Jump to content

Recommended Posts

After using malwarebytes and finding over 500 problems, some things are still present with PCTechHotline being what I think is the main culprit. Here are the requested logs;

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by imSizD at 21:19:50 on 2014-04-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.964 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\dmwu.exe
C:\ProgramData\LightsOff\LightsOffService.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\LinkiDoo\updateLinkiDoo.exe
C:\Program Files (x86)\LinkiDoo\bin\utilLinkiDoo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Windows\System32\ljkb\stij.exe
C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Users\imSizD\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Users\imSizD\AppData\Local\WeatherAlerts\WeatherAlerts.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Bench\BService\bservice.exe
C:\Program Files (x86)\Bench\Wd\wd.exe
C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ProgramData\LightsOff\LightsOff.exe
C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\LinkiDoo\bin\FilterApp_C64.exe
C:\Program Files (x86)\LinkiDoo\bin\XTLSApp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {3352F334-A389-4004-A026-3A161A0C69A7} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
uRun: [pcreg] C:\Program Files\pcreg\service.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [sMessaging] C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WebInternetSecurity] "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [pcreg] C:\Program Files\pcreg\service.exe
mRun: [PCTechHotline] "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\imSizD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 192.168.3.1
TCP: Interfaces\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer = 208.69.150.250,208.69.150.252
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-9-1 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-9-1 40064]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-5 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-5 208928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-5 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-5 423240]
R1 wStLib64;wStLib64;C:\Windows\System32\drivers\wStLib64.sys [2014-4-5 61112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-1 204288]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-5 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-5 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-25 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 LightsOff;Lights Off;C:\ProgramData\LightsOff\LightsOffService.exe [2014-3-21 61816]
R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-3-13 33864]
R2 PCTechHotlineSvc;PCTechHotlineService;C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [2014-4-5 701800]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-1 169584]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-5 119512]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-1 47232]
RUnknown CltMngSvc;CltMngSvc; [x]
RUnknown IBUpdaterService;IBUpdaterService; [x]
RUnknown Update LinkiDoo;Update LinkiDoo; [x]
RUnknown Util LinkiDoo;Util LinkiDoo; [x]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-5 84816]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2013-10-29 20232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-06 00:27:02 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-06 00:26:37 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-06 00:26:37 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-06 00:26:37 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-06 00:26:37 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-06 00:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 23:47:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\offreg.dll
2014-04-05 23:45:47 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\mpengine.dll
2014-04-05 23:37:39 61112 ----a-w- C:\Windows\System32\drivers\wStLib64.sys
2014-04-05 18:33:20 -------- d-----w- C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410}
2014-04-05 10:10:17 -------- d-----w- C:\Users\imSizD\AppData\Local\LightsOff
2014-04-05 10:10:05 -------- d-----w- C:\Program Files (x86)\Flash Player Pro
2014-04-05 10:09:49 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-04-05 10:09:23 -------- d-----w- C:\ProgramData\LightsOff
2014-04-05 10:09:03 -------- d-----w- C:\Program Files (x86)\AWS
2014-04-05 10:07:51 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Speed Maximizer
2014-04-05 10:07:30 -------- d-----w- C:\Users\imSizD\AppData\Local\pptaddin
2014-04-05 10:07:18 -------- d-----w- C:\Users\imSizD\AppData\Local\SoftUpdate
2014-04-05 10:07:07 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Tech Hotline
2014-04-05 10:06:56 -------- d-----w- C:\Program Files (x86)\PCTechHotline
2014-04-05 10:06:50 -------- d-----w- C:\Program Files (x86)\PCFixSpeed
2014-04-05 10:05:34 -------- d-----w- C:\Users\imSizD\AppData\Local\Start Savin
2014-04-05 10:05:34 -------- d-----w- C:\Program Files (x86)\Bench
2014-04-05 10:02:47 -------- d-----w- C:\Program Files\pcreg
2014-04-05 10:02:33 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer
2014-04-05 10:01:38 -------- d-----w- C:\Program Files (x86)\LinkiDoo
2014-04-05 10:00:42 -------- d-----w- C:\Users\imSizD\AppData\Local\WeatherAlerts
2014-04-05 10:00:11 -------- d-----w- C:\Users\imSizD\AppData\Local\SearchProtect
2014-04-05 09:59:33 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Deployment
2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Apps
2014-04-05 04:30:38 -------- d-----w- C:\Users\imSizD\AppData\Local\Windows Live
2014-04-05 04:30:17 -------- d-----w- C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65}
2014-04-05 04:10:04 -------- d-----w- C:\Users\imSizD\AppData\Roaming\DropboxMaster
2014-04-05 04:08:33 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Dropbox
2014-04-05 04:08:17 -------- d-----w- C:\Users\imSizD\AppData\Roaming\AVAST Software
2014-04-05 04:07:03 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-04-05 04:07:03 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-05 04:07:03 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-05 04:07:02 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-05 04:07:02 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-05 04:07:02 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-05 04:06:55 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-05 04:06:13 -------- d-----w- C:\Program Files\AVAST Software
2014-04-05 04:05:14 -------- d-----w- C:\ProgramData\AVAST Software
2014-04-05 03:44:58 -------- d-----w- C:\Users\imSizD\AppData\Roaming\NewspaperDirect
2014-04-05 03:43:18 -------- d-----w- C:\ProgramData\PDFC
2014-04-05 03:06:30 940544 ----a-w- C:\Users\imSizD\AppData\Local\log4cxx.dll
2014-04-05 03:06:30 196608 ----a-w- C:\Users\imSizD\AppData\Local\common_functions.dll
2014-04-05 02:58:24 -------- d-----w- C:\ProgramData\Oracle
2014-04-05 02:56:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-02 20:43:04 -------- d-----w- C:\Users\imSizD\AppData\Local\TB
2014-03-21 08:11:00 1161080 ----a-w- C:\Windows\SysWow64\LightsOff.CD920490367F.dll
2014-03-15 21:28:02 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Systweak
2014-03-15 21:26:59 -------- d-----w- C:\temp
2014-03-15 21:26:47 -------- d-----w- C:\Program Files (x86)\RegClean Pro
2014-03-15 21:25:59 -------- d-----w- C:\Program Files\Level Quality Watcher
2014-03-15 21:07:23 -------- d-----w- C:\Users\imSizD\AppData\Local\Skype
2014-03-13 07:29:07 0 ----a-w- C:\Windows\SysWow64\sho2BD1.tmp
2014-03-13 00:17:59 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-13 00:17:59 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-03-13 00:16:31 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 00:16:31 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-08 15:36:41 -------- d-----w- C:\Users\imSizD\AppData\Local\WebInternetSecurity
.
==================== Find3M  ====================
.
2014-04-06 01:21:01 79064 ----a-w- C:\Windows\System32\drivers\hdwkwhcj.sys
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-13 00:04:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 00:04:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 16:35:36 1859376 ------w- C:\Windows\System32\dmwu.exe
2014-02-04 16:31:42 34304 ----a-w- C:\Windows\System32\ImHttpComm.dll
2014-02-04 08:39:36 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2014-02-04 08:39:36 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
.
============= FINISH: 21:21:48.50 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2011 9:23:49 AM
System Uptime: 4/5/2014 2:38:34 PM (7 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AD3
Processor: AMD E-300 APU with Radeon HD Graphics | CPU 1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 364.353 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.391 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP309: 3/26/2014 6:46:08 PM - Scheduled Checkpoint
RP310: 3/30/2014 3:20:37 PM - Windows Update
RP311: 4/2/2014 4:50:32 PM - Windows Update
RP312: 4/4/2014 10:53:00 PM - Installed Java 7 Update 51
RP313: 4/4/2014 11:01:04 PM - Removed Facebook Video Calling 2.0.0.447
RP314: 4/4/2014 11:02:52 PM - Removed Camtasia Studio 7
RP315: 4/4/2014 11:19:01 PM - Removed Skype Click to Call
RP316: 4/4/2014 11:33:29 PM - Removed NWZ-S540 WALKMAN Guide.
RP317: 4/4/2014 11:34:39 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP318: 4/4/2014 11:43:58 PM - Removed PressReader.
RP319: 4/4/2014 11:46:33 PM - Removed Python 3.0.1
RP320: 4/4/2014 11:51:15 PM - Removed Steam
RP321: 4/4/2014 11:52:26 PM - Removed NetAssistant
RP322: 4/4/2014 11:54:11 PM - Removed Skype™ 6.14
RP323: 4/4/2014 11:55:01 PM - Removed Skype Click to Call
RP324: 4/4/2014 11:57:04 PM - Removed Skype Click to Call
RP325: 4/5/2014 12:05:38 AM - avast! antivirus system restore point
RP326: 4/5/2014 2:52:34 AM - Removed Skype Click to Call
RP327: 4/5/2014 2:56:23 AM - Removed Skype Click to Call
RP328: 4/5/2014 6:07:54 AM - Installed WeatherBug
RP329: 4/5/2014 7:45:05 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 ActiveX
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
avast! Free Antivirus
Belkin F7D1101 Basic Wireless USB Adapter
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Content Transfer
D3DX10
Dropbox
emaze PowerPoint Add-In
Flash Player Pro V5.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.2.3
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP LinkUp
HP MovieStore
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
iTunes
Java 7 Update 51
Java 7 Update 7 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 7 (64-bit)
Java 6 Update 30
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
League of Legends
Lights Off
Malwarebytes Anti-Malware version 2.0.1.1004
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MotoHelper MergeModules
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup 
PC Speed Maximizer v3.2
PC Tech Hotline
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
SavingsBull
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Snap.Do
Start Savin
Strongvault Online Backup
VC80CRTRedist - 8.0.50727.6195
WeatherBug
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Zinio Reader 4
ZTE Handset USB Driver
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
4/5/2014 6:02:51 AM, Error: Service Control Manager [7030]  - The pcregservice Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
4/5/2014 2:40:53 AM, Error: volmgr [46]  - Crash dump initialization failed!
4/5/2014 2:40:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
4/5/2014 2:40:10 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/4/2014 4:19:40 AM, Error: Microsoft Antimalware [2001]  - 
4/4/2014 4:09:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
4/4/2014 4:09:30 AM, Error: Service Control Manager [7000]  - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/4/2014 11:31:35 PM, Error: Service Control Manager [7034]  - The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
4/4/2014 11:15:53 PM, Error: Service Control Manager [7034]  - The Re-Markable service terminated unexpectedly.  It has done this 1 time(s).
4/4/2014 11:14:11 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user CBC-HP\Guest SID (S-1-5-21-3740989883-1198457843-2048904567-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/4/2014 11:13:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MotoHelper Service service to connect.
4/4/2014 11:13:13 PM, Error: Service Control Manager [7000]  - The MotoHelper Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/31/2014 4:59:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/30/2014 3:08:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : imSizD [Admin rights]

Mode : Scan [Aborted] -- Date : 04/06/2014 11:46:00

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

Finished : << RKreport[0]_S_04062014_114600.txt >>
Link to post
Share on other sites

Sorry MrC, I don't know why the scan aborted so I tried it again. This is the 2nd scan;

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : imSizD [Admin rights]
Mode : Scan -- Date : 04/06/2014 11:53:01
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 26 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SMessaging (C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [7]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V2][sUSP PATH] DTReg : C:\Users\imSizD\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe [x] -> FOUND
[V2][sUSP PATH] Registration : "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" - Registration ShowMessageTask2D [7][-] -> FOUND
[V2][sUSP PATH] SoftUpdateDaily : C:\Users\imSizD\AppData\Local\SoftUpdate\SoftUpdate.exe [-] -> FOUND
[V2][sUSP PATH] SoftUpdateLogon : C:\Users\imSizD\AppData\Local\SoftUpdate\SoftUpdate.exe [-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 2 ¤¤¤
[CHR][PUP] Default : Surf Canyon
[CHR][PUP] Default : New tab for Chromeâ¢
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : PUP ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA662 SATA Disk Device +++++
--- User ---
[MBR] bcdd0a3c830e7370ec3d0fdef493087c
[bSP] b8126f12bbf92798498ffc5b42ece95b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465198 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952932352 | Size: 11640 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] b9de2baea951a04b2eea32443f72ff96
[bSP] 79902e57a6fb9f549efe40d60f164710 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 165308416 | Size: 300 MB
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_04062014_115301.txt >>
RKreport[0]_S_04062014_114600.txt
Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes ..............

Click Fix Host on the right hand column under Options

Then............

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next:

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Last:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Look in your Programs and Features:

Lights Off <---did you install this?? If not uninstall it

Uninstall all of these if possible: (and any other programs you don't recognize or didn't install)

PC Tech Hotline

PC Speed Maximizer

Snap.Do

Webinternetsecurity

---------------------------------------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Next:

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Next:

Run a scan with Malwarebytes as before

Then.......

Reset home and search pages for Chrome:

https://support.google.com/chrome/answer/2765944?hl=en

 

These are all bad:

Let me know.....MrC

Link to post
Share on other sites

Here is the RougeKiller log. I didn't fix anything. I just ran the scan. FRST will be posted in a minute. 

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : imSizD [Admin rights]
Mode : Scan -- Date : 04/06/2014 20:22:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] SMessaging.exe -- C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 26 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SMessaging (C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [7]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer (208.69.150.250,208.69.150.252 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] Registration : "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" - Registration ShowMessageTask2D [7][-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA662 SATA Disk Device +++++
--- User ---
[MBR] bcdd0a3c830e7370ec3d0fdef493087c
[bSP] b8126f12bbf92798498ffc5b42ece95b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465198 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952932352 | Size: 11640 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] b9de2baea951a04b2eea32443f72ff96
[bSP] 79902e57a6fb9f549efe40d60f164710 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 165308416 | Size: 300 MB
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_04062014_202248.txt >>
RKreport[0]_H_04062014_140139.txt;RKreport[0]_S_04062014_114600.txt;RKreport[0]_S_04062014_115301.txt
RKreport[0]_S_04062014_140104.txt
Link to post
Share on other sites

FRST and addition logs;

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by imSizD (administrator) on CBC-HP on 06-04-2014 20:35:57
Running from C:\Users\imSizD\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [fssui] - C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)
HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation)
HKLM-x32\...\Run: [sMessaging] - C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3740989883-1198457843-2048904567-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3740989883-1198457843-2048904567-1001\...\MountPoints2: {200a358f-1b08-11e2-8770-3860774d677a} - H:\setup.exe -a
GroupPolicyUsers\S-1-5-21-3740989883-1198457843-2048904567-1002\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hp-desktop.us.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC88F7CB58350CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{0BE475FE-EC96-434C-81BC-12B6AF2D3370}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB}: [NameServer]208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{E971B731-42ED-4CAC-AC48-B1B85679EC1B}: [NameServer]208.69.150.250,208.69.150.252
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google Search) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (avast! Online Security) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-05]
CHR Extension: (Google Wallet) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Gmail) - C:\Users\imSizD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 ioztqflw; \??\C:\Windows\system32\drivers\ioztqflw.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S1 rolxxche; \??\C:\Windows\system32\drivers\rolxxche.sys [X]
S1 trbxklbw; \??\C:\Windows\system32\drivers\trbxklbw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-06 20:35 - 2014-04-06 20:36 - 00012361 _____ () C:\Users\imSizD\Downloads\FRST.txt
2014-04-06 20:22 - 2014-04-06 20:22 - 00005888 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_202248.txt
2014-04-06 18:02 - 2014-04-06 18:02 - 00448512 _____ (OldTimer Tools) C:\Users\imSizD\Downloads\TFC.exe
2014-04-06 17:57 - 2014-04-06 17:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-06 15:01 - 2014-04-06 15:03 - 00032755 _____ () C:\Users\imSizD\Desktop\Addition.txt
2014-04-06 15:00 - 2014-04-06 15:03 - 00055542 _____ () C:\Users\imSizD\Desktop\FRST.txt
2014-04-06 14:59 - 2014-04-06 20:35 - 00000000 ____D () C:\FRST
2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Downloads\FRST64.exe
2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Desktop\FRST64.exe
2014-04-06 14:57 - 2014-04-06 14:57 - 01145856 _____ (Farbar) C:\Users\imSizD\Downloads\FRST.exe
2014-04-06 14:18 - 2014-04-06 14:18 - 00029676 _____ () C:\Users\imSizD\Desktop\AdwCleaner[s0].txt
2014-04-06 14:04 - 2014-04-06 14:14 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:03 - 2014-04-06 14:03 - 01426178 _____ () C:\Users\imSizD\Downloads\AdwCleaner.exe
2014-04-06 14:01 - 2014-04-06 14:01 - 00006113 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_140104.txt
2014-04-06 14:01 - 2014-04-06 14:01 - 00000946 _____ () C:\Users\imSizD\Desktop\RKreport[0]_H_04062014_140139.txt
2014-04-06 11:53 - 2014-04-06 11:53 - 00006079 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_115301.txt
2014-04-06 11:46 - 2014-04-06 11:46 - 00000962 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_114600.txt
2014-04-06 11:43 - 2014-04-06 11:43 - 00001182 _____ () C:\Users\imSizD\Desktop\RogueKiller - Shortcut.lnk
2014-04-06 11:41 - 2014-04-06 11:41 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller (1).exe
2014-04-06 11:40 - 2014-04-06 11:53 - 00000000 ____D () C:\Users\imSizD\Desktop\RK_Quarantine
2014-04-06 11:39 - 2014-04-06 11:39 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller.exe
2014-04-06 09:44 - 2014-04-06 09:44 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{136E41C8-1DA3-4360-827D-E6A168CF2351}
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Hewlett-Packard
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\ATI
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\LightsOff
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\Google
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\ATI
2014-04-05 22:08 - 2014-04-05 22:08 - 00058016 _____ () C:\Users\GuestAccount\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 22:08 - 2014-04-05 22:08 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7440DD2C-08ED-4258-83BB-8BF9FBD87B5E}
2014-04-05 22:08 - 2014-04-05 22:08 - 00001419 _____ () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\Podcasts
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\PC Tech Hotline
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\AVAST Software
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Apple Computer
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Adobe
2014-04-05 22:07 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount
2014-04-05 22:07 - 2014-04-05 22:07 - 00004598 __RSH () C:\Users\GuestAccount\ntuser.pol
2014-04-05 22:07 - 2014-04-05 22:07 - 00000020 ___SH () C:\Users\GuestAccount\ntuser.ini
2014-04-05 22:07 - 2011-09-01 01:25 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Macromedia
2014-04-05 22:07 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-05 22:07 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-05 21:22 - 2014-04-05 21:22 - 00008938 _____ () C:\Users\imSizD\Desktop\attach.txt
2014-04-05 21:22 - 2014-04-05 21:21 - 00023631 _____ () C:\Users\imSizD\Desktop\dds.txt
2014-04-05 21:19 - 2014-04-05 21:19 - 00688992 ____R (Swearware) C:\Users\imSizD\Downloads\dds (2).com
2014-04-05 21:17 - 2014-04-05 21:17 - 00684612 _____ (Swearware) C:\Users\imSizD\Downloads\dds (1).com
2014-04-05 21:15 - 2014-04-05 21:16 - 00687532 _____ (Swearware) C:\Users\imSizD\Downloads\dds.com
2014-04-05 21:14 - 2014-04-05 21:14 - 00686072 _____ (Swearware) C:\Users\imSizD\Downloads\dds.scr
2014-04-05 20:27 - 2014-04-06 18:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 20:26 - 2014-04-05 20:26 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 20:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 20:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-05 20:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-05 20:25 - 2014-04-05 20:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\imSizD\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-05 19:37 - 2014-04-05 19:37 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-04-05 14:33 - 2014-04-05 14:33 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410}
2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Users\imSizD\Documents\Flash Player Pro
2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-04-05 06:07 - 2014-04-05 06:07 - 00001248 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\emaze-Amazing Presentations.lnk
2014-04-05 06:07 - 2014-04-05 06:07 - 00001244 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\emaze-Amazing Presentations.lnk
2014-04-05 06:05 - 2014-04-05 21:18 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Start Savin
2014-04-05 06:01 - 2014-04-05 06:01 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-04-05 05:58 - 2014-04-05 05:58 - 00376256 _____ () C:\Users\imSizD\Downloads\Gimp.exe
2014-04-05 04:09 - 2014-04-06 18:00 - 00000008 __RSH () C:\Users\imSizD\ntuser.pol
2014-04-05 02:53 - 2014-04-05 02:53 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-05 02:52 - 2014-04-06 20:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 02:52 - 2014-04-06 19:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 02:52 - 2014-04-05 02:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 02:52 - 2014-04-05 02:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-05 02:51 - 2014-04-05 02:52 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Deployment
2014-04-05 02:51 - 2014-04-05 02:51 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Apps\2.0
2014-04-05 00:30 - 2014-04-05 00:33 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Windows Live
2014-04-05 00:30 - 2014-04-05 00:30 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65}
2014-04-05 00:10 - 2014-04-05 00:10 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\DropboxMaster
2014-04-05 00:09 - 2014-04-05 00:09 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 00:08 - 2014-04-05 00:10 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Dropbox
2014-04-05 00:08 - 2014-04-05 00:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-05 00:08 - 2014-04-05 00:08 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\AVAST Software
2014-04-05 00:07 - 2014-04-06 17:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-05 00:07 - 2014-04-05 00:06 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-05 00:07 - 2014-04-05 00:06 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-05 00:07 - 2014-04-05 00:06 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-05 00:07 - 2014-04-05 00:06 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-05 00:07 - 2014-04-05 00:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-05 00:07 - 2014-04-05 00:06 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-05 00:07 - 2014-04-05 00:06 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-05 00:07 - 2014-04-05 00:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-05 00:06 - 2014-04-05 00:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 00:06 - 2014-04-05 00:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-05 00:05 - 2014-04-05 00:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-05 00:03 - 2014-04-05 00:05 - 88551496 _____ (AVAST Software) C:\Users\imSizD\Downloads\avast_free_antivirus_setup.exe
2014-04-04 23:44 - 2014-04-04 23:44 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\NewspaperDirect
2014-04-04 23:43 - 2014-04-04 23:43 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-04 23:06 - 2012-09-11 10:22 - 00196608 _____ () C:\Users\imSizD\AppData\Local\common_functions.dll
2014-04-04 23:06 - 2012-06-26 06:59 - 00940544 _____ (Apache Software Foundation) C:\Users\imSizD\AppData\Local\log4cxx.dll
2014-04-04 23:04 - 2014-04-04 23:04 - 00000000 ____D () C:\Users\imSizD\Documents\Camtasia Studio
2014-04-04 22:58 - 2014-04-04 22:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 22:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-04 22:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-04 22:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-04 22:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-04 22:54 - 2014-04-04 22:56 - 00006443 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-02 16:43 - 2014-04-02 16:43 - 00000000 ____D () C:\Users\imSizD\AppData\Local\TB
2014-03-15 17:07 - 2014-03-15 17:07 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Skype
2014-03-14 15:48 - 2014-03-14 15:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype
2014-03-14 15:01 - 2014-04-04 23:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\PMB Files
2014-03-14 15:00 - 2014-03-14 15:00 - 00000008 __RSH () C:\Users\Guest\ntuser.pol
2014-03-12 20:18 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 20:18 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 20:18 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 20:18 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 20:18 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 20:18 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 20:18 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 20:18 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 20:18 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 20:18 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 20:18 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 20:18 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 20:18 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 20:18 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 20:18 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 20:18 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 20:18 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 20:18 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 20:18 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 20:18 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 20:18 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 20:18 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 20:18 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 20:18 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 20:18 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 20:18 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 20:18 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 20:18 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 20:18 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 20:18 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 20:18 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 20:18 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 20:18 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 20:18 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 20:18 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 20:18 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 20:18 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 20:18 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 20:18 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 20:18 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:18 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 20:18 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 20:18 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 20:17 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 20:17 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 20:17 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 20:16 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 20:16 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\Users\imSizD\AppData\Local\WebInternetSecurity
 
==================== One Month Modified Files and Folders =======
 
2014-04-06 20:36 - 2014-04-06 20:35 - 00012361 _____ () C:\Users\imSizD\Downloads\FRST.txt
2014-04-06 20:35 - 2014-04-06 14:59 - 00000000 ____D () C:\FRST
2014-04-06 20:22 - 2014-04-06 20:22 - 00005888 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_202248.txt
2014-04-06 20:04 - 2014-04-05 02:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 20:03 - 2012-07-25 13:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 19:49 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 19:49 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 19:47 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 19:45 - 2011-12-24 10:23 - 01120136 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 19:41 - 2014-04-05 02:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 19:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 19:41 - 2009-07-14 00:51 - 00185698 _____ () C:\Windows\setupact.log
2014-04-06 18:44 - 2014-04-05 20:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 18:02 - 2014-04-06 18:02 - 00448512 _____ (OldTimer Tools) C:\Users\imSizD\Downloads\TFC.exe
2014-04-06 18:00 - 2014-04-05 04:09 - 00000008 __RSH () C:\Users\imSizD\ntuser.pol
2014-04-06 18:00 - 2012-05-13 01:30 - 00000000 ____D () C:\Users\imSizD
2014-04-06 17:57 - 2014-04-06 17:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-06 17:55 - 2011-12-24 10:23 - 00000000 ____D () C:\Users\CBC
2014-04-06 17:55 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-06 17:50 - 2014-04-05 00:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-06 17:50 - 2012-08-24 02:15 - 00000000 ____D () C:\Users\imSizD\AppData\Local\CrashDumps
2014-04-06 17:49 - 2010-11-20 23:47 - 01518274 _____ () C:\Windows\PFRO.log
2014-04-06 15:03 - 2014-04-06 15:01 - 00032755 _____ () C:\Users\imSizD\Desktop\Addition.txt
2014-04-06 15:03 - 2014-04-06 15:00 - 00055542 _____ () C:\Users\imSizD\Desktop\FRST.txt
2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Downloads\FRST64.exe
2014-04-06 14:59 - 2014-04-06 14:59 - 02157056 _____ (Farbar) C:\Users\imSizD\Desktop\FRST64.exe
2014-04-06 14:57 - 2014-04-06 14:57 - 01145856 _____ (Farbar) C:\Users\imSizD\Downloads\FRST.exe
2014-04-06 14:18 - 2014-04-06 14:18 - 00029676 _____ () C:\Users\imSizD\Desktop\AdwCleaner[s0].txt
2014-04-06 14:14 - 2014-04-06 14:04 - 00000000 ____D () C:\AdwCleaner
2014-04-06 14:14 - 2012-11-13 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 14:14 - 2012-05-13 01:30 - 00000000 ___RD () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 14:06 - 2012-01-01 14:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-06 14:05 - 2012-01-08 13:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-06 14:03 - 2014-04-06 14:03 - 01426178 _____ () C:\Users\imSizD\Downloads\AdwCleaner.exe
2014-04-06 14:01 - 2014-04-06 14:01 - 00006113 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_140104.txt
2014-04-06 14:01 - 2014-04-06 14:01 - 00000946 _____ () C:\Users\imSizD\Desktop\RKreport[0]_H_04062014_140139.txt
2014-04-06 11:53 - 2014-04-06 11:53 - 00006079 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_115301.txt
2014-04-06 11:53 - 2014-04-06 11:40 - 00000000 ____D () C:\Users\imSizD\Desktop\RK_Quarantine
2014-04-06 11:46 - 2014-04-06 11:46 - 00000962 _____ () C:\Users\imSizD\Desktop\RKreport[0]_S_04062014_114600.txt
2014-04-06 11:43 - 2014-04-06 11:43 - 00001182 _____ () C:\Users\imSizD\Desktop\RogueKiller - Shortcut.lnk
2014-04-06 11:43 - 2012-05-13 01:30 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{60E302E3-41D5-43BF-AD9D-9C53EFA17A31}
2014-04-06 11:41 - 2014-04-06 11:41 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller (1).exe
2014-04-06 11:39 - 2014-04-06 11:39 - 03972608 _____ () C:\Users\imSizD\Downloads\RogueKiller.exe
2014-04-06 11:35 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-06 11:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-06 09:44 - 2014-04-06 09:44 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{136E41C8-1DA3-4360-827D-E6A168CF2351}
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Hewlett-Packard
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\ATI
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\LightsOff
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\Google
2014-04-05 22:09 - 2014-04-05 22:09 - 00000000 ____D () C:\Users\GuestAccount\AppData\Local\ATI
2014-04-05 22:08 - 2014-04-05 22:08 - 00058016 _____ () C:\Users\GuestAccount\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 22:08 - 2014-04-05 22:08 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7440DD2C-08ED-4258-83BB-8BF9FBD87B5E}
2014-04-05 22:08 - 2014-04-05 22:08 - 00001419 _____ () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\Podcasts
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ___RD () C:\Users\GuestAccount\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\PC Tech Hotline
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\AVAST Software
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Apple Computer
2014-04-05 22:08 - 2014-04-05 22:08 - 00000000 ____D () C:\Users\GuestAccount\AppData\Roaming\Adobe
2014-04-05 22:08 - 2014-04-05 22:07 - 00000000 ____D () C:\Users\GuestAccount
2014-04-05 22:07 - 2014-04-05 22:07 - 00004598 __RSH () C:\Users\GuestAccount\ntuser.pol
2014-04-05 22:07 - 2014-04-05 22:07 - 00000020 ___SH () C:\Users\GuestAccount\ntuser.ini
2014-04-05 21:38 - 2009-07-13 22:34 - 00000505 _____ () C:\Windows\win.ini
2014-04-05 21:22 - 2014-04-05 21:22 - 00008938 _____ () C:\Users\imSizD\Desktop\attach.txt
2014-04-05 21:21 - 2014-04-05 21:22 - 00023631 _____ () C:\Users\imSizD\Desktop\dds.txt
2014-04-05 21:19 - 2014-04-05 21:19 - 00688992 ____R (Swearware) C:\Users\imSizD\Downloads\dds (2).com
2014-04-05 21:18 - 2014-04-05 06:05 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Start Savin
2014-04-05 21:18 - 2013-05-04 12:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Iminent
2014-04-05 21:17 - 2014-04-05 21:17 - 00684612 _____ (Swearware) C:\Users\imSizD\Downloads\dds (1).com
2014-04-05 21:16 - 2014-04-05 21:15 - 00687532 _____ (Swearware) C:\Users\imSizD\Downloads\dds.com
2014-04-05 21:14 - 2014-04-05 21:14 - 00686072 _____ (Swearware) C:\Users\imSizD\Downloads\dds.scr
2014-04-05 20:26 - 2014-04-05 20:26 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 20:26 - 2014-04-05 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 20:25 - 2014-04-05 20:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\imSizD\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-05 19:37 - 2014-04-05 19:37 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-04-05 14:33 - 2014-04-05 14:33 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410}
2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Users\imSizD\Documents\Flash Player Pro
2014-04-05 06:10 - 2014-04-05 06:10 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-04-05 06:07 - 2014-04-05 06:07 - 00001248 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\emaze-Amazing Presentations.lnk
2014-04-05 06:07 - 2014-04-05 06:07 - 00001244 _____ () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\emaze-Amazing Presentations.lnk
2014-04-05 06:01 - 2014-04-05 06:01 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-04-05 05:58 - 2014-04-05 05:58 - 00376256 _____ () C:\Users\imSizD\Downloads\Gimp.exe
2014-04-05 04:41 - 2013-01-24 23:36 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Facebook
2014-04-05 02:59 - 2014-04-05 02:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 02:59 - 2014-04-05 02:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-05 02:53 - 2014-04-05 02:53 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-05 02:53 - 2012-08-24 04:18 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Google
2014-04-05 02:53 - 2012-07-25 13:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-05 02:52 - 2014-04-05 02:51 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Deployment
2014-04-05 02:51 - 2014-04-05 02:51 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Apps\2.0
2014-04-05 00:33 - 2014-04-05 00:30 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Windows Live
2014-04-05 00:30 - 2014-04-05 00:30 - 00000000 ____D () C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65}
2014-04-05 00:10 - 2014-04-05 00:10 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\DropboxMaster
2014-04-05 00:10 - 2014-04-05 00:08 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Dropbox
2014-04-05 00:09 - 2014-04-05 00:09 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 00:08 - 2014-04-05 00:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-05 00:08 - 2014-04-05 00:08 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\AVAST Software
2014-04-05 00:06 - 2014-04-05 00:07 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-05 00:06 - 2014-04-05 00:07 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-05 00:06 - 2014-04-05 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-05 00:06 - 2014-04-05 00:07 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-05 00:06 - 2014-04-05 00:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-05 00:06 - 2014-04-05 00:07 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-05 00:06 - 2014-04-05 00:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-05 00:06 - 2014-04-05 00:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-05 00:06 - 2014-04-05 00:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 00:06 - 2014-04-05 00:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-05 00:05 - 2014-04-05 00:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-05 00:05 - 2014-04-05 00:03 - 88551496 _____ (AVAST Software) C:\Users\imSizD\Downloads\avast_free_antivirus_setup.exe
2014-04-05 00:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-04 23:54 - 2012-08-25 19:22 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Skype
2014-04-04 23:54 - 2012-01-21 18:44 - 00000000 ____D () C:\ProgramData\Skype
2014-04-04 23:53 - 2012-09-24 20:07 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-04-04 23:53 - 2012-09-24 20:06 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-04-04 23:52 - 2012-12-27 02:02 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Unity
2014-04-04 23:44 - 2014-04-04 23:44 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\NewspaperDirect
2014-04-04 23:43 - 2014-04-04 23:43 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-04 23:38 - 2012-01-20 17:22 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-04-04 23:31 - 2011-12-24 13:30 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-04 23:25 - 2012-09-24 22:45 - 00000000 ____D () C:\Program Files\DivX
2014-04-04 23:25 - 2012-09-24 22:42 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-04-04 23:25 - 2012-09-24 22:37 - 00000000 ____D () C:\ProgramData\DivX
2014-04-04 23:18 - 2012-05-13 01:31 - 00000000 ____D () C:\Users\imSizD\AppData\Roaming\Apple Computer
2014-04-04 23:18 - 2011-12-31 03:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-04 23:14 - 2014-03-14 15:01 - 00000000 ____D () C:\Users\Guest\AppData\Local\PMB Files
2014-04-04 23:12 - 2012-07-25 13:07 - 00000000 ____D () C:\Program Files\Google
2014-04-04 23:10 - 2013-05-04 12:13 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-04-04 23:05 - 2012-04-08 16:18 - 00000000 ____D () C:\ProgramData\TechSmith
2014-04-04 23:04 - 2014-04-04 23:04 - 00000000 ____D () C:\Users\imSizD\Documents\Camtasia Studio
2014-04-04 22:58 - 2014-04-04 22:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 22:56 - 2014-04-04 22:54 - 00006443 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-04 22:56 - 2012-01-13 22:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 22:54 - 2012-07-25 13:07 - 00000000 ____D () C:\ProgramData\Google
2014-04-04 22:39 - 2014-02-09 14:07 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForimSizD
2014-04-04 22:39 - 2014-02-09 14:07 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForimSizD.job
2014-04-03 09:51 - 2014-04-05 20:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-05 20:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-05 20:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 16:43 - 2014-04-02 16:43 - 00000000 ____D () C:\Users\imSizD\AppData\Local\TB
2014-03-31 09:35 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 08:49 - 2012-02-04 22:32 - 00000000 ____D () C:\Windows\Minidump
2014-03-26 08:49 - 2011-09-01 02:38 - 00330200 ____N () C:\Windows\Minidump\032614-19780-01.dmp
2014-03-25 21:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-03-21 03:09 - 2013-08-13 03:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-21 03:02 - 2011-12-24 12:14 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 17:07 - 2014-03-15 17:07 - 00000000 ____D () C:\Users\imSizD\AppData\Local\Skype
2014-03-15 17:00 - 2013-06-10 22:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype
2014-03-14 15:48 - 2014-03-14 15:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype
2014-03-14 15:46 - 2013-02-16 13:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2014-03-14 15:00 - 2014-03-14 15:00 - 00000008 __RSH () C:\Users\Guest\ntuser.pol
2014-03-14 15:00 - 2013-02-16 13:44 - 00000000 ____D () C:\Users\Guest
2014-03-13 03:31 - 2009-07-14 00:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:30 - 2012-05-14 12:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:29 - 2012-05-14 12:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 20:04 - 2012-07-25 13:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 20:04 - 2012-07-25 13:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 20:04 - 2011-09-01 01:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\Users\imSizD\AppData\Local\WebInternetSecurity
 
Some content of TEMP:
====================
C:\Users\imSizD\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-05 22:30
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by imSizD at 2014-04-06 20:37:29
Running from C:\Users\imSizD\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60512.1804 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0512.1812.30806 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{85A5A208-1A5A-A736-170E-AA826BC19B2A}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM-x32\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0512.1812.30806 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0512.1812.30806 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help English (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help French (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help German (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
ccc-utility64 (Version: 2011.0512.1812.30806 - ATI) Hidden
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.2.0.07300 - Sony Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
emaze PowerPoint Add-In (HKCU\...\emaze PowerPoint Add-In) (Version: 1.1 - emaze.com)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
Java 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Snap.Do (HKLM-x32\...\{8ABED4F1-34E7-420B-9BD1-FD6FFC0BDDE1}) (Version: 1.6.1.751 - ReSoft Ltd.) <==== ATTENTION
Start Savin (HKLM-x32\...\35450_Start Savin) (Version: 1.0 - Smart Apps)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
26-03-2014 22:46:08 Scheduled Checkpoint
30-03-2014 19:20:37 Windows Update
02-04-2014 20:50:32 Windows Update
05-04-2014 02:53:00 Installed Java 7 Update 51
05-04-2014 03:01:04 Removed Facebook Video Calling 2.0.0.447
05-04-2014 03:02:52 Removed Camtasia Studio 7
05-04-2014 03:19:01 Removed Skype Click to Call
05-04-2014 03:33:29 Removed NWZ-S540 WALKMAN Guide.
05-04-2014 03:34:39 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
05-04-2014 03:43:58 Removed PressReader.
05-04-2014 03:46:33 Removed Python 3.0.1
05-04-2014 03:51:15 Removed Steam
05-04-2014 03:52:26 Removed NetAssistant
05-04-2014 03:54:11 Removed Skype™ 6.14
05-04-2014 03:55:01 Removed Skype Click to Call
05-04-2014 03:57:04 Removed Skype Click to Call
05-04-2014 04:05:38 avast! antivirus system restore point
05-04-2014 06:52:34 Removed Skype Click to Call
05-04-2014 06:56:23 Removed Skype Click to Call
05-04-2014 10:07:54 Installed WeatherBug
05-04-2014 23:45:05 Windows Update
06-04-2014 15:58:54 MrC Restore Point
06-04-2014 21:51:26 Removed WeatherBug
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-04-06 14:01 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A6133A1-89DD-433A-B00E-1FAD9ECDA0A1} - \SoftUpdateDaily No Task File
Task: {24515430-C2F2-4AEA-BBEA-9ED0AF5F6023} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {275DD507-5869-4978-A971-8BB0C27C03FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {28E46B4C-FE46-49BF-8B65-E63F16E7B439} - System32\Tasks\{1E71EC92-6054-417D-8C8A-71DBA934D0E6} => Iexplore.exe http://ui.skype.com/ui/0/6.7.0.102/en/go/help.faq.installer?LastError=1601
Task: {290FF59D-96DF-4C6A-8A56-8D8B2D33F283} - System32\Tasks\{C522EDCB-8AE5-44B6-884A-2EDE960984B9} => Iexplore.exe http://ui.skype.com/ui/0/6.0.59.126/en/abandoninstall?page=tsProgressBar
Task: {4211A994-3005-40A4-8C90-AE69DD00806A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {48541A51-54C7-49FC-8C96-4F1E3AA627BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {7706956C-A189-4655-8CD3-366D8D88147A} - System32\Tasks\HPCeeScheduleForimSizD => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {77953C02-9204-4E21-86C2-8DB62C7361E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {8513FD1B-F3B5-4ED1-A47E-1A2194C5AFF0} - \SoftUpdateLogon No Task File
Task: {8A235D1B-798C-4CA1-B45D-519AB10424D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {90CE351A-E1CA-45E2-9515-B7535CCB4767} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software)
Task: {B201E691-7E32-4424-AB42-01A23B0AF185} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {B3CCC46C-72FD-4E09-9238-2B4282A122E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BD46CDE0-BDEB-4D0E-B6D8-4F5F0D321AA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CB55012F-6A3D-4D40-A405-20279A99B23C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E63B9EE5-50EE-4E77-A509-536D6C9E4F01} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-22] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForimSizD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-12 21:10 - 2011-05-12 21:10 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 17:20 - 2011-03-14 17:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-06 09:42 - 2014-04-06 09:42 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-05 00:06 - 2014-04-05 00:06 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/06/2014 06:03:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: services.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc10e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000020a7a
Faulting process id: 0x23c
Faulting application start time: 0xservices.exe0
Faulting application path: services.exe1
Faulting module path: services.exe2
Report Id: services.exe3
 
Error: (04/06/2014 06:01:11 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (04/06/2014 05:50:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Exception code: 0xc0000409
Fault offset: 0x0002f648
Faulting process id: 0xaac
Faulting application start time: 0xWeather.exe0
Faulting application path: Weather.exe1
Faulting module path: Weather.exe2
Report Id: Weather.exe3
 
Error: (04/06/2014 05:47:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Exception code: 0xc0000409
Fault offset: 0x0002f648
Faulting process id: 0xa88
Faulting application start time: 0xWeather.exe0
Faulting application path: Weather.exe1
Faulting module path: Weather.exe2
Report Id: Weather.exe3
 
Error: (04/06/2014 02:25:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Exception code: 0xc0000409
Fault offset: 0x0002f648
Faulting process id: 0x1084
Faulting application start time: 0xWeather.exe0
Faulting application path: Weather.exe1
Faulting module path: Weather.exe2
Report Id: Weather.exe3
 
Error: (04/06/2014 02:17:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Exception code: 0xc0000409
Fault offset: 0x0002f648
Faulting process id: 0xcb8
Faulting application start time: 0xWeather.exe0
Faulting application path: Weather.exe1
Faulting module path: Weather.exe2
Report Id: Weather.exe3
 
Error: (04/06/2014 11:37:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Exception code: 0xc0000409
Fault offset: 0x0002f648
Faulting process id: 0xcb4
Faulting application start time: 0xWeather.exe0
Faulting application path: Weather.exe1
Faulting module path: Weather.exe2
Report Id: Weather.exe3
 
Error: (04/06/2014 11:34:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: CltMngSvc.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: CltMngSvc.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x000cf003
Faulting process id: 0xa50
Faulting application start time: 0xCltMngSvc.exe0
Faulting application path: CltMngSvc.exe1
Faulting module path: CltMngSvc.exe2
Report Id: CltMngSvc.exe3
 
Error: (04/06/2014 09:43:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Faulting module name: Weather.exe, version: 6.8.0.9, time stamp: 0x50aa5b59
Exception code: 0xc0000409
Fault offset: 0x0002f648
Faulting process id: 0x1664
Faulting application start time: 0xWeather.exe0
Faulting application path: Weather.exe1
Faulting module path: Weather.exe2
Report Id: Weather.exe3
 
Error: (04/06/2014 09:42:25 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (04/06/2014 07:40:16 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/06/2014 06:37:44 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:03:34 PM on ‎4/‎6/‎2014 was unexpected.
 
Error: (04/06/2014 06:22:54 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/06/2014 05:56:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/06/2014 05:55:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the pcregservice service.
 
Error: (04/06/2014 05:48:33 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/06/2014 02:15:15 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/06/2014 11:41:56 AM) (Source: Service Control Manager) (User: )
Description: The Lights Off service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/06/2014 11:36:41 AM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (04/06/2014 11:36:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (04/06/2014 06:03:57 PM) (Source: Application Error)(User: )
Description: services.exe6.1.7600.163854a5bc10entdll.dll6.1.7601.18247521eaf24c00000050000000000020a7a23c01cf51e33c6a608eC:\Windows\system32\services.exeC:\Windows\SYSTEM32\ntdll.dll5933e282-bdd7-11e3-b7d5-3860774d677a
 
Error: (04/06/2014 06:01:11 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (04/06/2014 05:50:01 PM) (Source: Application Error)(User: )
Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648aac01cf51e2257b959cC:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe66e48cba-bdd5-11e3-a545-3860774d677a
 
Error: (04/06/2014 05:47:22 PM) (Source: Application Error)(User: )
Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648a8801cf51e1c89b631bC:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe07efa2ec-bdd5-11e3-8ebe-3860774d677a
 
Error: (04/06/2014 02:25:19 PM) (Source: Application Error)(User: )
Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648108401cf51c58f7b10f6C:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exece4ec678-bdb8-11e3-8ebe-3860774d677a
 
Error: (04/06/2014 02:17:06 PM) (Source: Application Error)(User: )
Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648cb801cf51c465acdc48C:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exea88c0860-bdb7-11e3-8ebe-3860774d677a
 
Error: (04/06/2014 11:37:07 AM) (Source: Application Error)(User: )
Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648cb401cf51ae0a9c9eabC:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe4f249153-bda1-11e3-852b-3860774d677a
 
Error: (04/06/2014 11:34:49 AM) (Source: Application Error)(User: )
Description: CltMngSvc.exe0.0.0.000000000CltMngSvc.exe0.0.0.00000000040000015000cf003a5001cf50fe7eca5b39C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exeC:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exefc8be353-bda0-11e3-8a2e-3860774d677a
 
Error: (04/06/2014 09:43:44 AM) (Source: Application Error)(User: )
Description: Weather.exe6.8.0.950aa5b59Weather.exe6.8.0.950aa5b59c00004090002f648166401cf519e3682cb56C:\Program Files (x86)\AWS\WeatherBug\Weather.exeC:\Program Files (x86)\AWS\WeatherBug\Weather.exe77db95c2-bd91-11e3-8a2e-3860774d677a
 
Error: (04/06/2014 09:42:25 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 2662.55 MB
Available physical RAM: 1606.04 MB
Total Pagefile: 5323.27 MB
Available Pagefile: 3928.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:454.29 GB) (Free:377.17 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.37 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B343CE4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then..........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Update and run a Threat scan with Malwarebytes

Let me know how it is, MrC

Link to post
Share on other sites

Good, you had a lot of garbage on it.

If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.81  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 6 Update 30  

 Java 7 Update 51  

 Google Chrome 33.0.1750.154  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 30 <----please uninstall from your add/remove programs

The rest looks OK

------------------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.