Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC misbehaves, but it doesn't seem to be infected. Is it?


  • This topic is locked This topic is locked
66 replies to this topic

#1 Klaorman

Klaorman

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 21 March 2014 - 08:43 PM

Hi,
 
I moved recently, and when I reconnected my ISP weird things started happening on my PC (Windows 7 Home Premium with Service Pack 1). A little background first: During the reconnection, I decided to not run a long wire from my wireless modem in the living room to my PC in the computer room and instead use a wireless USB adapter. I tried out Belkin and Netgear adapters but could not install the software from their CDs (I got errors from both installations). Actually, I made a mistake with the Belkin by eagerly inserting it into a USB port before running its CD, which (I found out immediately afterwards) they warned not to do. Right after inserting it, my PC rebooted! After returning the adapters, I had to run the long wire anyway. When I fired up Chrome, all seemed well, but then:

1. Chrome displays an Invalid Server Certificate page anytime I try to load an https page. I also can't download anything using Chrome or Firefox (except that after noknojon's help in the "Am I infected?" forum I can now download EXEs, COMs, and MSIs, but not anything else). Plus, I can't copy any text (after copying I can't paste) nor bookmark any sites in Firefox.

2. I can't run many programs now, with most of them displaying error messages. Some examples:
* IE opens its window, but then after a few seconds it closes.
* AVG Antivirus, Windows Media Player, and Dropbox don't show up at all (when I run them, the busy cursor shows for a few seconds and then disappears).
* iTunes displays an error: "Apple Application Support was not found. Apple Application Support is required to run iTunes. Please uninstall iTunes, then install iTunes again. Error 2 (Windows error 2)".
* Steam displays an "unknown software exception (0x40000015)".
* Microsoft Word Starter 2010 and Excel Starter both display an error box titled "Click-2-Run Virtualization Han..." (can't stretch it to see more) that just says "30015".
* Bastion (a game) and SharpDevelop 4.1 (a development editor) both display the same error: "Please set registry key HKLM\Software\Microsoft\.NETFramework\InstallRoot to point to the .NET Framework install location"

3. Some programs misbehave:
* Spotify's Discover page doesn't show album covers. Covers display fine elsewhere in the program.
* YouTube on Chrome doesn't display comments; they do display on Firefox.

Also, before reconnecting my ISP, I did use my PC a few times; I noticed that AVG wasn't running during those times, but I assumed that that was due to the PC not being connected.
 
Is my PC infected? I don't see any signs of an infection (other than the above anomalies); there are no popups, no site redirects, and my PC isn't slow. Some of the errors seem to point to a corrupted registry. I explored my System Restore, but I found out that it only keeps about a week of snapshots and I had let more than a week pass before I had even thought about restoring. I've run Windows Defender, which gives me the all clear. With noknojon's help in the "Am I infected?" forum, I've run chkdsk (which took 8 hours on my 1.35 TB drive) and sfc, with no resulting changes in behavior (except that now I can download EXEs), and MiniToolbox. I also tried to run Screen 317 Security Check, but apparently my Internet security settings prevented it from running.
 
Here's my DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843
Run by Klaorman at 17:44:30 on 2014-03-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6056.1272 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\notepad.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [PCShowServer] "C:\Users\Klaorman\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [ROC_ROC_APR2013_AV] C:\Users\Klaorman\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Klaorman\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID 0913a
uRun: [Facebook Update] "C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
StartupFolder: C:\Users\Klaorman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scrollwheel Doubleclick.ahk
StartupFolder: C:\Users\Klaorman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SLEEPA~1.LNK - C:\Users\Klaorman\Documents\AutoHotkey Scripts\Sleep.ahk
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0DF0DC8C-223B-46D9-A171-7C1523581CFA} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3BC3EA9D-6FE5-4AC2-8224-B2D5251AF8E4} : DHCPNameServer = 10.200.136.17
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Klaorman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Klaorman\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Klaorman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-10 317440]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2011-9-5 122448]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-10 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-10 2655768]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-10 243232]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-12 05:05:50    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-12 05:05:50    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-12 05:05:50    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-12 05:05:49    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 05:05:49    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-12 05:05:49    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-12 05:05:45    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-12 05:05:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M  ====================
.
2014-02-23 08:13:41    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-23 08:11:59    3960320    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-23 06:53:22    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:39:39    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2014-02-23 05:35:24    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 17:46:58.79 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/2/2011 12:43:56 PM
System Uptime: 3/21/2014 3:41:16 PM (2 hours ago)
.
Motherboard: Gateway | | DX4850
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1384 GiB total, 643.787 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1397 GiB total, 788.033 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 1397 GiB total, 274.389 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C7200 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Sftfs
Device ID: ROOT\LEGACY_SFTFS\0000
Manufacturer:
Name: Sftfs
PNP Device ID: ROOT\LEGACY_SFTFS\0000
Service: Sftfs
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP304: 3/18/2014 12:56:36 PM - Windows Update
RP305: 3/19/2014 8:56:20 PM - Windows Update
RP306: 3/20/2014 11:05:47 AM - Windows Update
RP307: 3/21/2014 3:53:38 PM - Windows Update
RP308: 3/21/2014 5:21:04 PM - Installed Microsoft Fix it 50267
RP309: 3/21/2014 5:26:52 PM - Installed Microsoft Fix it 50267
RP310: 3/21/2014 5:28:19 PM - Installed Microsoft Fix it 50267
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe Photoshop Lightroom 5 64-bit
Amazon Kindle
Apple Mobile Device Support
Application Verifier (x64)
AVG 2014
Best Buy pc app
Blender
Bonjour
Debugging Tools for Windows (x64)
Dropbox
Google Chrome
GoToMeeting 5.1.0.880
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Solution Center 13.0
iTunes
Lightspeed 8.0.1 x64
LWS VideoEffects
MAGIX Independence Libraries Common Files
MAGIX Independence Pro 3.1 RTAS-Plugins
MAGIX Independence Pro 3.1 VST-Plugins
MAGIX Independence Pro Software Suite 3.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Office Click-to-Run 2010
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x64) ENU
Microsoft Sync Framework 2.0 Provider Services (x64) ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x64
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
MySQL Connector C 6.0.2
MySQL Connector C++ 1.1.0
MySQL Connector/ODBC 5.1
MySQL Server 5.5
Network64
Paint.NET v3.5.10
Photobook Designer
Rdio
REAPER (x64)
Spotify
SyncToy 2.1 (x64)
TWS Demo
Unity Web Player
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 )
Windows Live ID Sign-in Assistant
Windows Live Language Selector
Windows Live MIME IFilter
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
WinZip 16.0
.
==== Event Viewer Messages From Past Week ========
.
3/21/2014 4:05:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2901110).
3/21/2014 4:04:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
3/21/2014 4:03:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121).
3/21/2014 4:02:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2898855).
3/21/2014 4:01:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition.
3/21/2014 4:01:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367).
3/21/2014 4:01:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).
3/21/2014 3:59:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).
3/21/2014 3:51:22 PM, Error: Service Control Manager [7023] - The Intel® Management and Security Application User Notification Service service terminated with the following error: %%-2146893799
3/21/2014 3:50:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/21/2014 3:46:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
3/21/2014 3:46:30 PM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2014 3:46:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
3/21/2014 3:46:21 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2014 3:46:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
3/21/2014 3:46:11 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2014 3:42:37 PM, Error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s).
3/21/2014 3:42:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.
3/21/2014 3:42:35 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2014 3:42:35 PM, Error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2014 3:42:05 PM, Error: Service Control Manager [7023] - The Skype Updater service terminated with the following error: %%-2146893799
3/21/2014 3:42:04 PM, Error: Service Control Manager [7001] - The Application Virtualization Client service depends on the Sftfs service which failed to start because of the following error: The system cannot find the file specified.
3/21/2014 3:42:04 PM, Error: Service Control Manager [7000] - The Sftfs service failed to start due to the following error: The system cannot find the file specified.
3/21/2014 3:42:04 PM, Error: Service Control Manager [7000] - The Phase One 1394 Camera Driver service failed to start due to the following error: This driver has been blocked from loading
3/21/2014 3:42:04 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\p1c1394.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/21/2014 3:42:02 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.
3/21/2014 3:42:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.
3/21/2014 3:42:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
3/21/2014 3:42:02 PM, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2014 3:42:02 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2014 3:42:00 PM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
3/21/2014 1:13:02 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
3/16/2014 6:54:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================

 
Thanks for any help you can provide.

Attached Files


Edited by Oh My, 05 April 2014 - 07:34 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 26 March 2014 - 08:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528291 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 28 March 2014 - 03:28 AM

I haven't done anything to fix my problem since my original post. I don't have the original Windows CD (I have a Gateway PC, which always prompts me to create a restore disk, but I kept putting it off, and recently when I tried to create the disk it essentially told me "Too late!!").

 

Here's my new DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843
Run by Klaorman at 22:53:52 on 2014-03-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6056.545 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\findstr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [PCShowServer] "C:\Users\Klaorman\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [ROC_ROC_APR2013_AV] C:\Users\Klaorman\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Klaorman\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID 0913a
uRun: [Facebook Update] "C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
StartupFolder: C:\Users\Klaorman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scrollwheel Doubleclick.ahk
StartupFolder: C:\Users\Klaorman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SLEEPA~1.LNK - C:\Users\Klaorman\Documents\AutoHotkey Scripts\Sleep.ahk
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0DF0DC8C-223B-46D9-A171-7C1523581CFA} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3BC3EA9D-6FE5-4AC2-8224-B2D5251AF8E4} : DHCPNameServer = 10.200.136.17
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Klaorman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Klaorman\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Klaorman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-10 317440]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2011-9-5 122448]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-10 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-10 2655768]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-10 243232]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-12 05:05:50    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-12 05:05:50    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-12 05:05:50    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-12 05:05:49    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 05:05:49    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-12 05:05:49    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-12 05:05:45    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-12 05:05:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M  ====================
.
2014-02-23 08:13:41    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-23 08:11:59    3960320    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-23 06:53:22    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:39:39    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2014-02-23 05:35:24    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
.
============= FINISH: 23:19:54.99 ===============
 

Thanks!

Attached Files



#4 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 02 April 2014 - 01:13 AM

Well, it's been awhile since I posted this. I've researched some of the errors and it seems I probably have to address each one separately, and some of the solutions get involved (like reinstalling .NET). Also, some apps don't display errors at all when I run them, so they'll be hard to fix. I don't think there's any one solution that fixes everything, except for reinstalling Windows. I'm OK with this; I've just ordered recovery disks from Gateway. What do I need to do before I reinstall? I've already been backing up the Libraries every day, so my data has already been saved. I'm not sure where my browsers' bookmarks are saved, so I'll have to find that out and back them up. I'll have to save a list of all of my apps (and license keys) so that I can re-download/reinstall them. Have I forgotten anything?

 

Can someone please take a look at my problem and perhaps propose some solutions before I reinstall (it'll still take a couple of days for the recovery disks to arrive). Thanks!



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:36 PM

Posted 03 April 2014 - 08:38 AM

Greetings Klaorman and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I know you are on track to reinstall your operating system but can you give me an update regarding that. We can certainly dig into the state of your computer to try to resolve things short of that. It is obviously your decision.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 03 April 2014 - 03:35 PM

Thanks, Gary! I'm still waiting for the recovery disks to arrive; they should be here on April 5. In the meantime, I'm surveying my system to make sure I've backed everything up and I'm making a list of all the apps I want to reinstall; there's a lot of junk that I will be dumping. If you can help me, that would be great, though. The thing is, I need to fix my system fairly soon so that I can do my taxes!



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:36 PM

Posted 03 April 2014 - 03:46 PM

Sounds good. We want to be careful not to inadvertently reinfect the new Operating System by returning an infected file to it. There are a couple ways to approach this. Since you have already backed up some of your data it might be best to scan those files once you have everything backed up. Alternatively, we can scan/try to disinfect your computer now then do a fresh backup once (if) your computer is "clean". Either way, we can certainly work on this together if you'd like.

Let me know which you prefer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 03 April 2014 - 03:52 PM

We can do the scan/try to disinfect now, but I can't run AVG or Malwarebytes. I can run Windows Defender; I haven't tried anything else.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:36 PM

Posted 03 April 2014 - 03:58 PM

OK, let's first try to get a snapshot of your computer. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 03 April 2014 - 04:09 PM

Thanks, Gary. Here's FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Klaorman (administrator) on KLAORMAN-PC on 03-04-2014 14:03:42
Running from C:\Users\Klaorman\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Facebook Inc.) C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Klaorman\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\SyncToy 2.1\SyncToy.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [Google Update] - C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-27] (Google Inc.)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [Spotify Web Helper] - C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [PCShowServer] - C:\Users\Klaorman\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [524976 2012-08-16] (NDS Technologies)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Klaorman\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Klaorman\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID 0913a
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [Facebook Update] - C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-26] (Facebook Inc.)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\MountPoints2: {417c3dfd-4e05-11e2-8dba-f80f4110c278} - L:\LaunchU3.exe -a
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scrollwheel Doubleclick.ahk ()
Startup: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sleep.ahk - Shortcut.lnk
ShortcutTarget: Sleep.ahk - Shortcut.lnk -> C:\Users\Klaorman\Documents\AutoHotkey Scripts\Sleep.ahk ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_149.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Klaorman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Klaorman\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Klaorman\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Klaorman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Users\Klaorman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Klaorman\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Klaorman\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: HTTPS-Everywhere - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\Extensions\https-everywhere@eff.org [2014-01-04]
FF Extension: NoScript - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-02]
FF Extension: Adblock Plus - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-18]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (Unity Player) - C:\Users\Klaorman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (PCShow Player Plugin) - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
CHR Plugin: (Google Update) - C:\Users\Klaorman\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Adblock Plus) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-06-19]
CHR Extension: (Google Search) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9173 2011-11-20] ()
S2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 P1C1394; \SystemRoot\System32\Drivers\p1c1394.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 14:03 - 2014-04-03 14:04 - 00019652 _____ () C:\Users\Klaorman\Downloads\FRST.txt
2014-04-03 14:03 - 2014-04-03 14:03 - 00000000 ____D () C:\FRST
2014-04-03 14:00 - 2014-04-03 14:00 - 02157056 _____ (Farbar) C:\Users\Klaorman\Downloads\FRST64.exe
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Ableton
2014-04-02 23:04 - 2014-04-02 23:30 - 00000540 _____ () C:\Users\Klaorman\Documents\Apps to Reinstall.txt
2014-03-30 15:45 - 2014-03-30 15:45 - 05198480 _____ () C:\Users\Klaorman\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-03-28 16:22 - 2014-03-28 16:23 - 38494576 _____ (Apple Inc.) C:\Users\Klaorman\Downloads\SafariSetup.exe
2014-03-28 16:16 - 2014-03-28 16:16 - 00282880 _____ (Mozilla) C:\Users\Klaorman\Downloads\Firefox Setup Stub 28.0.exe
2014-03-27 21:07 - 2014-03-27 21:07 - 00847832 _____ (Google Inc.) C:\Users\Klaorman\Downloads\GoogleVoiceAndVideoSetup.exe
2014-03-21 19:39 - 2014-03-29 15:24 - 00001116 _____ () C:\Users\Klaorman\Documents\Covered California Questions.txt
2014-03-21 18:38 - 2014-03-28 01:27 - 00003459 _____ () C:\Users\Klaorman\Documents\Attach.txt
2014-03-21 18:38 - 2014-03-21 18:38 - 00016404 _____ () C:\Users\Klaorman\Documents\DDS.txt
2014-03-21 18:04 - 2014-03-21 18:04 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup (1).exe
2014-03-21 18:03 - 2014-03-21 18:04 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-21 17:47 - 2014-03-27 23:21 - 00003459 _____ () C:\Users\Klaorman\Desktop\attach.txt
2014-03-21 17:47 - 2014-03-27 23:20 - 00016362 _____ () C:\Users\Klaorman\Desktop\dds.txt
2014-03-21 17:41 - 2014-03-21 17:41 - 00688992 ____R (Swearware) C:\Users\Klaorman\Downloads\dds.com
2014-03-21 17:19 - 2014-03-21 17:19 - 01071000 _____ (Solid State Networks) C:\Users\Klaorman\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-03-21 17:14 - 2014-03-21 17:14 - 00982016 _____ (Farbar) C:\Users\Klaorman\Downloads\MiniToolBox.exe
2014-03-21 17:12 - 2014-03-21 17:12 - 00987448 _____ () C:\Users\Klaorman\Downloads\SecurityCheck.exe
2014-03-21 17:10 - 2014-03-21 17:10 - 00991232 _____ () C:\Users\Klaorman\Downloads\MicrosoftFixit50267.msi
2014-03-19 22:12 - 2014-03-19 22:16 - 00017959 _____ () C:\Users\Klaorman\Documents\Result.txt
2014-03-19 20:58 - 2014-03-19 16:00 - 00987442 _____ () C:\Users\Klaorman\Documents\SecurityCheck.exe
2014-03-19 20:58 - 2014-03-19 16:00 - 00982016 _____ (Farbar) C:\Users\Klaorman\Documents\MiniToolBox.exe
2014-03-19 20:56 - 2014-03-19 20:56 - 00000000 ____D () C:\Users\Klaorman\AppData\Roaming\U3
2014-03-13 13:30 - 2014-02-23 01:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 13:30 - 2014-02-23 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 13:30 - 2014-02-23 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 13:30 - 2014-02-23 01:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 13:30 - 2014-02-23 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 13:30 - 2014-02-23 01:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 13:30 - 2014-02-22 23:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 13:30 - 2014-02-22 23:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 13:30 - 2014-02-22 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 13:30 - 2014-02-22 23:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 13:30 - 2014-02-22 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-13 13:30 - 2014-02-22 22:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-11 22:05 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 22:05 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 22:05 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 22:05 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 22:05 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 22:05 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 22:05 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 22:05 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-04-03 14:04 - 2014-04-03 14:03 - 00019652 _____ () C:\Users\Klaorman\Downloads\FRST.txt
2014-04-03 14:03 - 2014-04-03 14:03 - 00000000 ____D () C:\FRST
2014-04-03 14:00 - 2014-04-03 14:00 - 02157056 _____ (Farbar) C:\Users\Klaorman\Downloads\FRST64.exe
2014-04-03 13:55 - 2011-08-02 23:42 - 00000000 ____D () C:\Users\Klaorman\AppData\Roaming\Spotify
2014-04-03 13:31 - 2011-01-26 00:48 - 01301907 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 13:30 - 2012-04-10 11:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 13:27 - 2013-10-26 16:22 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job
2014-04-03 13:13 - 2011-10-27 06:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job
2014-04-03 11:42 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 11:42 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 11:34 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 11:34 - 2009-07-13 21:51 - 00158358 _____ () C:\Windows\setupact.log
2014-04-02 23:30 - 2014-04-02 23:04 - 00000540 _____ () C:\Users\Klaorman\Documents\Apps to Reinstall.txt
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Ableton
2014-04-02 21:51 - 2011-06-02 21:05 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE3435F9-13D4-4D0A-80C1-D27568558321}
2014-04-02 21:37 - 2011-10-27 06:30 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job
2014-04-02 21:32 - 2013-10-26 16:22 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job
2014-04-02 13:45 - 2011-06-13 14:03 - 00000000 ____D () C:\Users\Klaorman\AppData\Local\Paint.NET
2014-04-02 13:39 - 2009-07-13 22:13 - 00751822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 21:46 - 2010-11-10 20:45 - 00000000 ___HD () C:\OEM
2014-03-30 15:45 - 2014-03-30 15:45 - 05198480 _____ () C:\Users\Klaorman\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-03-29 15:24 - 2014-03-21 19:39 - 00001116 _____ () C:\Users\Klaorman\Documents\Covered California Questions.txt
2014-03-29 09:28 - 2011-08-02 23:42 - 00000000 ____D () C:\Users\Klaorman\AppData\Local\Spotify
2014-03-28 16:23 - 2014-03-28 16:22 - 38494576 _____ (Apple Inc.) C:\Users\Klaorman\Downloads\SafariSetup.exe
2014-03-28 16:16 - 2014-03-28 16:16 - 00282880 _____ (Mozilla) C:\Users\Klaorman\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 01:27 - 2014-03-21 18:38 - 00003459 _____ () C:\Users\Klaorman\Documents\Attach.txt
2014-03-27 23:21 - 2014-03-21 17:47 - 00003459 _____ () C:\Users\Klaorman\Desktop\attach.txt
2014-03-27 23:20 - 2014-03-21 17:47 - 00016362 _____ () C:\Users\Klaorman\Desktop\dds.txt
2014-03-27 21:08 - 2011-10-27 06:30 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA
2014-03-27 21:08 - 2011-10-27 06:30 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core
2014-03-27 21:07 - 2014-03-27 21:07 - 00847832 _____ (Google Inc.) C:\Users\Klaorman\Downloads\GoogleVoiceAndVideoSetup.exe
2014-03-21 18:38 - 2014-03-21 18:38 - 00016404 _____ () C:\Users\Klaorman\Documents\DDS.txt
2014-03-21 18:04 - 2014-03-21 18:04 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup (1).exe
2014-03-21 18:04 - 2014-03-21 18:03 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-21 17:41 - 2014-03-21 17:41 - 00688992 ____R (Swearware) C:\Users\Klaorman\Downloads\dds.com
2014-03-21 17:19 - 2014-03-21 17:19 - 01071000 _____ (Solid State Networks) C:\Users\Klaorman\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-03-21 17:14 - 2014-03-21 17:14 - 00982016 _____ (Farbar) C:\Users\Klaorman\Downloads\MiniToolBox.exe
2014-03-21 17:12 - 2014-03-21 17:12 - 00987448 _____ () C:\Users\Klaorman\Downloads\SecurityCheck.exe
2014-03-21 17:10 - 2014-03-21 17:10 - 00991232 _____ () C:\Users\Klaorman\Downloads\MicrosoftFixit50267.msi
2014-03-19 22:16 - 2014-03-19 22:12 - 00017959 _____ () C:\Users\Klaorman\Documents\Result.txt
2014-03-19 22:14 - 2012-10-08 20:55 - 00002271 _____ () C:\Users\Klaorman\.lmmsrc.xml
2014-03-19 21:00 - 2013-08-15 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 20:57 - 2011-06-14 00:07 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 20:56 - 2014-03-19 20:56 - 00000000 ____D () C:\Users\Klaorman\AppData\Roaming\U3
2014-03-19 16:00 - 2014-03-19 20:58 - 00987442 _____ () C:\Users\Klaorman\Documents\SecurityCheck.exe
2014-03-19 16:00 - 2014-03-19 20:58 - 00982016 _____ (Farbar) C:\Users\Klaorman\Documents\MiniToolBox.exe
2014-03-17 19:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-16 18:11 - 2014-01-15 23:00 - 00001741 _____ () C:\Users\Klaorman\Documents\Virus on PC Post.txt
2014-03-14 18:18 - 2009-07-13 21:45 - 00330752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:15 - 2013-09-02 16:38 - 00000000 ____D () C:\Users\Klaorman\.hydrogen
2014-03-05 16:01 - 2011-06-15 11:01 - 00000000 ____D () C:\Users\Klaorman\Documents\OnLive App

Files to move or delete:
====================
C:\Users\Klaorman\SyncToy_3a3cf3a2-d875-41fc-92c1-cb7db2998dda.dat


Some content of TEMP:
====================
C:\Users\Klaorman\AppData\Local\Temp\{2B26A63D-F1C8-4628-B3A2-38D426FE8D1F}-GoogleUpdateSetup.exe
C:\Users\Klaorman\AppData\Local\Temp\{A4A1BD7A-47B5-4833-9F65-8144DF14E8AB}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-01 14:45

==================== End Of Log ============================

 

 

And Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Klaorman at 2014-04-03 14:04:50
Running from C:\Users\Klaorman\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4158 - AVG Technologies)
AVG 2014 (Version: 14.0.3629 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Blender (HKLM\...\Blender) (Version: 2.65a-release - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 30.0.1599.101 - Google Inc.)
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Lightspeed 8.0.1 x64 (HKLM\...\{A28437D9-2BC4-4CAC-9FE4-6A41A6E8E2C5}) (Version: 8.0.1 - Lightspeed Trading)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MAGIX Independence Libraries Common Files (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 RTAS-Plugins (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 VST-Plugins (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.1 (Version: 3.1.0.69 - MAGIX AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
MySQL Connector C 6.0.2 (HKLM\...\{5B6A2A7C-658E-4661-A254-3C36F5B63943}) (Version: 6.0.2 - Sun Microsystems)
MySQL Connector C++ 1.1.0 (HKLM\...\{3C481CDB-34E8-4CEF-B487-4C9C60530CFC}) (Version: 1.1.0 - Oracle and/or its affiliates)
MySQL Connector/ODBC 5.1 (HKLM\...\{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}) (Version: 5.1.8 - Oracle Corporation)
MySQL Server 5.5 (HKLM\...\{CE2D87BC-6FDE-4052-A236-7789E64279B6}) (Version: 5.5.17 - Oracle Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Photobook Designer (HKCU\...\Photobook Designer) (Version: Photobook Designer 2.5.8 - Photobook US)
Rdio (HKCU\...\978ebae4705a27c4) (Version: 1.12.0.0 - Rdio)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TWS Demo (HKCU\...\TWS Demo) (Version:  - Interactive Brokers)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Windows Driver Package - Leaf Imaging Ltd. Image  (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010  - Leaf Imaging Ltd.)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 - WinZip Computing, S.L. )

==================== Restore Points  =========================

21-03-2014 22:53:38 Windows Update
22-03-2014 00:21:04 Installed Microsoft Fix it 50267
22-03-2014 00:26:52 Installed Microsoft Fix it 50267
22-03-2014 00:28:19 Installed Microsoft Fix it 50267
23-03-2014 02:18:59 Windows Update
25-03-2014 18:35:41 Windows Update
28-03-2014 03:27:03 Windows Update
28-03-2014 22:29:48 Windows Update
29-03-2014 16:32:43 Windows Update
30-03-2014 21:18:16 Windows Update
31-03-2014 21:48:08 Windows Update
01-04-2014 20:41:15 Windows Update
02-04-2014 18:58:26 Windows Update
03-04-2014 18:39:59 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FACF6F3-C860-46D6-B95A-60D3E046B451} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-26] (Facebook Inc.)
Task: {43B00095-D32F-41B8-B198-ADFAEACF5431} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-26] (Facebook Inc.)
Task: {471DC2A1-36A4-4A86-A7BA-D9E5612A44BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27] (Google Inc.)
Task: {4ED6F7C9-AAFB-457F-A83B-38778700413A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27] (Google Inc.)
Task: {66582E31-ABDF-4699-9E00-6BF515925B5C} - System32\Tasks\{6543E74A-0C98-4277-B044-00D79F80CD4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {99CCCCF2-0CB6-4CEA-9898-0EDE29939A89} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2010-08-18] (Acer)
Task: {B7285C18-29E4-417A-84F6-206EA5F431EA} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {CBEECBFC-88D7-4F17-BC37-423EC983F092} - System32\Tasks\Ad-Aware Scan (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {E918C2E0-323D-40F1-8648-115E8BEB2CB6} - System32\Tasks\Ad-Aware Scan (Daily) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F046D6EC-862C-4382-A11A-999F8DC4A1A4} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F5555466-8A03-4D4C-A4EF-D970BCB79A1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F6C10EB7-C558-41EE-9EB7-00F500749843} - System32\Tasks\SyncToy Backup => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {FC386F74-B1A7-4BE4-A740-A96BF7DBB818} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2011-10-12 15:37 - 2011-10-12 15:37 - 09670656 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-30 21:07 - 2011-04-30 21:07 - 01333248 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2013-09-23 23:11 - 2014-01-15 22:02 - 00603648 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2011-06-02 13:49 - 2013-05-30 14:39 - 01952696 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-01-12 01:06 - 2014-01-15 22:02 - 36967424 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-17 19:35 - 2013-10-08 17:01 - 00698832 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-17 19:35 - 2013-10-08 17:01 - 00099792 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-17 19:35 - 2013-10-08 17:02 - 04055504 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-17 19:35 - 2013-10-08 17:02 - 00415184 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-17 19:35 - 2013-10-08 17:01 - 01604560 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-17 19:35 - 2013-10-08 17:02 - 13584336 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
2013-09-23 23:11 - 2014-01-15 22:02 - 00887808 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-23 23:11 - 2014-01-15 22:02 - 00109568 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Sftfs
Description: Sftfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Sftfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 02:00:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 02:00:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 01:38:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 01:38:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 01:38:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/03/2014 01:28:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.


System errors:
=============
Error: (04/03/2014 11:50:10 AM) (Source: DCOM) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (04/03/2014 11:47:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2901110).

Error: (04/03/2014 11:46:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (04/03/2014 11:46:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121).

Error: (04/03/2014 11:44:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2898855).

Error: (04/03/2014 11:44:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition.

Error: (04/03/2014 11:44:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367).

Error: (04/03/2014 11:44:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).

Error: (04/03/2014 11:43:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).

Error: (04/03/2014 11:37:16 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated with the following error:
%%-2146893799


Microsoft Office Sessions:
=========================
Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 02:00:48 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 02:00:47 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 02:00:47 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 01:38:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 01:38:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 01:38:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/03/2014 01:28:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.


CodeIntegrity Errors:
===================================
  Date: 2011-11-03 07:14:19.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:14:19.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:06:17.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:06:17.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 06:25:02.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 06:25:02.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-02 09:25:54.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-02 09:25:54.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-05 10:04:47.022
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-05 10:04:46.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 95%
Total physical RAM: 6056.03 MB
Available physical RAM: 298.43 MB
Total Pagefile: 12110.24 MB
Available Pagefile: 4925.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:1384.17 GB) (Free:637.44 GB) NTFS
Drive e: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:788.03 GB) NTFS
Drive k: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:273.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DFE53044)

Partition: GPT Partition Type.

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: BEF48E51)

Partition: GPT Partition Type.

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 8C96E065)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:36 PM

Posted 03 April 2014 - 08:27 PM

Greetings,

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
C:\Users\Klaorman\SyncToy_3a3cf3a2-d875-41fc-92c1-cb7db2998dda.dat
C:\Users\Klaorman\AppData\Local\Temp\{2B26A63D-F1C8-4628-B3A2-38D426FE8D1F}-GoogleUpdateSetup.exe
C:\Users\Klaorman\AppData\Local\Temp\{A4A1BD7A-47B5-4833-9F65-8144DF14E8AB}-GoogleUpdateSetup.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 04 April 2014 - 12:02 AM

Here's the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Klaorman at 2014-04-03 21:36:44 Run:1
Running from C:\Users\Klaorman\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
C:\Users\Klaorman\SyncToy_3a3cf3a2-d875-41fc-92c1-cb7db2998dda.dat
C:\Users\Klaorman\AppData\Local\Temp\{2B26A63D-F1C8-4628-B3A2-38D426FE8D1F}-GoogleUpdateSetup.exe
C:\Users\Klaorman\AppData\Local\Temp\{A4A1BD7A-47B5-4833-9F65-8144DF14E8AB}-GoogleUpdateSetup.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
C:\Users\Klaorman\SyncToy_3a3cf3a2-d875-41fc-92c1-cb7db2998dda.dat => Moved successfully.
C:\Users\Klaorman\AppData\Local\Temp\{2B26A63D-F1C8-4628-B3A2-38D426FE8D1F}-GoogleUpdateSetup.exe => Moved successfully.
C:\Users\Klaorman\AppData\Local\Temp\{A4A1BD7A-47B5-4833-9F65-8144DF14E8AB}-GoogleUpdateSetup.exe => Moved successfully.

==== End of Fixlog ====

 

Nothing has changed; my computer is behaving exactly as I've described in my initial post. I've even rebooted to make sure.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:36 PM

Posted 04 April 2014 - 08:12 AM

OK,

 

A couple of the things we fixed were significant issues.  However, a deep infection can cause the infection to return.  In order to check for that please rerun FRST including checking Additon.txt and post the results.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 04 April 2014 - 12:32 PM

Here's FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Klaorman (administrator) on KLAORMAN-PC on 04-04-2014 10:22:35
Running from C:\Users\Klaorman\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Facebook Inc.) C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Klaorman\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [Google Update] - C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-27] (Google Inc.)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [Spotify Web Helper] - C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [PCShowServer] - C:\Users\Klaorman\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [524976 2012-08-16] (NDS Technologies)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Klaorman\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Klaorman\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 19e5602e24bb47d1a5ed294607f42b8b-a5b514844ede9bf508fecfd436dfcc63c9786212 --CMPID 0913a
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\Run: [Facebook Update] - C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-26] (Facebook Inc.)
HKU\S-1-5-21-1998001541-2882071857-942670663-1001\...\MountPoints2: {417c3dfd-4e05-11e2-8dba-f80f4110c278} - L:\LaunchU3.exe -a
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scrollwheel Doubleclick.ahk ()
Startup: C:\Users\Klaorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sleep.ahk - Shortcut.lnk
ShortcutTarget: Sleep.ahk - Shortcut.lnk -> C:\Users\Klaorman\Documents\AutoHotkey Scripts\Sleep.ahk ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_149.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Klaorman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Klaorman\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Klaorman\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Klaorman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Users\Klaorman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Klaorman\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Klaorman\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: HTTPS-Everywhere - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\Extensions\https-everywhere@eff.org [2014-01-04]
FF Extension: NoScript - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-02]
FF Extension: Adblock Plus - C:\Users\Klaorman\AppData\Roaming\Mozilla\Firefox\Profiles\fkkmycyp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-18]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Klaorman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (OnLive Game Client Detector) - C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (Unity Player) - C:\Users\Klaorman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (PCShow Player Plugin) - C:\Users\Klaorman\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
CHR Plugin: (Google Update) - C:\Users\Klaorman\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Adblock Plus) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-06-19]
CHR Extension: (Google Search) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Klaorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9173 2011-11-20] ()
S2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 P1C1394; \SystemRoot\System32\Drivers\p1c1394.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 10:22 - 2014-04-04 10:23 - 00019408 _____ () C:\Users\Klaorman\Downloads\FRST.txt
2014-04-03 14:04 - 2014-04-03 14:05 - 00029985 _____ () C:\Users\Klaorman\Downloads\Addition_1.txt
2014-04-03 14:03 - 2014-04-04 10:22 - 00000000 ____D () C:\FRST
2014-04-03 14:03 - 2014-04-03 14:05 - 00033727 _____ () C:\Users\Klaorman\Downloads\FRST_1.txt
2014-04-03 14:00 - 2014-04-03 14:00 - 02157056 _____ (Farbar) C:\Users\Klaorman\Downloads\FRST64.exe
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Ableton
2014-04-02 23:04 - 2014-04-02 23:30 - 00000540 _____ () C:\Users\Klaorman\Documents\Apps to Reinstall.txt
2014-03-30 15:45 - 2014-03-30 15:45 - 05198480 _____ () C:\Users\Klaorman\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-03-28 16:22 - 2014-03-28 16:23 - 38494576 _____ (Apple Inc.) C:\Users\Klaorman\Downloads\SafariSetup.exe
2014-03-28 16:16 - 2014-03-28 16:16 - 00282880 _____ (Mozilla) C:\Users\Klaorman\Downloads\Firefox Setup Stub 28.0.exe
2014-03-27 21:07 - 2014-03-27 21:07 - 00847832 _____ (Google Inc.) C:\Users\Klaorman\Downloads\GoogleVoiceAndVideoSetup.exe
2014-03-21 19:39 - 2014-03-29 15:24 - 00001116 _____ () C:\Users\Klaorman\Documents\Covered California Questions.txt
2014-03-21 18:38 - 2014-03-28 01:27 - 00003459 _____ () C:\Users\Klaorman\Documents\Attach.txt
2014-03-21 18:38 - 2014-03-21 18:38 - 00016404 _____ () C:\Users\Klaorman\Documents\DDS.txt
2014-03-21 18:04 - 2014-03-21 18:04 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup (1).exe
2014-03-21 18:03 - 2014-03-21 18:04 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-21 17:47 - 2014-03-27 23:21 - 00003459 _____ () C:\Users\Klaorman\Desktop\attach.txt
2014-03-21 17:47 - 2014-03-27 23:20 - 00016362 _____ () C:\Users\Klaorman\Desktop\dds.txt
2014-03-21 17:41 - 2014-03-21 17:41 - 00688992 ____R (Swearware) C:\Users\Klaorman\Downloads\dds.com
2014-03-21 17:19 - 2014-03-21 17:19 - 01071000 _____ (Solid State Networks) C:\Users\Klaorman\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-03-21 17:14 - 2014-03-21 17:14 - 00982016 _____ (Farbar) C:\Users\Klaorman\Downloads\MiniToolBox.exe
2014-03-21 17:12 - 2014-03-21 17:12 - 00987448 _____ () C:\Users\Klaorman\Downloads\SecurityCheck.exe
2014-03-21 17:10 - 2014-03-21 17:10 - 00991232 _____ () C:\Users\Klaorman\Downloads\MicrosoftFixit50267.msi
2014-03-19 22:12 - 2014-03-19 22:16 - 00017959 _____ () C:\Users\Klaorman\Documents\Result.txt
2014-03-19 20:58 - 2014-03-19 16:00 - 00987442 _____ () C:\Users\Klaorman\Documents\SecurityCheck.exe
2014-03-19 20:58 - 2014-03-19 16:00 - 00982016 _____ (Farbar) C:\Users\Klaorman\Documents\MiniToolBox.exe
2014-03-19 20:56 - 2014-03-19 20:56 - 00000000 ____D () C:\Users\Klaorman\AppData\Roaming\U3
2014-03-13 13:30 - 2014-02-23 01:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 13:30 - 2014-02-23 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 13:30 - 2014-02-23 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 13:30 - 2014-02-23 01:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 13:30 - 2014-02-23 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 13:30 - 2014-02-23 01:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 13:30 - 2014-02-23 01:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 13:30 - 2014-02-22 23:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 13:30 - 2014-02-22 23:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 13:30 - 2014-02-22 23:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 13:30 - 2014-02-22 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 13:30 - 2014-02-22 23:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 13:30 - 2014-02-22 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-13 13:30 - 2014-02-22 22:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-11 22:05 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 22:05 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 22:05 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 22:05 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 22:05 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 22:05 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 22:05 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 22:05 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-04-04 10:24 - 2011-08-02 23:42 - 00000000 ____D () C:\Users\Klaorman\AppData\Roaming\Spotify
2014-04-04 10:23 - 2014-04-04 10:22 - 00019408 _____ () C:\Users\Klaorman\Downloads\FRST.txt
2014-04-04 10:23 - 2011-01-26 00:48 - 01366436 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 10:22 - 2014-04-03 14:03 - 00000000 ____D () C:\FRST
2014-04-04 10:18 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 10:18 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 10:13 - 2011-10-27 06:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job
2014-04-04 10:06 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 10:06 - 2009-07-13 21:51 - 00158470 _____ () C:\Windows\setupact.log
2014-04-04 00:58 - 2012-04-10 11:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 00:57 - 2013-10-26 16:22 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job
2014-04-03 21:43 - 2011-10-27 06:30 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job
2014-04-03 21:36 - 2011-06-02 12:43 - 00000000 ____D () C:\Users\Klaorman
2014-04-03 21:31 - 2013-10-26 16:22 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job
2014-04-03 14:05 - 2014-04-03 14:04 - 00029985 _____ () C:\Users\Klaorman\Downloads\Addition_1.txt
2014-04-03 14:05 - 2014-04-03 14:03 - 00033727 _____ () C:\Users\Klaorman\Downloads\FRST_1.txt
2014-04-03 14:00 - 2014-04-03 14:00 - 02157056 _____ (Farbar) C:\Users\Klaorman\Downloads\FRST64.exe
2014-04-02 23:30 - 2014-04-02 23:04 - 00000540 _____ () C:\Users\Klaorman\Documents\Apps to Reinstall.txt
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Ableton
2014-04-02 21:51 - 2011-06-02 21:05 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE3435F9-13D4-4D0A-80C1-D27568558321}
2014-04-02 13:45 - 2011-06-13 14:03 - 00000000 ____D () C:\Users\Klaorman\AppData\Local\Paint.NET
2014-04-02 13:39 - 2009-07-13 22:13 - 00751822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 21:46 - 2010-11-10 20:45 - 00000000 ___HD () C:\OEM
2014-03-30 15:45 - 2014-03-30 15:45 - 05198480 _____ () C:\Users\Klaorman\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-03-29 15:24 - 2014-03-21 19:39 - 00001116 _____ () C:\Users\Klaorman\Documents\Covered California Questions.txt
2014-03-29 09:28 - 2011-08-02 23:42 - 00000000 ____D () C:\Users\Klaorman\AppData\Local\Spotify
2014-03-28 16:23 - 2014-03-28 16:22 - 38494576 _____ (Apple Inc.) C:\Users\Klaorman\Downloads\SafariSetup.exe
2014-03-28 16:16 - 2014-03-28 16:16 - 00282880 _____ (Mozilla) C:\Users\Klaorman\Downloads\Firefox Setup Stub 28.0.exe
2014-03-28 01:27 - 2014-03-21 18:38 - 00003459 _____ () C:\Users\Klaorman\Documents\Attach.txt
2014-03-27 23:21 - 2014-03-21 17:47 - 00003459 _____ () C:\Users\Klaorman\Desktop\attach.txt
2014-03-27 23:20 - 2014-03-21 17:47 - 00016362 _____ () C:\Users\Klaorman\Desktop\dds.txt
2014-03-27 21:08 - 2011-10-27 06:30 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA
2014-03-27 21:08 - 2011-10-27 06:30 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core
2014-03-27 21:07 - 2014-03-27 21:07 - 00847832 _____ (Google Inc.) C:\Users\Klaorman\Downloads\GoogleVoiceAndVideoSetup.exe
2014-03-21 18:38 - 2014-03-21 18:38 - 00016404 _____ () C:\Users\Klaorman\Documents\DDS.txt
2014-03-21 18:04 - 2014-03-21 18:04 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup (1).exe
2014-03-21 18:04 - 2014-03-21 18:03 - 34734328 _____ (Opera Software ASA) C:\Users\Klaorman\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-21 17:41 - 2014-03-21 17:41 - 00688992 ____R (Swearware) C:\Users\Klaorman\Downloads\dds.com
2014-03-21 17:19 - 2014-03-21 17:19 - 01071000 _____ (Solid State Networks) C:\Users\Klaorman\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-03-21 17:14 - 2014-03-21 17:14 - 00982016 _____ (Farbar) C:\Users\Klaorman\Downloads\MiniToolBox.exe
2014-03-21 17:12 - 2014-03-21 17:12 - 00987448 _____ () C:\Users\Klaorman\Downloads\SecurityCheck.exe
2014-03-21 17:10 - 2014-03-21 17:10 - 00991232 _____ () C:\Users\Klaorman\Downloads\MicrosoftFixit50267.msi
2014-03-19 22:16 - 2014-03-19 22:12 - 00017959 _____ () C:\Users\Klaorman\Documents\Result.txt
2014-03-19 22:14 - 2012-10-08 20:55 - 00002271 _____ () C:\Users\Klaorman\.lmmsrc.xml
2014-03-19 21:00 - 2013-08-15 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 20:57 - 2011-06-14 00:07 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 20:56 - 2014-03-19 20:56 - 00000000 ____D () C:\Users\Klaorman\AppData\Roaming\U3
2014-03-19 16:00 - 2014-03-19 20:58 - 00987442 _____ () C:\Users\Klaorman\Documents\SecurityCheck.exe
2014-03-19 16:00 - 2014-03-19 20:58 - 00982016 _____ (Farbar) C:\Users\Klaorman\Documents\MiniToolBox.exe
2014-03-17 19:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-16 18:11 - 2014-01-15 23:00 - 00001741 _____ () C:\Users\Klaorman\Documents\Virus on PC Post.txt
2014-03-14 18:18 - 2009-07-13 21:45 - 00330752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:15 - 2013-09-02 16:38 - 00000000 ____D () C:\Users\Klaorman\.hydrogen
2014-03-05 16:01 - 2011-06-15 11:01 - 00000000 ____D () C:\Users\Klaorman\Documents\OnLive App

Some content of TEMP:
====================
C:\Users\Klaorman\AppData\Local\Temp\{F1E61B75-79CF-4FF4-8200-E2EFE5906958}-33.0.1750.154_chrome_installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-01 14:45

==================== End Of Log ============================

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Klaorman at 2014-04-04 10:25:47
Running from C:\Users\Klaorman\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4158 - AVG Technologies)
AVG 2014 (Version: 14.0.3629 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Blender (HKLM\...\Blender) (Version: 2.65a-release - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 30.0.1599.101 - Google Inc.)
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Lightspeed 8.0.1 x64 (HKLM\...\{A28437D9-2BC4-4CAC-9FE4-6A41A6E8E2C5}) (Version: 8.0.1 - Lightspeed Trading)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MAGIX Independence Libraries Common Files (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 RTAS-Plugins (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 VST-Plugins (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.1 (Version: 3.1.0.69 - MAGIX AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
MySQL Connector C 6.0.2 (HKLM\...\{5B6A2A7C-658E-4661-A254-3C36F5B63943}) (Version: 6.0.2 - Sun Microsystems)
MySQL Connector C++ 1.1.0 (HKLM\...\{3C481CDB-34E8-4CEF-B487-4C9C60530CFC}) (Version: 1.1.0 - Oracle and/or its affiliates)
MySQL Connector/ODBC 5.1 (HKLM\...\{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}) (Version: 5.1.8 - Oracle Corporation)
MySQL Server 5.5 (HKLM\...\{CE2D87BC-6FDE-4052-A236-7789E64279B6}) (Version: 5.5.17 - Oracle Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Photobook Designer (HKCU\...\Photobook Designer) (Version: Photobook Designer 2.5.8 - Photobook US)
Rdio (HKCU\...\978ebae4705a27c4) (Version: 1.12.0.0 - Rdio)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TWS Demo (HKCU\...\TWS Demo) (Version:  - Interactive Brokers)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Windows Driver Package - Leaf Imaging Ltd. Image  (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010  - Leaf Imaging Ltd.)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 - WinZip Computing, S.L. )

==================== Restore Points  =========================

21-03-2014 22:53:38 Windows Update
22-03-2014 00:21:04 Installed Microsoft Fix it 50267
22-03-2014 00:26:52 Installed Microsoft Fix it 50267
22-03-2014 00:28:19 Installed Microsoft Fix it 50267
23-03-2014 02:18:59 Windows Update
25-03-2014 18:35:41 Windows Update
28-03-2014 03:27:03 Windows Update
28-03-2014 22:29:48 Windows Update
29-03-2014 16:32:43 Windows Update
30-03-2014 21:18:16 Windows Update
31-03-2014 21:48:08 Windows Update
01-04-2014 20:41:15 Windows Update
02-04-2014 18:58:26 Windows Update
03-04-2014 18:39:59 Windows Update
04-04-2014 17:16:37 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FACF6F3-C860-46D6-B95A-60D3E046B451} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-26] (Facebook Inc.)
Task: {43B00095-D32F-41B8-B198-ADFAEACF5431} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-26] (Facebook Inc.)
Task: {471DC2A1-36A4-4A86-A7BA-D9E5612A44BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27] (Google Inc.)
Task: {4ED6F7C9-AAFB-457F-A83B-38778700413A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27] (Google Inc.)
Task: {66582E31-ABDF-4699-9E00-6BF515925B5C} - System32\Tasks\{6543E74A-0C98-4277-B044-00D79F80CD4B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {99CCCCF2-0CB6-4CEA-9898-0EDE29939A89} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2010-08-18] (Acer)
Task: {B7285C18-29E4-417A-84F6-206EA5F431EA} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {CBEECBFC-88D7-4F17-BC37-423EC983F092} - System32\Tasks\Ad-Aware Scan (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {E918C2E0-323D-40F1-8648-115E8BEB2CB6} - System32\Tasks\Ad-Aware Scan (Daily) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F046D6EC-862C-4382-A11A-999F8DC4A1A4} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F5555466-8A03-4D4C-A4EF-D970BCB79A1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F6C10EB7-C558-41EE-9EB7-00F500749843} - System32\Tasks\SyncToy Backup => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {FC386F74-B1A7-4BE4-A740-A96BF7DBB818} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job => C:\Users\Klaorman\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001Core.job => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1998001541-2882071857-942670663-1001UA.job => C:\Users\Klaorman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2011-10-12 15:37 - 2011-10-12 15:37 - 09670656 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-30 21:07 - 2011-04-30 21:07 - 01333248 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2013-09-23 23:11 - 2014-01-15 22:02 - 00603648 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2011-06-02 13:49 - 2013-05-30 14:39 - 01952696 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-01-12 01:06 - 2014-01-15 22:02 - 36967424 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-17 19:35 - 2013-10-08 17:01 - 00698832 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-17 19:35 - 2013-10-08 17:01 - 00099792 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-17 19:35 - 2013-10-08 17:02 - 04055504 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-17 19:35 - 2013-10-08 17:02 - 00415184 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-17 19:35 - 2013-10-08 17:01 - 01604560 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-17 19:35 - 2013-10-08 17:02 - 13584336 _____ () C:\Users\Klaorman\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
2013-09-23 23:11 - 2014-01-15 22:02 - 00887808 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-23 23:11 - 2014-01-15 22:02 - 00109568 _____ () C:\Users\Klaorman\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Sftfs
Description: Sftfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Sftfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2014 10:23:56 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/04/2014 10:23:56 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (04/04/2014 10:20:09 AM) (Source: Google Update) (User: Klaorman-PC)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x

Error: (04/04/2014 10:09:40 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.


System errors:
=============
Error: (04/04/2014 10:26:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (04/04/2014 10:25:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121).

Error: (04/04/2014 10:24:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2898855).

Error: (04/04/2014 10:24:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition.

Error: (04/04/2014 10:23:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367).

Error: (04/04/2014 10:23:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).

Error: (04/04/2014 10:22:00 AM) (Source: DCOM) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (04/04/2014 10:21:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).

Error: (04/04/2014 10:16:09 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated with the following error:
%%-2146893799

Error: (04/04/2014 10:15:56 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (04/04/2014 10:23:56 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Click-to-Run 2010Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (04/04/2014 10:23:56 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/04/2014 10:20:09 AM) (Source: Google Update)(User: Klaorman-PC)
Description: Network Request Error.
Error: 0x80040880. Http status code: 200.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040880. Http status code 200.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x

Error: (04/04/2014 10:09:40 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (04/04/2014 10:09:38 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.


CodeIntegrity Errors:
===================================
  Date: 2011-11-03 07:14:19.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:14:19.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:06:17.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:06:17.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 06:25:02.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 06:25:02.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-02 09:25:54.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-02 09:25:54.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-05 10:04:47.022
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-05 10:04:46.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 94%
Total physical RAM: 6056.03 MB
Available physical RAM: 355.89 MB
Total Pagefile: 12110.24 MB
Available Pagefile: 4945.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:1384.17 GB) (Free:637.14 GB) NTFS
Drive e: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:788.03 GB) NTFS
Drive k: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:273.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DFE53044)

Partition: GPT Partition Type.

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: BEF48E51)

Partition: GPT Partition Type.

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 8C96E065)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks, Gary.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:36 PM

Posted 04 April 2014 - 12:45 PM

OK, those entries did not return. We are going to keep pressing deeper. Please do these things.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users