Jump to content

Recommended Posts

After running Malwarebytes and finding over 500 detections (threats) I still believe this PC is heavily infected. I believe PCTechHotline is the main culprit. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2

Run by imSizD at 21:19:50 on 2014-04-05

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.964 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Windows\system32\dmwu.exe

C:\ProgramData\LightsOff\LightsOffService.exe

C:\Program Files\pcreg\pcreg.exe

C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\LinkiDoo\updateLinkiDoo.exe

C:\Program Files (x86)\LinkiDoo\bin\utilLinkiDoo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe

C:\Windows\SysWOW64\jmdp\stij.exe

C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe

C:\Windows\System32\ljkb\stij.exe

C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe

C:\Users\imSizD\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

C:\Users\imSizD\AppData\Local\WeatherAlerts\WeatherAlerts.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Bench\BService\bservice.exe

C:\Program Files (x86)\Bench\Wd\wd.exe

C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe

C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\ProgramData\LightsOff\LightsOff.exe

C:\Program Files (x86)\PCTechHotline\PCTHHook.exe

C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\LinkiDoo\bin\FilterApp_C64.exe

C:\Program Files (x86)\LinkiDoo\bin\XTLSApp.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: {3352F334-A389-4004-A026-3A161A0C69A7} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 

uRun: [pcreg] C:\Program Files\pcreg\service.exe

uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

mRun: [sMessaging] C:\Users\imSizD\AppData\Local\Strongvault Online Backup\SMessaging.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [WebInternetSecurity] "C:\Program Files (x86)\Webinternetsecurity\WebInternetSecurity.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [pcreg] C:\Program Files\pcreg\service.exe

mRun: [PCTechHotline] "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP

dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"

StartupFolder: C:\Users\imSizD\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 




TCP: NameServer = 192.168.3.1

TCP: Interfaces\{0BE475FE-EC96-434C-81BC-12B6AF2D3370} : NameServer = 208.69.150.250,208.69.150.252

TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : NameServer = 208.69.150.250,208.69.150.252

TCP: Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD} : DHCPNameServer = 192.168.3.1

TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : NameServer = 208.69.150.250,208.69.150.252

TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB} : DHCPNameServer = 192.168.3.1

TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : NameServer = 208.69.150.250,208.69.150.252

TCP: Interfaces\{A6C45405-0DAC-4038-94D2-B08B8C90BFDB}\755637475627E6449676964716C6D25326 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D2FF44BE-E635-4E49-A3C4-A25B4A9545CB} : NameServer = 208.69.150.250,208.69.150.252

TCP: Interfaces\{E971B731-42ED-4CAC-AC48-B1B85679EC1B} : NameServer = 208.69.150.250,208.69.150.252

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun

x64-Run: [pcreg] C:\Program Files\pcreg\service.exe

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-9-1 79488]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-9-1 40064]

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-5 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-5 208928]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-5 1039096]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-5 423240]

R1 wStLib64;wStLib64;C:\Windows\System32\drivers\wStLib64.sys [2014-4-5 61112]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-1 204288]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-5 79184]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-5 50344]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-25 48488]

R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 LightsOff;Lights Off;C:\ProgramData\LightsOff\LightsOffService.exe [2014-3-21 61816]

R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-3-13 33864]

R2 PCTechHotlineSvc;PCTechHotlineService;C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [2014-4-5 701800]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-1 169584]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-5 119512]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-1 47232]

RUnknown CltMngSvc;CltMngSvc; [x]

RUnknown IBUpdaterService;IBUpdaterService; [x]

RUnknown Update LinkiDoo;Update LinkiDoo; [x]

RUnknown Util LinkiDoo;Util LinkiDoo; [x]

S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-5 84816]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]

S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2013-10-29 20232]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2014-04-06 00:27:02 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-04-06 00:26:37 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-04-06 00:26:37 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-04-06 00:26:37 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-04-06 00:26:37 -------- d-----w- C:\ProgramData\Malwarebytes

2014-04-06 00:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-05 23:47:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\offreg.dll

2014-04-05 23:45:47 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24F37274-286A-4EB8-9EE4-1BAC265DDA63}\mpengine.dll

2014-04-05 23:37:39 61112 ----a-w- C:\Windows\System32\drivers\wStLib64.sys

2014-04-05 18:33:20 -------- d-----w- C:\Users\imSizD\AppData\Local\{ED42B1C9-8F14-47C9-8769-50809A8CA410}

2014-04-05 10:10:17 -------- d-----w- C:\Users\imSizD\AppData\Local\LightsOff

2014-04-05 10:10:05 -------- d-----w- C:\Program Files (x86)\Flash Player Pro

2014-04-05 10:09:49 -------- d-----w- C:\Program Files (x86)\MyPC Backup

2014-04-05 10:09:23 -------- d-----w- C:\ProgramData\LightsOff

2014-04-05 10:09:03 -------- d-----w- C:\Program Files (x86)\AWS

2014-04-05 10:07:51 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Speed Maximizer

2014-04-05 10:07:30 -------- d-----w- C:\Users\imSizD\AppData\Local\pptaddin

2014-04-05 10:07:18 -------- d-----w- C:\Users\imSizD\AppData\Local\SoftUpdate

2014-04-05 10:07:07 -------- d-----w- C:\Users\imSizD\AppData\Roaming\PC Tech Hotline

2014-04-05 10:06:56 -------- d-----w- C:\Program Files (x86)\PCTechHotline

2014-04-05 10:06:50 -------- d-----w- C:\Program Files (x86)\PCFixSpeed

2014-04-05 10:05:34 -------- d-----w- C:\Users\imSizD\AppData\Local\Start Savin

2014-04-05 10:05:34 -------- d-----w- C:\Program Files (x86)\Bench

2014-04-05 10:02:47 -------- d-----w- C:\Program Files\pcreg

2014-04-05 10:02:33 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer

2014-04-05 10:01:38 -------- d-----w- C:\Program Files (x86)\LinkiDoo

2014-04-05 10:00:42 -------- d-----w- C:\Users\imSizD\AppData\Local\WeatherAlerts

2014-04-05 10:00:11 -------- d-----w- C:\Users\imSizD\AppData\Local\SearchProtect

2014-04-05 09:59:33 -------- d-----w- C:\Program Files (x86)\SearchProtect

2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Deployment

2014-04-05 06:51:40 -------- d-----w- C:\Users\imSizD\AppData\Local\Apps

2014-04-05 04:30:38 -------- d-----w- C:\Users\imSizD\AppData\Local\Windows Live

2014-04-05 04:30:17 -------- d-----w- C:\Users\imSizD\AppData\Local\{38AB1E40-D39D-4C5F-816D-3108F5243C65}

2014-04-05 04:10:04 -------- d-----w- C:\Users\imSizD\AppData\Roaming\DropboxMaster

2014-04-05 04:08:33 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Dropbox

2014-04-05 04:08:17 -------- d-----w- C:\Users\imSizD\AppData\Roaming\AVAST Software

2014-04-05 04:07:03 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys

2014-04-05 04:07:03 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2014-04-05 04:07:03 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2014-04-05 04:07:02 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2014-04-05 04:07:02 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2014-04-05 04:07:02 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2014-04-05 04:06:55 43152 ----a-w- C:\Windows\avastSS.scr

2014-04-05 04:06:13 -------- d-----w- C:\Program Files\AVAST Software

2014-04-05 04:05:14 -------- d-----w- C:\ProgramData\AVAST Software

2014-04-05 03:44:58 -------- d-----w- C:\Users\imSizD\AppData\Roaming\NewspaperDirect

2014-04-05 03:43:18 -------- d-----w- C:\ProgramData\PDFC

2014-04-05 03:06:30 940544 ----a-w- C:\Users\imSizD\AppData\Local\log4cxx.dll

2014-04-05 03:06:30 196608 ----a-w- C:\Users\imSizD\AppData\Local\common_functions.dll

2014-04-05 02:58:24 -------- d-----w- C:\ProgramData\Oracle

2014-04-05 02:56:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-02 20:43:04 -------- d-----w- C:\Users\imSizD\AppData\Local\TB

2014-03-21 08:11:00 1161080 ----a-w- C:\Windows\SysWow64\LightsOff.CD920490367F.dll

2014-03-15 21:28:02 -------- d-----w- C:\Users\imSizD\AppData\Roaming\Systweak

2014-03-15 21:26:59 -------- d-----w- C:\temp

2014-03-15 21:26:47 -------- d-----w- C:\Program Files (x86)\RegClean Pro

2014-03-15 21:25:59 -------- d-----w- C:\Program Files\Level Quality Watcher

2014-03-15 21:07:23 -------- d-----w- C:\Users\imSizD\AppData\Local\Skype

2014-03-13 07:29:07 0 ----a-w- C:\Windows\SysWow64\sho2BD1.tmp

2014-03-13 00:17:59 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-13 00:17:59 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2014-03-13 00:16:31 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-13 00:16:31 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-03-08 15:36:41 -------- d-----w- C:\Users\imSizD\AppData\Local\WebInternetSecurity

.

==================== Find3M  ====================

.

2014-04-06 01:21:01 79064 ----a-w- C:\Windows\System32\drivers\hdwkwhcj.sys

2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-03-13 00:04:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-13 00:04:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-02-04 16:35:36 1859376 ------w- C:\Windows\System32\dmwu.exe

2014-02-04 16:31:42 34304 ----a-w- C:\Windows\System32\ImHttpComm.dll

2014-02-04 08:39:36 829264 ----a-w- C:\Windows\System32\msvcr100.dll

2014-02-04 08:39:36 608080 ----a-w- C:\Windows\System32\msvcp100.dll

2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll

.

============= FINISH: 21:21:48.50 ===============

 

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 12/24/2011 9:23:49 AM

System Uptime: 4/5/2014 2:38:34 PM (7 hours ago)

.

Motherboard: PEGATRON CORPORATION |  | 2AD3

Processor: AMD E-300 APU with Radeon HD Graphics | CPU 1 | 1300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 364.353 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.391 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP309: 3/26/2014 6:46:08 PM - Scheduled Checkpoint

RP310: 3/30/2014 3:20:37 PM - Windows Update

RP311: 4/2/2014 4:50:32 PM - Windows Update

RP312: 4/4/2014 10:53:00 PM - Installed Java 7 Update 51

RP313: 4/4/2014 11:01:04 PM - Removed Facebook Video Calling 2.0.0.447

RP314: 4/4/2014 11:02:52 PM - Removed Camtasia Studio 7

RP315: 4/4/2014 11:19:01 PM - Removed Skype Click to Call

RP316: 4/4/2014 11:33:29 PM - Removed NWZ-S540 WALKMAN Guide.

RP317: 4/4/2014 11:34:39 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]

RP318: 4/4/2014 11:43:58 PM - Removed PressReader.

RP319: 4/4/2014 11:46:33 PM - Removed Python 3.0.1

RP320: 4/4/2014 11:51:15 PM - Removed Steam

RP321: 4/4/2014 11:52:26 PM - Removed NetAssistant

RP322: 4/4/2014 11:54:11 PM - Removed Skype™ 6.14

RP323: 4/4/2014 11:55:01 PM - Removed Skype Click to Call

RP324: 4/4/2014 11:57:04 PM - Removed Skype Click to Call

RP325: 4/5/2014 12:05:38 AM - avast! antivirus system restore point

RP326: 4/5/2014 2:52:34 AM - Removed Skype Click to Call

RP327: 4/5/2014 2:56:23 AM - Removed Skype Click to Call

RP328: 4/5/2014 6:07:54 AM - Installed WeatherBug

RP329: 4/5/2014 7:45:05 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 12 ActiveX

AMD APP SDK Runtime

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

avast! Free Antivirus

Belkin F7D1101 Basic Wireless USB Adapter

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Content Transfer

D3DX10

Dropbox

emaze PowerPoint Add-In

Flash Player Pro V5.4

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.2.3

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP LinkUp

HP MovieStore

HP Odometer

HP Setup

HP Setup Manager

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

iTunes

Java 7 Update 51

Java 7 Update 7 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 7 (64-bit)

Java 6 Update 30

Junk Mail filter update

K-Lite Codec Pack 7.0.0 (Standard)

League of Legends

Lights Off

Malwarebytes Anti-Malware version 2.0.1.1004

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

MotoHelper MergeModules

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyPC Backup 

PC Speed Maximizer v3.2

PC Tech Hotline

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Realtek High Definition Audio Driver

Recovery Manager

Remote Graphics Receiver

SavingsBull

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Snap.Do

Start Savin

Strongvault Online Backup

VC80CRTRedist - 8.0.50727.6195

WeatherBug

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Updater Component

Zinio Reader 4

ZTE Handset USB Driver

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

4/5/2014 6:02:51 AM, Error: Service Control Manager [7030]  - The pcregservice Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

4/5/2014 2:40:53 AM, Error: volmgr [46]  - Crash dump initialization failed!

4/5/2014 2:40:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

4/5/2014 2:40:10 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

4/4/2014 4:19:40 AM, Error: Microsoft Antimalware [2001]  - 

4/4/2014 4:09:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.

4/4/2014 4:09:30 AM, Error: Service Control Manager [7000]  - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

4/4/2014 11:31:35 PM, Error: Service Control Manager [7034]  - The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).

4/4/2014 11:15:53 PM, Error: Service Control Manager [7034]  - The Re-Markable service terminated unexpectedly.  It has done this 1 time(s).

4/4/2014 11:14:11 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user CBC-HP\Guest SID (S-1-5-21-3740989883-1198457843-2048904567-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/4/2014 11:13:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MotoHelper Service service to connect.

4/4/2014 11:13:13 PM, Error: Service Control Manager [7000]  - The MotoHelper Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

3/31/2014 4:59:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

3/30/2014 3:08:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

.

==== End Of File ===========================

 


 

attach.txt

dds.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.