PC Tech Hotline Virus? It's on every window I open! Including add/remove programs

ITGuy777 · March 5, 2014

What can I do with this thing... Malwarebytes won't update now (7 days out of date), I've removed 6 or so programs from the add/remove programs list including search dial... I've ran adwcleaner, and Junkware removal tool....

Still the sticky ***BLEEP*** is still on every window you open up. Malwarebytes still won't update..

AdvancedSetup · March 5, 2014

As a business user doing this for a living you should really look at getting Techbench which is designed for business users such as yourself and you'd also have access to Business Support for those systems you still need help with.

You can certainly continue to post here on the forums if you like but I'm assuming you don't always have as much time to wait on these as you'd like.

In any case - as with any type of infection we would need some type of logs or more information specifically as to what issues you're having.

If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt
If you've already posted the DDS logs then please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:

If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
[*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
[*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please run a Quick Scan with Malwarebytes
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post back the report.
Make sure that everything is checked, and click Remove Selected if anything is found.

STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

Thanks

ITGuy777 · March 5, 2014

Wow.. Techbench!!!!! I never knew about it! (my fault for not looking) I'll be buying that goodness in a stick VERY shortly. Thank you for that! That will help greatly.

And your very right.. I'm running a business, and I don't have the time. Just so you know, you guys have been my go-to for over 10 or 12 years now. You were my secret weapon back when you guys were totally free... (Loyal customer)

First things first. here are the 2 logs ...

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/4/2012 12:18:08 PM

System Uptime: 3/4/2014 7:35:34 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-990XA-UD3

Processor: AMD FX-8120 Eight-Core Processor | Socket M2 | 3100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 85.546 GiB free.

D: is FIXED (NTFS) - 298 GiB total, 282.441 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP252: 2/18/2014 9:33:23 AM - Windows Update

RP253: 2/21/2014 10:33:41 AM - Windows Update

RP254: 2/23/2014 7:00:34 PM - Windows Backup

RP255: 2/25/2014 10:34:11 AM - Windows Update

RP256: 2/25/2014 10:13:19 PM - Windows Update

RP257: 2/27/2014 2:10:47 AM - Windows Update

RP259: 3/2/2014 9:43:03 PM - Uniblue SpeedUpMyPC installation

RP261: 3/2/2014 9:45:39 PM - Uniblue SpeedUpMyPC installation

RP262: 3/4/2014 9:35:32 AM - Windows Update

RP263: 3/4/2014 6:59:29 PM - Removed DriverUpdate

.

==== Installed Programs ======================

.

@BIOS

7-zip v9.20

Adobe Acrobat X Pro

Adobe Digital Editions

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Advanced Audio FX Engine

Akamai NetSession Interface

Amazon Kindle

ArcadeCandy Games

AutoGreen B10.1021.1

avast! Free Antivirus

Avery Template

Avery Wizard 3.1

Barcode Maker

Big Fish Games: Game Manager

Clairvoyant: The Magician Mystery

Compatibility Pack for the 2007 Office system

Core FTP LE

Core FTP LE 1.3c

Dolby Home Theater v4

Dragon NaturallySpeaking 10

Easy Duplicate Finder v. 3.2

Easy Tune 6 B11.1124.1

EasySaver B9.1214.1

Email Recovery for Mozilla Thunderbird v.1.2.0

ePub Maker version 1.65

Etron USB3.0 Host Controller

Eudora

FileZilla Client 3.7.4.1

Ghost Whisperer

GIMP 2.6.11

GIMP 2.8.0

Golden Trails 3: The Guardian's Creed

Java 7 Update 51

Java Auto Updater

Jutoh 1.72

Magic Ball 2 New Worlds

MailWasher Pro

Malwarebytes Anti-Malware version 1.75.0.1300

Media Player Codec Pack 4.2.4

Microsoft .NET Framework 4.5.1

Microsoft Office Professional Edition 2003

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mobipocket Creator 4.2

Mobipocket Reader 6.2

Mozilla Firefox 27.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird (2.0.0.24)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery Case Files®: Shadow Lake Collector's Edition

NVIDIA 3D Vision Controller Driver 314.07

NVIDIA 3D Vision Driver 314.07

NVIDIA Control Panel 314.07

NVIDIA Drivers

NVIDIA Graphics Driver 314.07

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

ON_OFF Charge B11.1102.1

OpenOffice.org 3.4

Paint Shop Pro 7

Pogo Games

Publishers' Assistant-Epic

Quite Imposing 3 (English)

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Rocketfish HD Webcam Pro Driver (1.00.06.00)

Rocketfish Live! Central

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Update Manager

Season Match Trilogy Bundle

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Skype Click to Call

Skype™ 6.11

StarOffice 9

TeamViewer 9

The Weather Channel App

The Weather Channel Desktop 6

Visual C++ Runtime for Dragon NaturallySpeaking

.

==== Event Viewer Messages From Past Week ========

.

3/4/2014 7:37:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

***Second Log***

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2

Run by Linda at 20:22:21 on 2014-03-04

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3325.1659 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe

C:\Program Files\Pogo Games\PGMTrusted.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Sun\StarOffice 9\program\soffice.exe

C:\Program Files\Sun\StarOffice 9\program\soffice.bin

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\program files\teamviewer\version9\TeamViewer.exe

C:\Program Files\TeamViewer\Version9\tv_w32.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uProxyOverride = <local>

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [RtHDVBg_Dolby] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE4

mRun: [Dolby Home Theater v4] "c:\program files\dolby home theater v4\pcee4.exe" -autostart

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini

mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam pro\live! central\RFLVCentral2.exe" /mode2

mRun: [V0740Mon.exe] c:\windows\V0740Mon.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

mRun: [PCTechHotline] "c:\program files\pctechhotline\PCTechHotline.exe" /STARTUP

StartupFolder: c:\users\linda\appdata\roaming\micros~1\windows\startm~1\programs\startup\starof~1.lnk - c:\program files\sun\staroffice 9\program\quickstart.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.2

TCP: Interfaces\{11E946F7-7D2C-4488-B39D-A954C08CEFB7} : DHCPNameServer = 12.175.230.61

TCP: Interfaces\{53C5C4AA-309C-40A9-83C7-4632EA2FEAAA} : DHCPNameServer = 192.168.1.2

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\linda\appdata\roaming\mozilla\firefox\profiles\0mrbr13r.default-1389812222052\

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-2 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-2 178304]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-9-29 19056]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-4 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-4 774392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-4 403440]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-4 35656]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-4 70384]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-3 50344]

R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]

R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]

R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2012-9-29 68136]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-15 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-15 701512]

R2 PCTechHotlineSvc;PCTechHotlineService;c:\program files\pctechhotline\PCTechHotlineSvc.exe [2014-3-3 701800]

R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-10-31 519920]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-2-9 383264]

R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-1-8 4915040]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2013-8-26 144640]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-7-28 44928]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-7-28 64256]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-3-4 31560]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-15 22856]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-9-29 414824]

R3 V0740Vid;Rocketfish HD Webcam Pro Driver;c:\windows\system32\drivers\V0740Vid.sys [2013-8-26 322880]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2012-9-29 24944]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-14 108032]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-4 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2014-03-05 02:03:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-03-05 02:03:16 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-03-05 01:30:07 -------- d-----w- c:\windows\ERUNT

2014-03-05 01:20:37 -------- d-----w- C:\AdwCleaner

2014-03-04 15:36:08 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ccb6791c-2ccb-4f56-a51b-8a999f1aed26}\mpengine.dll

2014-03-03 06:00:38 -------- d-----w- c:\users\linda\appdata\roaming\PC Tech Hotline

2014-03-03 06:00:17 -------- d-----w- c:\program files\PCTechHotline

2014-03-03 05:57:41 -------- d-----w- c:\users\linda\appdata\local\SlimWare Utilities Inc

2014-03-03 05:57:27 -------- d-----w- c:\program files\DriverUpdate

2014-03-03 03:46:25 -------- d-----w- c:\users\linda\appdata\local\Tuguu_SL

2014-02-26 04:14:48 -------- d-----w- c:\windows\Migration

2014-02-14 07:14:01 251392 ----a-w- c:\program files\internet explorer\IEShims.dll

2014-02-14 07:14:01 235224 ----a-w- c:\program files\internet explorer\sqmapi.dll

2014-02-14 07:14:00 7211008 ----a-w- c:\program files\internet explorer\F12Resources.dll

2014-02-14 07:14:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2014-02-14 07:14:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-02-14 07:14:00 271360 ----a-w- c:\program files\internet explorer\ieproxy.dll

2014-02-14 07:05:05 454656 ----a-w- c:\windows\system32\vbscript.dll

2014-02-13 15:46:11 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-02-13 15:46:11 1237504 ----a-w- c:\windows\system32\msxml3.dll

2014-02-13 15:46:01 1987584 ----a-w- c:\windows\system32\d3d10warp.dll

2014-02-13 15:46:00 3419136 ----a-w- c:\windows\system32\d2d1.dll

2014-02-13 15:45:58 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe

2014-02-13 15:45:58 572416 ----a-w- c:\windows\system32\RMActivate.exe

2014-02-13 15:45:57 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2014-02-13 15:45:57 87040 ----a-w- c:\windows\system32\secproc_ssp.dll

2014-02-13 15:45:57 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2014-02-13 15:45:57 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2014-02-13 15:45:57 428032 ----a-w- c:\windows\system32\secproc.dll

2014-02-13 15:45:57 423936 ----a-w- c:\windows\system32\secproc_isv.dll

2014-02-13 15:45:57 390144 ----a-w- c:\windows\system32\msdrm.dll

.

==================== Find3M ====================

.

2014-03-05 01:35:55 17488 ----a-w- c:\windows\gdrv.sys

2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll

2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe

2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe

2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll

2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll

2014-02-06 01:16:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-02-06 01:16:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-19 03:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-12-18 12:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 20:23:16.77 ===============

AdvancedSetup · March 5, 2014

Please go ahead and run the other scanners and post back those logs

ITGuy777 · March 5, 2014

ok.. here is the RKill log...

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/04/2014 08:44:58 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/04/2014 08:45:44 PM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)

******* Malwarebytes would not update, I ran a scan anyways (8 days out of date)

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Linda :: LINDA-PC [administrator]

Protection: Enabled

3/4/2014 8:53:36 PM
mbam-log-2014-03-04 (20-53-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270015
Time elapsed: 23 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the Rogue Killer Scan Log File...

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Linda [Admin rights]
Mode : Scan -- Date : 03/04/2014 21:23:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] Digital Sites.job : C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] Digital Sites : C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] Hoolapp For Android : C:\Users\Linda\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] Hoolapp Init : C:\Users\Linda\AppData\Roaming\HOOLAP~1\Hoolapp.exe - /Minimized [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @explorer.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Windows\system32\apphelp.dll @ 0x74EDFFF6)
[inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7573DF8D)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS ATA Device +++++
--- User ---
[MBR] f42a53e0e7e757691339fc3d419530ee
[bSP] 140ff3ff9c70f55c711f143f0447330a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3320620AS ATA Device +++++
--- User ---
[MBR] 316db449043f7431217014b790ae9b70
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) WD My Book 1230 USB Device +++++
--- User ---
[MBR] 5c79b77e29524ea62bc1ab6beeaf8224
[bSP] 94c88b774af1df8940217c0641a49e62 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03042014_212314.txt >>

I'm doing all of this remotely through Team Viewer....

ITGuy777 · March 5, 2014

I know how to edit registry keys or whatever I have to do... Just let me know.

AdvancedSetup · March 5, 2014

Well this appears to be the main culprit for loading it. You should be able to remove the startup entry

mRun: [PCTechHotline] "c:\program files\pctechhotline\PCTechHotline.exe" /STARTUP

Then please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

ITGuy777 · March 5, 2014

Here's Mbar and system-log.txt. It did have a problem initially running, "DDA Error" and it said it had to install a driver first, that something was stopping it and could be malicious. Then scanned after reboot. Still didn't find anything

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Linda :: LINDA-PC [administrator]

3/4/2014 9:54:57 PM
mbar-log-2014-03-04 (21-54-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 241870
Time elapsed: 55 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.16518

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.120000 GHz
Memory total: 3486769152, free: 1456656384

Downloaded database version: v2014.03.04.11
Timeout
=======================================
Initializing...
DDA Driver installation error.
Driver installed on boot. Reboot required.

System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.16518

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.120000 GHz
Memory total: 3486769152, free: 2253770752

Could not load protection driver
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8EDB8ED

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 488185856

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488375055-488395055)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 625121217

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2F4E8CEB

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3906961408

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000365289472 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by Linda on Tue 03/04/2014 at 23:00:41.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/04/2014 at 23:04:01.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.020 - Report created 04/03/2014 at 23:08:32
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Linda - LINDA-PC
# Running from : C:\Users\Linda\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\0mrbr13r.default-1389812222052\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [11492 octets] - [04/03/2014 19:20:40]
AdwCleaner[R1].txt - [1023 octets] - [04/03/2014 23:06:53]
AdwCleaner[s0].txt - [11465 octets] - [04/03/2014 19:24:07]
AdwCleaner[s1].txt - [946 octets] - [04/03/2014 23:08:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1005 octets] ##########

***********************************************************************************

************* MALWAREBYTES WILL NOT UPDATE!!!!! ************ Run-Time Error '6' Overflow

***********************************************************************************

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Linda :: LINDA-PC [administrator]

Protection: Enabled

3/4/2014 11:28:31 PM
mbam-log-2014-03-04 (23-28-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270022
Time elapsed: 21 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

On the ESET Online scan, It gives me an "Unexpected error 2002"

The FRST had this issue....

An unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem.

Error 0x80030002: install.rdf could not be found.

I went ahead and went with the scan anyways. I canceled out of the file.. twice.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 02
Ran by Linda (administrator) on LINDA-PC on 05-03-2014 00:01:07
Running from C:\Users\Linda\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe
(iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Home Theater v4\pcee4.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Creative Technology Ltd) C:\Program Files\Rocketfish HD Webcam Pro\Live! Central\RfLVCentral2.exe
(Creative Technology Ltd.) C:\Windows\V0740Mon.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files\Sun\StarOffice 9\program\soffice.exe
(Crawler, LLC) C:\Program Files\PCTechHotline\PCTechHotline.exe
(Sun Microsystems, Inc.) C:\Program Files\Sun\StarOffice 9\program\soffice.bin
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TeamViewer GmbH) c:\program files\teamviewer\version9\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Home Theater v4] - C:\Program Files\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM\...\Run: [Rocket Live! Central 2] - C:\Program Files\Rocketfish HD Webcam Pro\Live! Central\RFLVCentral2.exe [430247 2011-01-13] (Creative Technology Ltd)
HKLM\...\Run: [V0740Mon.exe] - C:\Windows\V0740Mon.exe [28672 2011-02-28] (Creative Technology Ltd.)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-04] (RealNetworks, Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-03] (AVAST Software)
HKLM\...\Run: [PCTechHotline] - C:\Program Files\PCTechHotline\PCTechHotline.exe [1905000 2014-02-13] (Crawler, LLC)
HKU\S-1-5-21-752874766-997199430-3846864615-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-752874766-997199430-3846864615-1001\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk
ShortcutTarget: StarOffice 9.lnk -> C:\Program Files\Sun\StarOffice 9\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x506CD7426572CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKCU - {77BDD474-2FE5-48d0-988F-C384E18DFE42} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {9E74A8BE-42D8-4f47-9A83-EBECDDF8E597} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\0mrbr13r.default-1389812222052
FF Homepage: https://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\0mrbr13r.default-1389812222052\Extensions\firebug@software.joehewitt.com.xpi [2014-01-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-04]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-04]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [games@arcadecandy.com] - C:\Program Files\ACGames\firefox.xpi
FF Extension: No Name - C:\Program Files\ACGames\firefox.xpi [2012-09-26]

Chrome:
=======

CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-03]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-03]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-03]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-03]
CHR Extension: (RealDownloader) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-03]
CHR Extension: (ArcadeCandy Games) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipknmdhhncmpoekdoacipkklmfbbknej [2013-12-03]
CHR Extension: (Skype Click to Call) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-03]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR Extension: (No Name) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac [2013-09-29]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [ipknmdhhncmpoekdoacipkklmfbbknej] - C:\Program Files\ACGames\chrome.crx [2012-09-26]
CHR HKLM\...\Chrome\Extension: [nnfegheljpcijmdgonkecjpcaopjlpac] - C:\Users\Linda\AppData\Local\ArcadeCandy\candyLinkx.crx [2012-09-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-03] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-02-13] (Crawler, LLC)
R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519920 2012-10-31] (iWin Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-03] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-03] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [44928 2011-07-28] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64256 2011-07-28] (Etron Technology Inc)
R3 gdrv; C:\Windows\gdrv.sys [17488 2014-03-04] (Windows ® 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2012-10-12] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2014-03-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 V0740Vid; C:\Windows\System32\DRIVERS\V0740Vid.sys [322880 2011-02-28] (Creative Technology Ltd.)
S3 PcaSp60; system32\DRIVERS\PcaSp60.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-05 00:01 - 2014-03-05 00:02 - 00018237 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-03-05 00:01 - 2014-03-05 00:01 - 00000000 ____D () C:\FRST
2014-03-05 00:00 - 2014-03-05 00:00 - 01145344 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe
2014-03-04 23:50 - 2014-03-04 23:50 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu(1).exe
2014-03-04 23:40 - 2014-03-04 23:40 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu.exe
2014-03-04 23:31 - 2014-03-04 23:31 - 00000000 ____D () C:\Program Files\ESET
2014-03-04 23:26 - 2014-03-04 23:26 - 00007105 _____ () C:\Users\Linda\Desktop\MyReport.txt
2014-03-04 23:05 - 2014-03-04 23:05 - 01244192 _____ () C:\Users\Linda\Downloads\AdwCleaner(1).exe
2014-03-04 23:04 - 2014-03-04 23:04 - 00000633 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-03-04 21:54 - 2014-03-04 22:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-04 21:51 - 2014-03-04 21:51 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-03-04 21:49 - 2014-03-04 22:50 - 00000000 ____D () C:\Users\Linda\Desktop\mbar
2014-03-04 21:45 - 2014-03-04 21:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Linda\Desktop\mbar-1.07.0.1009.exe
2014-03-04 21:23 - 2014-03-04 21:23 - 00003167 _____ () C:\Users\Linda\Desktop\RKreport[0]_S_03042014_212314.txt
2014-03-04 21:19 - 2014-03-04 21:23 - 00000000 ____D () C:\Users\Linda\Desktop\RK_Quarantine
2014-03-04 21:10 - 2014-03-04 21:10 - 03819008 _____ () C:\Users\Linda\Downloads\RogueKiller.exe
2014-03-04 21:01 - 2014-03-04 21:02 - 04413952 _____ () C:\Users\Linda\Downloads\RogueKillerX64.exe
2014-03-04 20:51 - 2014-03-04 20:51 - 00000000 ____D () C:\Windows\ERDNT
2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\Linda\Desktop\NTREGOPT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\Linda\Desktop\ERUNT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-04 20:48 - 2014-03-04 20:48 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup.exe
2014-03-04 20:44 - 2014-03-04 20:47 - 00002040 _____ () C:\Users\Linda\Desktop\Rkill.txt
2014-03-04 20:44 - 2014-03-04 20:44 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Linda\Downloads\rkill.exe
2014-03-04 20:23 - 2014-03-04 20:23 - 00016212 _____ () C:\Users\Linda\Desktop\dds.txt
2014-03-04 20:23 - 2014-03-04 20:23 - 00004638 _____ () C:\Users\Linda\Desktop\attach.txt
2014-03-04 20:20 - 2014-03-04 20:20 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr
2014-03-04 20:03 - 2014-03-04 20:03 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 19:30 - 2014-03-04 19:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-04 19:29 - 2014-03-04 19:29 - 01037734 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-03-04 19:20 - 2014-03-04 23:08 - 00000000 ____D () C:\AdwCleaner
2014-03-04 19:20 - 2014-03-04 19:20 - 01244192 _____ () C:\Users\Linda\Downloads\adwcleaner.exe
2014-03-03 00:00 - 2014-03-03 00:00 - 00000985 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2014-03-03 00:00 - 2014-03-03 00:00 - 00000893 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\PC Tech Hotline
2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Program Files\PCTechHotline
2014-03-02 23:57 - 2014-03-04 19:00 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-03-02 23:57 - 2014-03-02 23:57 - 00002457 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\SlimWare Utilities Inc
2014-03-02 21:46 - 2014-03-02 21:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\Tuguu_SL
2014-03-02 21:25 - 2014-03-04 18:54 - 00000000 ____D () C:\Users\Linda\Desktop\RPP-Traveler-Pipers Secret
2014-03-02 15:16 - 2014-03-04 23:16 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-02 15:16 - 2014-03-02 15:16 - 00001120 _____ () C:\Users\Linda\Desktop\Continue PDF Reader Installation.lnk
2014-03-02 15:15 - 2014-03-02 15:15 - 01298960 _____ ( ) C:\Users\Linda\Downloads\PDFReaderSetup.exe
2014-03-01 09:11 - 2014-03-04 12:35 - 00000000 ____D () C:\Users\Linda\Desktop\3-1-14
2014-02-28 15:25 - 2014-02-28 16:02 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\FileZilla
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-02-28 15:24 - 2014-02-28 15:23 - 04822473 _____ (Tim Kosse) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup [1].exe
2014-02-28 15:23 - 2014-02-28 15:23 - 00660144 _____ ( ) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-02-26 15:48 - 2014-02-28 21:38 - 00000000 ____D () C:\Users\Linda\Desktop\C - Mary of Starlight
2014-02-24 13:58 - 2014-02-24 13:58 - 00005216 _____ () C:\Users\Linda\Documents\addresses.txt
2014-02-17 21:57 - 2014-02-17 21:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\JavaSetup7u51.com
2014-02-16 19:53 - 2014-03-04 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 01:14 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 01:14 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 01:14 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 01:14 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 01:14 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 01:14 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 01:13 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 01:13 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 01:13 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 01:13 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 01:13 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 01:13 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 01:13 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 01:13 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 01:13 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 01:13 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 01:13 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 01:13 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 01:13 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 01:13 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 01:13 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 01:05 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 09:46 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 09:46 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 09:46 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 09:46 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 09:46 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 09:45 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 09:45 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 09:45 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 09:45 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 09:45 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 09:45 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 09:45 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 09:45 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 09:45 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-10 18:30 - 2014-02-10 18:30 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release(1).apk
2014-02-10 18:24 - 2014-02-10 18:24 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release.apk
2014-02-04 11:26 - 2014-02-04 11:26 - 00000246 _____ () C:\Users\Linda\Desktop\Bang Printing -- Professional Short to Mid-run Book Manufacturing.URL

==================== One Month Modified Files and Folders =======

2014-03-05 00:02 - 2014-03-05 00:01 - 00018237 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-03-05 00:01 - 2014-03-05 00:01 - 00000000 ____D () C:\FRST
2014-03-05 00:00 - 2014-03-05 00:00 - 01145344 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe
2014-03-04 23:51 - 2013-08-02 13:17 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Skype
2014-03-04 23:50 - 2014-03-04 23:50 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu(1).exe
2014-03-04 23:40 - 2014-03-04 23:40 - 02347384 _____ (ESET) C:\Users\Linda\Downloads\esetsmartinstaller_enu.exe
2014-03-04 23:31 - 2014-03-04 23:31 - 00000000 ____D () C:\Program Files\ESET
2014-03-04 23:26 - 2014-03-04 23:26 - 00007105 _____ () C:\Users\Linda\Desktop\MyReport.txt
2014-03-04 23:18 - 2009-07-13 22:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 23:18 - 2009-07-13 22:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 23:16 - 2014-03-02 15:16 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-04 23:16 - 2012-08-04 11:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 23:14 - 2012-08-04 11:17 - 01774704 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 23:10 - 2012-09-29 10:22 - 00000144 _____ () C:\service.log
2014-03-04 23:09 - 2012-10-02 21:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-04 23:09 - 2012-09-29 10:33 - 00017488 _____ (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys
2014-03-04 23:09 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 23:09 - 2009-07-13 22:39 - 00097767 _____ () C:\Windows\setupact.log
2014-03-04 23:08 - 2014-03-04 19:20 - 00000000 ____D () C:\AdwCleaner
2014-03-04 23:05 - 2014-03-04 23:05 - 01244192 _____ () C:\Users\Linda\Downloads\AdwCleaner(1).exe
2014-03-04 23:04 - 2014-03-04 23:04 - 00000633 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-03-04 22:50 - 2014-03-04 21:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-04 22:50 - 2014-03-04 21:49 - 00000000 ____D () C:\Users\Linda\Desktop\mbar
2014-03-04 21:51 - 2014-03-04 21:51 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-03-04 21:45 - 2014-03-04 21:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Linda\Desktop\mbar-1.07.0.1009.exe
2014-03-04 21:23 - 2014-03-04 21:23 - 00003167 _____ () C:\Users\Linda\Desktop\RKreport[0]_S_03042014_212314.txt
2014-03-04 21:23 - 2014-03-04 21:19 - 00000000 ____D () C:\Users\Linda\Desktop\RK_Quarantine
2014-03-04 21:10 - 2014-03-04 21:10 - 03819008 _____ () C:\Users\Linda\Downloads\RogueKiller.exe
2014-03-04 21:02 - 2014-03-04 21:01 - 04413952 _____ () C:\Users\Linda\Downloads\RogueKillerX64.exe
2014-03-04 20:51 - 2014-03-04 20:51 - 00000000 ____D () C:\Windows\ERDNT
2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000854 _____ () C:\Users\Linda\Desktop\NTREGOPT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000835 _____ () C:\Users\Linda\Desktop\ERUNT.lnk
2014-03-04 20:49 - 2014-03-04 20:49 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-04 20:48 - 2014-03-04 20:48 - 00791393 _____ (Lars Hederer ) C:\Users\Linda\Downloads\erunt-setup.exe
2014-03-04 20:47 - 2014-03-04 20:44 - 00002040 _____ () C:\Users\Linda\Desktop\Rkill.txt
2014-03-04 20:44 - 2014-03-04 20:44 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Linda\Downloads\rkill.exe
2014-03-04 20:36 - 2010-11-20 15:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 20:23 - 2014-03-04 20:23 - 00016212 _____ () C:\Users\Linda\Desktop\dds.txt
2014-03-04 20:23 - 2014-03-04 20:23 - 00004638 _____ () C:\Users\Linda\Desktop\attach.txt
2014-03-04 20:20 - 2014-03-04 20:20 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds.scr
2014-03-04 20:03 - 2014-03-04 20:03 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 19:30 - 2014-03-04 19:30 - 00000000 ____D () C:\Windows\ERUNT
2014-03-04 19:29 - 2014-03-04 19:29 - 01037734 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-03-04 19:25 - 2010-11-20 15:48 - 00151178 _____ () C:\Windows\PFRO.log
2014-03-04 19:20 - 2014-03-04 19:20 - 01244192 _____ () C:\Users\Linda\Downloads\adwcleaner.exe
2014-03-04 19:15 - 2014-02-16 19:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 19:00 - 2014-03-02 23:57 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-03-04 18:54 - 2014-03-02 21:25 - 00000000 ____D () C:\Users\Linda\Desktop\RPP-Traveler-Pipers Secret
2014-03-04 18:05 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-04 14:40 - 2012-08-07 04:35 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\CoreFTP
2014-03-04 14:38 - 2012-08-02 01:10 - 00000000 ____D () C:\Users\Linda\Desktop\~Wings production
2014-03-04 14:30 - 2008-11-08 15:05 - 00070656 _____ () C:\Users\Linda\Desktop\PW.xls
2014-03-04 13:39 - 2013-12-19 18:26 - 00000000 ____D () C:\Users\Linda\Desktop\Scan
2014-03-04 12:35 - 2014-03-01 09:11 - 00000000 ____D () C:\Users\Linda\Desktop\3-1-14
2014-03-04 11:42 - 2014-01-04 21:58 - 00000000 ____D () C:\Users\Linda\Desktop\Bowkers
2014-03-04 09:36 - 2013-04-14 09:46 - 00000516 _____ () C:\Users\Linda\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.website
2014-03-03 00:00 - 2014-03-03 00:00 - 00000985 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk
2014-03-03 00:00 - 2014-03-03 00:00 - 00000893 _____ () C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\PC Tech Hotline
2014-03-03 00:00 - 2014-03-03 00:00 - 00000000 ____D () C:\Program Files\PCTechHotline
2014-03-02 23:57 - 2014-03-02 23:57 - 00002457 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-02 23:57 - 2014-03-02 23:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\SlimWare Utilities Inc
2014-03-02 21:46 - 2014-03-02 21:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\Tuguu_SL
2014-03-02 15:16 - 2014-03-02 15:16 - 00001120 _____ () C:\Users\Linda\Desktop\Continue PDF Reader Installation.lnk
2014-03-02 15:15 - 2014-03-02 15:15 - 01298960 _____ ( ) C:\Users\Linda\Downloads\PDFReaderSetup.exe
2014-03-02 13:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 09:10 - 2013-03-02 12:43 - 00000000 ____D () C:\Users\Linda\Desktop\PAWPRINTS
2014-02-28 21:38 - 2014-02-26 15:48 - 00000000 ____D () C:\Users\Linda\Desktop\C - Mary of Starlight
2014-02-28 19:21 - 2012-08-02 02:17 - 00000000 ____D () C:\Users\Linda\Documents\Avery
2014-02-28 16:02 - 2014-02-28 15:25 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\FileZilla
2014-02-28 15:48 - 2012-08-20 10:20 - 00084480 ___SH () C:\Users\Linda\Thumbs.db
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-02-28 15:23 - 2014-02-28 15:24 - 04822473 _____ (Tim Kosse) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup [1].exe
2014-02-28 15:23 - 2014-02-28 15:23 - 00660144 _____ ( ) C:\Users\Linda\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-02-28 13:26 - 2013-12-05 16:56 - 00000137 _____ () C:\Users\Linda\Desktop\Login - Community at Royalgames.com.URL
2014-02-28 13:25 - 2012-08-02 00:41 - 00000000 ____D () C:\Users\Linda\Desktop\WEB PAGES
2014-02-28 13:19 - 2012-08-02 01:10 - 00000000 ____D () C:\Users\Linda\Desktop\~Whiskey Creek Press Production
2014-02-28 10:58 - 2013-02-08 12:43 - 00000000 ____D () C:\Users\Linda\Desktop\Bar Codes
2014-02-27 11:18 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-26 23:31 - 2013-08-02 13:17 - 00000000 ___RD () C:\Program Files\Skype
2014-02-26 23:31 - 2013-08-02 13:16 - 00000000 ____D () C:\ProgramData\Skype
2014-02-24 13:58 - 2014-02-24 13:58 - 00005216 _____ () C:\Users\Linda\Documents\addresses.txt
2014-02-17 21:57 - 2014-02-17 21:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\JavaSetup7u51.com
2014-02-17 11:27 - 2013-07-18 11:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 21:30 - 2012-11-09 17:04 - 00000000 ____D () C:\Program Files\ACGames
2014-02-14 14:33 - 2013-03-15 13:40 - 00000000 ____D () C:\Users\Linda\Desktop\ESSDACK
2014-02-14 10:01 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-02-14 01:11 - 2013-07-15 21:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 01:09 - 2012-08-04 12:28 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 21:38 - 2012-08-02 01:10 - 00000000 ____D () C:\Users\Linda\Desktop\~Rogue Phoenix Press~
2014-02-10 18:30 - 2014-02-10 18:30 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release(1).apk
2014-02-10 18:24 - 2014-02-10 18:24 - 05238429 _____ () C:\Users\Linda\Downloads\AmazonApps-release.apk
2014-02-06 04:38 - 2014-02-14 01:13 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:20 - 2014-02-14 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:19 - 2014-02-14 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:01 - 2014-02-14 01:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:00 - 2014-02-14 01:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-14 01:13 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:52 - 2014-02-14 01:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:52 - 2014-02-14 01:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:49 - 2014-02-14 01:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:47 - 2014-02-14 01:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:47 - 2014-02-14 01:13 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:46 - 2014-02-14 01:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:34 - 2014-02-14 01:14 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:25 - 2014-02-14 01:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:25 - 2014-02-14 01:13 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:13 - 2014-02-14 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:09 - 2014-02-14 01:13 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:03 - 2014-02-14 01:13 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:41 - 2014-02-14 01:13 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:36 - 2014-02-14 01:13 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:34 - 2014-02-14 01:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 19:16 - 2012-08-04 11:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 19:16 - 2012-08-04 11:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 11:26 - 2014-02-04 11:26 - 00000246 _____ () C:\Users\Linda\Desktop\Bang Printing -- Professional Short to Mid-run Book Manufacturing.URL

Files to move or delete:
====================
C:\Users\Linda\en_res.dll
C:\Users\Linda\es_res.dll
C:\Users\Linda\fr_res.dll
C:\Users\Linda\grm_res.dll
C:\Users\Linda\it_res.dll
C:\Users\Linda\jp_res.dll
C:\Users\Linda\mfc80u.dll
C:\Users\Linda\msvcr80.dll
C:\Users\Linda\PCPE Setup.exe
C:\Users\Linda\pt_res.dll
C:\Users\Linda\ResourceReader.dll
C:\Users\Linda\ru_res.dll
C:\Users\Linda\zh_res.dll

Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\4mduf2hg.dll
C:\Users\Linda\AppData\Local\Temp\air2E2C.exe
C:\Users\Linda\AppData\Local\Temp\airE2C6.exe
C:\Users\Linda\AppData\Local\Temp\airEDD0.exe
C:\Users\Linda\AppData\Local\Temp\aol_toolbar.exe
C:\Users\Linda\AppData\Local\Temp\APNStub.exe
C:\Users\Linda\AppData\Local\Temp\AskSLib.dll
C:\Users\Linda\AppData\Local\Temp\BackupSetup.exe
C:\Users\Linda\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Linda\AppData\Local\Temp\ChromeSettings.exe
C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Linda\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe
C:\Users\Linda\AppData\Local\Temp\InstallChecker.exe
C:\Users\Linda\AppData\Local\Temp\installhelper.dll
C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\Jutoh-1.70-Setup.exe
C:\Users\Linda\AppData\Local\Temp\lowproc.exe
C:\Users\Linda\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Linda\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Linda\AppData\Local\Temp\nvStInst.exe
C:\Users\Linda\AppData\Local\Temp\propsys.dll
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe
C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Linda\AppData\Local\Temp\stubhelper.dll
C:\Users\Linda\AppData\Local\Temp\STWSetup.exe
C:\Users\Linda\AppData\Local\Temp\tbSoci.dll
C:\Users\Linda\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Linda\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-28 11:40

==================== End Of Log ============================

Here's the Addition....

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2014 02
Ran by Linda at 2014-03-05 00:03:08
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
7-zip v9.20 (HKLM\...\7-zip) (Version: v9.20 - TUGUU SL)
Adobe Acrobat X Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
ArcadeCandy Games (HKLM\...\ArcadeCandy Games) (Version: 1.0.0 - ArcadeCandy LLC)
AutoGreen B10.1021.1 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2008 - Avast Software)
Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 2.0.0.0 - Avery)
Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000007}) (Version: 2.0.0.0 - Avery)
Avery Wizard 3.1 (HKLM\...\InstallShield_{5EC9AD36-5167-470E-B0F9-CB3EA12F442E}) (Version: 3.1.3.2191 - Avery)
Avery Wizard 3.1 (Version: 3.1.3.2191 - Avery) Hidden
Barcode Maker (HKLM\...\{707DFC23-7A92-4CF1-BC6F-D62F74D13A8F}) (Version: 6.85.0000 - Shareware by Lars Sams)
Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 3.0.1.60 - )
Clairvoyant: The Magician Mystery (HKLM\...\Clairvoyant: The Magician Mystery) (Version: - Pogo.com)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
Core FTP LE 1.3c (HKLM\...\Core FTP LE 1.3c) (Version: - )
Dolby Home Theater v4 (HKLM\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Easy Duplicate Finder v. 3.2 (HKLM\...\Easy Duplicate Finder_is1) (Version: - WebMinds, Inc.)
Easy Tune 6 B11.1124.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1124.1 (Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1 (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Email Recovery for Mozilla Thunderbird v.1.2.0 (HKLM\...\Email Recovery for Mozilla Thunderbird_is1) (Version: - Email Adept, Ltd)
ePub Maker version 1.65 (HKLM\...\ePub Maker_is1) (Version: 1.65 - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (Version: 0.104 - Etron Technology) Hidden
Eudora (HKLM\...\{F5CC042A-9046-423E-80EF-5193717E3A55}) (Version: 7.0 - )
FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Ghost Whisperer (HKLM\...\Ghost Whisperer) (Version: - Pogo.com)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Golden Trails 3: The Guardian's Creed (HKLM\...\Golden Trails 3: The Guardian's Creed) (Version: - Pogo.com)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jutoh 1.72 (HKLM\...\Jutoh_is1) (Version: 1.72 - Anthemion Software Ltd.)
Magic Ball 2 New Worlds (HKLM\...\BFG-Magic Ball 2 New Worlds) (Version: - )
MailWasher Pro (HKLM\...\MailWasher Pro_is1) (Version: - FireTrust Limited)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player Codec Pack 4.2.4 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird (2.0.0.24) (HKLM\...\Mozilla Thunderbird (2.0.0.24)) (Version: 2.0.0.24 (en-GB) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files®: Shadow Lake Collector's Edition (HKLM\...\BFG-Mystery Case Files - Shadow Lake Collector's Edition) (Version: - )
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Control Panel 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice.org 3.4 (HKLM\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc)
Pogo Games (HKLM\...\PogoDGC) (Version: 1.0 - )
Publishers' Assistant-Epic (HKLM\...\Publishers' Assistant-Epic) (Version: V5.1a - Publishers' Assistant, Upper Access Publishing)
Quite Imposing 3 (English) (HKLM\...\qi3_uninstall.exe) (Version: - Quite Software Ltd.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rocketfish HD Webcam Pro Driver (1.00.06.00) (HKLM\...\Rocketfish VF0740) (Version: - Rocketfish)
Rocketfish Live! Central (HKLM\...\Rocketfish Live! Central) (Version: 2.01.05 - Creative Technology Ltd)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Season Match Trilogy Bundle (HKLM\...\Season Match Trilogy Bundle) (Version: - Pogo.com)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
StarOffice 9 (HKLM\...\{C5E4D0D0-EACC-4013-B48D-C3F104F21DCD}) (Version: 9.00.9358 - Sun Microsystems)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
The Weather Channel App (HKLM\...\The Weather Channel App) (Version: - )
The Weather Channel Desktop 6 (HKLM\...\The Weather Channel Desktop 6) (Version: - )
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)

==================== Restore Points =========================

21-02-2014 16:33:41 Windows Update
24-02-2014 01:00:34 Windows Backup
25-02-2014 16:34:11 Windows Update
26-02-2014 04:13:19 Windows Update
27-02-2014 08:10:47 Windows Update
03-03-2014 03:43:03 Uniblue SpeedUpMyPC installation
03-03-2014 03:45:39 Uniblue SpeedUpMyPC installation
04-03-2014 15:35:32 Windows Update
05-03-2014 00:59:29 Removed DriverUpdate
05-03-2014 02:42:54 Windows Backup

==================== Hosts content: ==========================

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2582DD21-7E83-477D-B4AA-874273FDA97E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {33949449-D204-46EB-A50E-9DFB73D7E047} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3E016CBB-3300-40FE-95B9-5BCA6C4D1384} - System32\Tasks\Hoolapp Init => C:\Users\Linda\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
Task: {57E6FF42-4380-44A5-AE87-5B16030A4FB0} - System32\Tasks\Digital Sites => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6BBBCB57-3DAF-4624-A9E7-182FF0E74CBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6F9E0A39-2BE0-48B8-9833-ACF2BBF63198} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-03] (AVAST Software)
Task: {817BA9BE-78E2-4043-A92A-21A22C69E78E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B2B9FCA6-F790-4F03-BE15-1F501EDC4C59} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D941D18B-164D-40EE-9160-412A8EEBA051} - System32\Tasks\Hoolapp For Android => C:\Users\Linda\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E3A09834-5CC3-41D8-B7A1-ED545D9E23FB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-752874766-997199430-3846864615-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-03-04 17:17 - 2014-03-04 13:03 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030401\algo.dll
2012-10-02 21:28 - 2013-02-09 18:35 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-09-29 10:22 - 2009-08-24 13:38 - 00068136 _____ () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
2012-09-29 10:22 - 2009-03-13 10:30 - 00109096 _____ () C:\Program Files\Gigabyte\EasySaver\YCC.DLL
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-11 13:29 - 2014-02-11 13:29 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-12-03 08:54 - 2013-12-03 08:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-07-29 13:55 - 2008-07-29 13:55 - 00969728 _____ () C:\Program Files\Sun\StarOffice 9\program\libxml2.dll
2014-02-16 19:53 - 2014-02-16 19:53 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1992908D
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/04/2014 11:11:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 3325.24 MB
Available physical RAM: 1454.67 MB
Total Pagefile: 7926.53 MB
Available Pagefile: 5802.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:86.29 GB) NTFS
Drive d: (D:) (Fixed) (Total:298.08 GB) (Free:282.44 GB) NTFS
Drive f: (My Book) (Fixed) (Total:1862.98 GB) (Free:1390.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: B8EDB8ED)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2F4E8CEB)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)

==================== End Of Log ============================

Malwarebytes won't update. Run-time error '6' Overflow.... And the PC Tech Hotline green button is still stuck on every window.

Did you want me to manually try to delete that out of the /STARTUP ? I didn't know if I was supposed to, so I just ran all the scans.

Please let me know! Thank you for your help Mr. Lewis.

AdvancedSetup · March 5, 2014

Please uninstall ALL versions of Java from Control Panel, Add/Remove and then run the following.

Please download JavaRa-1.16 and save it to your computer.

Double click to open the zip file and then select all and choose Copy.
Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
Quit all browsers and other running applications.
Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next, Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

Thanks

fixlist.txt

ITGuy777 · March 5, 2014

Ok........

Here is the JavaRa log...

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Mar 05 00:41:20 2014

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\JRE\Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting.

Here is the Fixlog.txt.....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2014 02
Ran by Linda at 2014-03-05 00:44:28 Run:1
Running from C:\Users\Linda\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [PCTechHotline] - C:\Program Files\PCTechHotline\PCTechHotline.exe [1905000 2014-02-13] (Crawler, LLC)
HKU\S-1-5-21-752874766-997199430-3846864615-1001\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...8:7941509802&q={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 PCTechHotlineSvc; C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe [701800 2014-02-13] (Crawler, LLC)
C:\Users\Linda\en_res.dll
C:\Users\Linda\es_res.dll
C:\Users\Linda\fr_res.dll
C:\Users\Linda\grm_res.dll
C:\Users\Linda\it_res.dll
C:\Users\Linda\jp_res.dll
C:\Users\Linda\mfc80u.dll
C:\Users\Linda\msvcr80.dll
C:\Users\Linda\PCPE Setup.exe
C:\Users\Linda\pt_res.dll
C:\Users\Linda\ResourceReader.dll
C:\Users\Linda\ru_res.dll
C:\Users\Linda\zh_res.dll
C:\Program Files\PCTechHotline
C:\Users\Linda\AppData\Local\Temp\4mduf2hg.dll
C:\Users\Linda\AppData\Local\Temp\air2E2C.exe
C:\Users\Linda\AppData\Local\Temp\airE2C6.exe
C:\Users\Linda\AppData\Local\Temp\airEDD0.exe
C:\Users\Linda\AppData\Local\Temp\aol_toolbar.exe
C:\Users\Linda\AppData\Local\Temp\APNStub.exe
C:\Users\Linda\AppData\Local\Temp\AskSLib.dll
C:\Users\Linda\AppData\Local\Temp\BackupSetup.exe
C:\Users\Linda\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Linda\AppData\Local\Temp\ChromeSettings.exe
C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Linda\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe
C:\Users\Linda\AppData\Local\Temp\InstallChecker.exe
C:\Users\Linda\AppData\Local\Temp\installhelper.dll
C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Linda\AppData\Local\Temp\Jutoh-1.70-Setup.exe
C:\Users\Linda\AppData\Local\Temp\lowproc.exe
C:\Users\Linda\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Linda\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Linda\AppData\Local\Temp\nvStInst.exe
C:\Users\Linda\AppData\Local\Temp\propsys.dll
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe
C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Linda\AppData\Local\Temp\stubhelper.dll
C:\Users\Linda\AppData\Local\Temp\STWSetup.exe
C:\Users\Linda\AppData\Local\Temp\tbSoci.dll
C:\Users\Linda\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Linda\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Linda\AppData\Roaming\HOOLAP~1
Task: {3E016CBB-3300-40FE-95B9-5BCA6C4D1384} - System32\Tasks\Hoolapp Init => C:\Users\Linda\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
Task: {57E6FF42-4380-44A5-AE87-5B16030A4FB0} - System32\Tasks\Digital Sites => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D941D18B-164D-40EE-9160-412A8EEBA051} - System32\Tasks\Hoolapp For Android => C:\Users\Linda\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Linda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1992908D
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCTechHotline => Value deleted successfully.
HKU\S-1-5-21-752874766-997199430-3846864615-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77BDD474-2FE5-48d0-988F-C384E18DFE42} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{77BDD474-2FE5-48d0-988F-C384E18DFE42} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E74A8BE-42D8-4f47-9A83-EBECDDF8E597} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9E74A8BE-42D8-4f47-9A83-EBECDDF8E597} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2 => Key not found.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
PCTechHotlineSvc => Service stopped successfully.
PCTechHotlineSvc => Service deleted successfully.
C:\Users\Linda\en_res.dll => Moved successfully.
C:\Users\Linda\es_res.dll => Moved successfully.
C:\Users\Linda\fr_res.dll => Moved successfully.
C:\Users\Linda\grm_res.dll => Moved successfully.
C:\Users\Linda\it_res.dll => Moved successfully.
C:\Users\Linda\jp_res.dll => Moved successfully.
C:\Users\Linda\mfc80u.dll => Moved successfully.
C:\Users\Linda\msvcr80.dll => Moved successfully.
C:\Users\Linda\PCPE Setup.exe => Moved successfully.
C:\Users\Linda\pt_res.dll => Moved successfully.
C:\Users\Linda\ResourceReader.dll => Moved successfully.
C:\Users\Linda\ru_res.dll => Moved successfully.
C:\Users\Linda\zh_res.dll => Moved successfully.

"C:\Program Files\PCTechHotline" directory move:

C:\Program Files\PCTechHotline\PCTechHotline.exe => Moved successfully.
C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe => Moved successfully.
C:\Program Files\PCTechHotline\PCTHdesk.64.dll => Moved successfully.
C:\Program Files\PCTechHotline\PCTHdesk.dll => Moved successfully.
C:\Program Files\PCTechHotline\PCTHHook.dll => Moved successfully.
C:\Program Files\PCTechHotline\PCTHHook.exe => Moved successfully.
"C:\Program Files\PCTechHotline" => Directory moved successfully.

C:\Users\Linda\AppData\Local\Temp\4mduf2hg.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\air2E2C.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\airE2C6.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\airEDD0.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\aol_toolbar.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\ChromeSettings.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer-1.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\InstallChecker.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\Jutoh-1.70-Setup.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\propsys.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\STWSetup.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\tbSoci.dll => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\Linda\AppData\Roaming\HOOLAP~1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E016CBB-3300-40FE-95B9-5BCA6C4D1384} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E016CBB-3300-40FE-95B9-5BCA6C4D1384} => Key deleted successfully.
C:\Windows\System32\Tasks\Hoolapp Init => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp Init => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57E6FF42-4380-44A5-AE87-5B16030A4FB0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57E6FF42-4380-44A5-AE87-5B16030A4FB0} => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D941D18B-164D-40EE-9160-412A8EEBA051} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D941D18B-164D-40EE-9160-412A8EEBA051} => Key deleted successfully.
C:\Windows\System32\Tasks\Hoolapp For Android => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp For Android => Key deleted successfully.
C:\Windows\Tasks\Digital Sites.job => Moved successfully.
C:\ProgramData\TEMP => ":1992908D" ADS removed successfully.
C:\ProgramData\TEMP => ":997DA6D7" ADS removed successfully.
C:\ProgramData\TEMP => ":F35A93AD" ADS removed successfully.

==== End of Fixlog ====

ITGuy777 · March 5, 2014

And it never had me restart....

AdvancedSetup · March 5, 2014

Please run the following and restart the computer

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then let me know how the computer is running and what if any issues remain.

ITGuy777 · March 6, 2014

PC Tech Hotline is gone now... but malwarebytes still will not update. I've mentioned that several times throughout my posts...

Run-time error '6' Overflow....

AdvancedSetup · March 6, 2014

Please create an mbam-check log:

Download mbam-check.exe from here and save it to your desktop
Double-click on mbam-check.exe to run it, it should then open a log file
Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

AdvancedSetup · March 11, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

PC Tech Hotline Virus? It's on every window I open! Including add/remove programs

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information