131127 CAT-QuickHeal   20131201 ClamAV   20131201 Commtouch   20131201 Comodo   20131201 DrWeb   20131201 Emsisoft   20131201 ESET-NOD32   20131201 F-Prot   20131129 F-Secure   20131201 Fortinet   20131201 GData   20131201 Ikarus   20131201 Jiangmin   20131129 K7AntiVirus   20131129 K7GW   20131129 Kaspersky   20131201 Kingsoft   20130829 Malwarebytes   20131201 McAfee   20131201 McAfee-GW-Edition   20131201 Microsoft   20131201 MicroWorld-eScan   20131201 NANO-Antivirus   20131201 Norman   20131201 nProtect   20131201 Panda   20131201 Rising   20131129 Sophos   20131201 SUPERAntiSpyware   20131201 Symantec   20131201 TheHacker   20131129 TotalDefense   20131129 TrendMicro   20131201 TrendMicro-HouseCall   20131201 VBA32   20131128 VIPRE   20131201 ViRobot  

20131201

 

Link to post
Share on other sites

Just needed to check the file is good, get mixed reviews when doing blanket research..

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Post logs in next reply, let em know if any issues/concerns remain..

 

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application

C:\Program Files (x86)\IObit\Game Booster\GameBoosterSetup.exe Win32/Toolbar.Widgi application

C:\Users\Josh\Desktop\htcsupertoolv3\root\zergRush Android/Exploit.Lotoor.AT trojan

C:\Users\Josh\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.D application

C:\Users\Josh\Downloads\ZipOpenerSetup (1).exe Win32/InstallCore.CD application

C:\Users\Josh\Downloads\ZipOpenerSetup.exe Win32/InstallCore.CD application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNGV73W\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O8F0Q71\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNGV73W\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O8F0Q71\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2013

Ran by Josh at 2013-12-01 17:52:29 Run:1

Running from C:\Users\Josh\Desktop\FRST64

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKCU\...\Run: [CLink_Installer.Activation] - "C:\Users\Josh\AppData\Local\Temp\CLink_Installer\McciInitializer.exe" <===== ATTENTION

C:\Users\Josh\AppData\Local\Temp\CLink_Installer

SearchScopes: HKLM - {54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKLM-x32 - {54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKCU - {54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

C:\Users\Josh\AppData\Local\Temp\Quarantine.exe

Task: {17FF36AC-E00E-4A6E-A917-7807E4423150} - \DigitalSite No Task File

Task: {9BD03E1E-A23D-4DA5-AA12-51586B26E9DC} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\Autoupdate.exe [2013-06-27] ()

AlternateDataStreams: C:\ProgramData\Temp:20D3A172

End

 

 

 

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\CLink_Installer.Activation => Value deleted successfully.

"C:\Users\Josh\AppData\Local\Temp\CLink_Installer" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} => Key deleted successfully.

HKCR\CLSID\{54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} => Key deleted successfully.

HKCR\CLSID\{54BFF5CC-4057-4EA2-80FA-1860EBBF9B36} => Key not found.

C:\Users\Josh\AppData\Local\Temp\Quarantine.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17FF36AC-E00E-4A6E-A917-7807E4423150} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17FF36AC-E00E-4A6E-A917-7807E4423150} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BD03E1E-A23D-4DA5-AA12-51586B26E9DC} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BD03E1E-A23D-4DA5-AA12-51586B26E9DC} => Key deleted successfully.

C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate => Key deleted successfully.

C:\ProgramData\Temp => ":20D3A172" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Uninstall the following program:

IObit

If there any problems with the uninstall use RevoUninstaller:

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.


Next,

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :FilesC:\Users\Josh\Desktop\htcsupertoolv3\root\zergRushC:\Users\Josh\Downloads\avira_free_antivirus_en.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNGV73W\ApnIC[1].0C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O8F0Q71\ApnIC[1].0C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNGV73W\ApnIC[1].0C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O8F0Q71\ApnIC[1].0:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post OTM log, also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Tried searching for the IObit program.  Revo couldn't find it.  The only thing I could find relating to it was "Game Booster" so I uninstalled that program with Revo.  When I did a search for IObit, there is still a folder left that it is telling me I can't delete because the folder is open in another program.

 

BTW, thanks so much for all your help so far!!

Link to post
Share on other sites

Ok not sure if I should proceed yet.  I cannot get rid of this IObit folder.  There is a file in there that it won't let me delete.  GBV3contextmenu.dll

 

No matter what program I use, it will not remove the file.  Any suggestions?  And is this file harmful.  I would assume it is, or it easily delete correct?

Link to post
Share on other sites

I deleted everything that was in the folder except for that file.  It is on my desktop now.  

 

What's odd is that the file is GBV3contextmenu.dll, but when I move the Adwcleaner over it to google search it shows the file is called AcroRD32.exe.

 

So the file is on my desktop what's the next step?

Link to post
Share on other sites

All processes killed

========== FILES ==========

C:\Users\Josh\Desktop\htcsupertoolv3\root\zergRush moved successfully.

C:\Users\Josh\Downloads\avira_free_antivirus_en.exe moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNGV73W\ApnIC[1].0 moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O8F0Q71\ApnIC[1].0 moved successfully.

File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNGV73W\ApnIC[1].0 not found.

File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O8F0Q71\ApnIC[1].0 not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 57472 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Josh

->Temp folder emptied: 16547663 bytes

->Temporary Internet Files folder emptied: 11270026 bytes

->Java cache emptied: 3175724 bytes

->FireFox cache emptied: 45123636 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.