Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupt Windows 8 or Serious Virus???---Many missing windows files


  • This topic is locked This topic is locked
12 replies to this topic

#1 Bianca KS

Bianca KS

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 18 June 2014 - 04:48 AM

Keep getting error message after just a few minutes of reboot that Windows has ceased functioning.  Ran Hijack This log and there are many missing Windows files.  Tried to restore to earlier point and it took me back to very beginning...lost all my anti-virus/anti-malware programs (among other programs as well).  It restored an expired and uninstalled Norton Internet Security.  I uninstalled that again because it made things even worse.

 

 Computer still won't stay on longer than a few minutes.  Trying to copy my important files and computer keeps freezing during that as well.  Can't update to Windows 8.1  Purchased an upgrade Key but can't figure out how to perform that function.

 

Please help.  Many important files at risk.  Before this, I ran scans daily...Webroot Internet Security, SuperAntispyware, Malwarebytes...all came back clean.   I did download PC Matic and it did remove some files...but computer was freezing before I did that.

 

Reinstalled Webroot Internet Security Complete and no virus found.  Am using a different computer to post this.

 

Thanks so much!

Bianca KS

 

Hijack This Log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:07:31 PM, on 6/17/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Users\LLF LLC\Documents\SOFTBACK\HIJACK THIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem11.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 7719 bytes

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 22 June 2014 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not compatible with your version of Windows.

Download these tools to a CD of Flash drive using a good computer.

Copy the file to the Desktop of the problem computer.

Run the in the order listed.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Post the logs for my review.

#3 Bianca KS

Bianca KS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 22 June 2014 - 02:25 PM

Hello Nasdaq... Thank you for your help.  A couple of quick questions before I run these on my messed up computer:

 

1.  Will this affect any of my files because I am still limping along in trying to copy the files to an external drive (having particular problem with mp3 file copying), and

 

2.  Should I do this in safe mode or does it matter?

 

Thanks so much!

 

BKS



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 23 June 2014 - 07:33 AM

This will not have any bad effect on your Files.

The RogueKiller will remove bad processes only.
The FRST tool will only Scan the computer and give me details to look at.

Would be better if run in normal mode, if not the use Safe Mode.

Edited by nasdaq, 23 June 2014 - 07:34 AM.


#5 Bianca KS

Bianca KS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 23 June 2014 - 08:27 PM

Okay...I ran those two programs, as directed above.  Here are the reports generated.  The Rogue Killer only found Registry Entries to delete, which I did.  Everything else appeared clear.  However, I would note that it states User 1 AND User 2 "OK".  I only have 1 user (unless they are counting Administrator). 

 

Also, in the second log, it states that Windows Defender is disabled but up to date.  I don't know how it could be up to date, I can't even get it to turn on.   

 

Once we are able to determine what the issue is...If possible, I would like to know how to turn off all the non-essential programs or most anything on autorun.  I don't like the Bing bars or any of the non-web security auto-add ons.

 

I also note it says my "start page" is an msn address.  That isn't correct.  It should be AOL as my start or home page. 

 

Much thanks again for your help.  I hope there are some answers in these logs.   BKS

 

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : LLF LLC [Admin rights]
Mode : Remove -- Date : 06/23/2014  17:28:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SATA Disk Device +++++
--- User ---
[MBR] fd5d04ff4e7f0cb683a8bad10d421cee
[BSP] 4701b44624b6a6e47398c86965913293 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_06232014_172246.log

 

===============================================================================================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by LLF LLC at 2014-06-23 17:32:14
Running from C:\Users\LLF LLC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1711.120 - Alps Electric)
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A5E09CCF-DC87-9063-764F-CF6D5FC00766}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3919 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2817 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A0589A51-8D50-448D-97F2-99019B82F009}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 10.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.12 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-07-25 22:26 - 2014-06-23 17:25 - 00000768 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3F8E4AD6-5799-4005-A19D-BF5F54BB21BA} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {4C9CB084-3CD6-40CB-B2F9-EC42544E2286} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {7D2E843D-2027-46A9-BC70-0B3A188660A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7DBBD36F-2D87-413E-B1DE-58532D78F391} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {91384541-0D5C-4171-96DF-10348D711F19} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CCC0324A-29BC-4A65-9442-3191C3E479F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

==================== Loaded Modules (whitelisted) =============

2013-03-13 09:41 - 2013-03-13 09:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (06/23/2014 05:12:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:12:56 PM on ‎6/‎23/‎2014 was unexpected.

Error: (06/23/2014 01:22:52 PM) (Source: DCOM) (EventID: 10010) (User: LLF_LLC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/23/2014 00:51:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:41:21 PM on ‎6/‎19/‎2014 was unexpected.

Error: (06/17/2014 06:16:54 PM) (Source: DCOM) (EventID: 10010) (User: LLF_LLC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/17/2014 06:13:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/17/2014 06:11:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/17/2014 06:11:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/17/2014 06:09:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/17/2014 05:55:00 PM) (Source: DCOM) (EventID: 10005) (User: LLF_LLC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/17/2014 05:54:54 PM) (Source: DCOM) (EventID: 10005) (User: LLF_LLC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 7389.25 MB
Available physical RAM: 5970.05 MB
Total Pagefile: 11997.25 MB
Available Pagefile: 10902.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.16 GB) (Free:522.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.58 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:7.39 GB) (Free:6.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D0AFD229)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01

 

Ran by LLF LLC (administrator) on LLF_LLC on 23-06-2014 17:31:26

 

Running from C:\Users\LLF LLC\Desktop

 

Platform: Windows 8 (X64) OS Language: English (United States)

 

Internet Explorer Version 10

 

Boot Mode: Normal

 

 

The only official download link for FRST:

 

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

 

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(AMD) C:\Windows\System32\atiesrxx.exe

 

(AMD) C:\Windows\System32\atieclxx.exe

 

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

 

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

 

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

 

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

 

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

 

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

 

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

 

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

 

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

 

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

 

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)

 

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [679768 2013-04-25] (Alps Electric Co., Ltd.)

 

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)

 

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company)

 

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)

 

HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

 

HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-06-16] (Webroot)

 

HKU\S-1-5-21-1697108532-2456640442-1510844185-1002\...\MountPoints2: {27225028-846c-11e3-bea1-a45d367d149f} - "E:\WD Drive Unlock.exe" autoplay=true

 

HKU\S-1-5-21-1697108532-2456640442-1510844185-1002\...\MountPoints2: {b8f2b587-45c9-11e3-be8f-8aadbfe40226} - "E:\Autorun.exe"

 

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

 

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

 

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

ShellIconOverlayIdentifiers: _WrSyncExcl -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers: _WrSyncGreen -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers: _WrSyncRed -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers: _WrSyncYellow -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

 

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

 

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

 

==================== Internet (Whitelisted) ====================

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/

 

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

 

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)

 

BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)

 

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

 

Hosts: 127.0.0.1 localhost

 

 

FireFox:

 

========

 

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

 

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

 

==================== Services (Whitelisted) =================

 

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-13] (Advanced Micro Devices, Inc.) [File not signed]

 

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]

 

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)

 

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

 

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-06-11] (Microsoft Corporation)

 

S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-06-16] (Webroot)

 

 

==================== Drivers (Whitelisted) ====================

 

 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

 

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-10] (Realtek Semiconductor Corp.)

 

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [406088 2013-04-16] (Realsil Semiconductor Corporation)

 

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

 

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-06-16] (Webroot)

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

==================== One Month Created Files and Folders ========

 

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00009042 _____ () C:\Users\LLF LLC\Desktop\FRST.txt

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00000000 ____D () C:\FRST

 

2014-06-23 17:27 - 2014-06-23 17:27 - 00001691 _____ () C:\Users\LLF LLC\Desktop\RKreport_SCN_06232014_172246.log

 

2014-06-23 17:14 - 2014-06-23 17:14 - 00000000 ____D () C:\ProgramData\RogueKiller

 

2014-06-23 12:59 - 2014-06-22 12:15 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\LLF LLC\Desktop\mbam-setup.exe

 

2014-06-23 12:59 - 2014-06-22 12:03 - 02083328 _____ (Farbar) C:\Users\LLF LLC\Desktop\FRST64.exe

 

2014-06-23 12:59 - 2014-06-22 11:49 - 05268992 _____ () C:\Users\LLF LLC\Desktop\RogueKillerX64.exe

 

2014-06-23 12:58 - 2014-06-23 12:58 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Macromedia

 

2014-06-23 12:57 - 2014-06-18 04:01 - 19719512 _____ (SUPERAntiSpyware) C:\Users\LLF LLC\Desktop\SUPERANTISPYWARE.EXE

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\Program Files\Webroot

 

2014-06-16 16:19 - 2014-06-23 13:11 - 00000000 ____D () C:\ProgramData\WRData

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\SUPERAntiSpyware.com

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

 

2014-06-15 22:25 - 2014-06-15 22:25 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\hpqlog

 

2014-06-15 19:45 - 2014-06-16 22:50 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Hewlett-Packard

 

2014-06-15 16:40 - 2014-06-16 16:45 - 00042300 _____ () C:\Windows\WindowsUpdate.log

 

2014-06-15 16:26 - 2014-06-15 16:26 - 00000291 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk

 

2014-06-15 16:25 - 2014-06-15 16:25 - 00000000 ____D () C:\ProgramData\Western Digital

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00262144 _____ () C:\Windows\system32\config\userdiff

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00000000 ____D () C:\Windows.old

 

2014-06-15 13:37 - 2014-06-23 17:17 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-1002

 

2014-06-15 13:18 - 2014-06-15 13:18 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\AMD

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\ATI

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\ATI

 

2014-06-15 13:16 - 2014-06-15 22:25 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\Hewlett-Packard

 

2014-06-15 13:15 - 2014-06-23 12:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B41E2DDC-3049-473E-98A9-7BEE79C96F15}

 

2014-06-15 13:15 - 2014-06-15 13:15 - 00023164 _____ () C:\Users\LLF LLC\Desktop\Removed Apps.html

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00001441 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Adobe

 

2014-06-15 13:08 - 2014-06-16 12:12 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\VirtualStore

 

2014-06-15 13:08 - 2014-06-15 13:08 - 00000020 ___SH () C:\Users\LLF LLC\ntuser.ini

 

2014-06-15 13:03 - 2014-06-15 13:03 - 00006363 _____ () C:\Users\Administrator\AppData\Local\Application.xml

 

2014-06-15 13:01 - 2014-06-17 09:50 - 00000000 ____D () C:\Users\LLF LLC

 

2014-06-15 13:01 - 2014-06-15 13:02 - 00017148 _____ () C:\Windows\diagwrn.xml

 

2014-06-15 13:01 - 2014-06-15 13:02 - 00017148 _____ () C:\Windows\diagerr.xml

 

2014-06-15 13:01 - 2014-06-15 13:02 - 00000000 ___HD () C:\Users\LLF LLC\Documents\hp.system.package.metadata

 

2014-06-15 13:01 - 2013-06-11 21:29 - 00002100 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

 

2014-06-15 13:01 - 2013-06-11 21:20 - 00000000 ___RD () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

 

2014-06-15 13:01 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

 

2014-06-15 13:01 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

 

2014-06-15 13:01 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

 

2014-06-15 12:57 - 2014-06-15 12:57 - 00002308 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-500

 

2014-06-11 20:50 - 2014-06-11 20:50 - 00221800 _____ () C:\Users\LLF LLC\Desktop\PCMatic-Support.zip

 

2014-05-25 22:47 - 2014-05-25 22:47 - 00604440 _____ () C:\Users\LLF LLC\Downloads\SAS_ForceUpdate.exe

 

 

==================== One Month Modified Files and Folders =======

 

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00009042 _____ () C:\Users\LLF LLC\Desktop\FRST.txt

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00000000 ____D () C:\FRST

 

2014-06-23 17:29 - 2012-07-26 00:28 - 00006364 _____ () C:\Windows\system32\PerfStringBackup.INI

 

2014-06-23 17:27 - 2014-06-23 17:27 - 00001691 _____ () C:\Users\LLF LLC\Desktop\RKreport_SCN_06232014_172246.log

 

2014-06-23 17:17 - 2014-06-15 13:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-1002

 

2014-06-23 17:14 - 2014-06-23 17:14 - 00000000 ____D () C:\ProgramData\RogueKiller

 

2014-06-23 17:12 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

 

2014-06-23 17:10 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru

 

2014-06-23 13:11 - 2014-06-16 16:19 - 00000000 ____D () C:\ProgramData\WRData

 

2014-06-23 12:58 - 2014-06-23 12:58 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Macromedia

 

2014-06-23 12:58 - 2014-06-15 13:15 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B41E2DDC-3049-473E-98A9-7BEE79C96F15}

 

2014-06-22 12:15 - 2014-06-23 12:59 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\LLF LLC\Desktop\mbam-setup.exe

 

2014-06-22 12:03 - 2014-06-23 12:59 - 02083328 _____ (Farbar) C:\Users\LLF LLC\Desktop\FRST64.exe

 

2014-06-22 11:49 - 2014-06-23 12:59 - 05268992 _____ () C:\Users\LLF LLC\Desktop\RogueKillerX64.exe

 

2014-06-18 04:01 - 2014-06-23 12:57 - 19719512 _____ (SUPERAntiSpyware) C:\Users\LLF LLC\Desktop\SUPERANTISPYWARE.EXE

 

2014-06-17 18:17 - 2013-07-23 10:51 - 00000000 ____D () C:\ProgramData\Norton

 

2014-06-17 18:17 - 2012-08-03 15:23 - 00953056 _____ () C:\Windows\PFRO.log

 

2014-06-17 18:17 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

 

2014-06-17 18:14 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

 

2014-06-17 09:50 - 2014-06-15 13:01 - 00000000 ____D () C:\Users\LLF LLC

 

2014-06-17 08:03 - 2013-06-11 21:40 - 00000000 ____D () C:\ProgramData\WildTangent

 

2014-06-17 08:03 - 2013-06-11 21:40 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games

 

2014-06-16 22:50 - 2014-06-15 19:45 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Hewlett-Packard

 

2014-06-16 16:45 - 2014-06-15 16:40 - 00042300 _____ () C:\Windows\WindowsUpdate.log

 

2014-06-16 16:26 - 2013-07-23 10:43 - 00000000 ____D () C:\ProgramData\Temp

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\Program Files\Webroot

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\SUPERAntiSpyware.com

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

 

2014-06-16 12:12 - 2014-06-15 13:08 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\VirtualStore

 

2014-06-15 22:25 - 2014-06-15 22:25 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\hpqlog

 

2014-06-15 22:25 - 2014-06-15 13:16 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\Hewlett-Packard

 

2014-06-15 16:42 - 2012-07-26 00:21 - 00034488 _____ () C:\Windows\setupact.log

 

2014-06-15 16:26 - 2014-06-15 16:26 - 00000291 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk

 

2014-06-15 16:25 - 2014-06-15 16:25 - 00000000 ____D () C:\ProgramData\Western Digital

 

2014-06-15 16:16 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00262144 _____ () C:\Windows\system32\config\userdiff

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00000000 ____D () C:\Windows.old

 

2014-06-15 13:55 - 2012-07-26 01:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

 

2014-06-15 13:21 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent

 

2014-06-15 13:18 - 2014-06-15 13:18 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\AMD

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\ATI

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\ATI

 

2014-06-15 13:15 - 2014-06-15 13:15 - 00023164 _____ () C:\Users\LLF LLC\Desktop\Removed Apps.html

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00001441 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Adobe

 

2014-06-15 13:14 - 2013-08-12 15:37 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\Packages

 

2014-06-15 13:14 - 2013-07-23 10:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat

 

2014-06-15 13:14 - 2013-06-11 21:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

 

2014-06-15 13:14 - 2013-06-11 21:33 - 00000000 ___RD () C:\Program Files (x86)\Online Services

 

2014-06-15 13:14 - 2013-06-11 21:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

 

2014-06-15 13:14 - 2013-06-11 21:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

 

2014-06-15 13:14 - 2012-08-03 17:02 - 00000000 ___HD () C:\SYSTEM.SAV

 

2014-06-15 13:10 - 2013-06-11 21:10 - 00291288 _____ () C:\Windows\system32\FNTCACHE.DAT

 

2014-06-15 13:08 - 2014-06-15 13:08 - 00000020 ___SH () C:\Users\LLF LLC\ntuser.ini

 

2014-06-15 13:07 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Recovery

 

2014-06-15 13:07 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache

 

2014-06-15 13:03 - 2014-06-15 13:03 - 00006363 _____ () C:\Users\Administrator\AppData\Local\Application.xml

 

2014-06-15 13:02 - 2014-06-15 13:01 - 00017148 _____ () C:\Windows\diagwrn.xml

 

2014-06-15 13:02 - 2014-06-15 13:01 - 00017148 _____ () C:\Windows\diagerr.xml

 

2014-06-15 13:02 - 2014-06-15 13:01 - 00000000 ___HD () C:\Users\LLF LLC\Documents\hp.system.package.metadata

 

2014-06-15 13:02 - 2012-08-03 16:21 - 00000000 ____D () C:\Windows\Panther

 

2014-06-15 13:02 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries

 

2014-06-15 13:00 - 2012-07-25 22:37 - 00000000 __RHD () C:\Users\Default

 

2014-06-15 12:57 - 2014-06-15 12:57 - 00002308 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-500

 

2014-06-15 12:57 - 2012-08-03 15:40 - 00010171 _____ () C:\Windows\iis.log

 

2014-06-15 12:57 - 2012-07-26 01:13 - 00004552 _____ () C:\Windows\DtcInstall.log

 

2014-06-13 10:08 - 2013-10-22 07:46 - 00000000 ____D () C:\Users\LLF LLC\Documents\SOFTBACK

 

2014-06-11 20:50 - 2014-06-11 20:50 - 00221800 _____ () C:\Users\LLF LLC\Desktop\PCMatic-Support.zip

 

2014-06-11 16:35 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

 

2014-06-09 16:08 - 2013-09-16 10:29 - 00000000 ____D () C:\Users\LLF LLC\Documents\TAROT

 

2014-06-08 18:27 - 2013-12-16 09:11 - 00000000 ____D () C:\Users\LLF LLC\Documents\0000_HORSE RECORDS

 

2014-06-07 10:53 - 2013-10-22 07:08 - 00000000 ____D () C:\Users\LLF LLC\Documents\LLF_LLC

 

2014-06-07 10:46 - 2013-08-24 06:59 - 00000000 ____D () C:\Users\LLF LLC\Documents\Technology

 

2014-06-07 10:01 - 2014-02-17 17:55 - 00000000 ____D () C:\Users\LLF LLC\Documents\0000_McCarty

 

2014-06-07 09:58 - 2013-11-13 15:04 - 00000000 ____D () C:\Users\LLF LLC\Technology

 

2014-05-28 23:09 - 2013-09-25 12:13 - 00000000 ____D () C:\Users\LLF LLC\Documents\HEALTH

 

2014-05-25 22:47 - 2014-05-25 22:47 - 00604440 _____ () C:\Users\LLF LLC\Downloads\SAS_ForceUpdate.exe

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\System32\winlogon.exe => File is digitally signed

 

C:\Windows\System32\wininit.exe => File is digitally signed

 

C:\Windows\explorer.exe => File is digitally signed

 

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

 

C:\Windows\System32\svchost.exe => File is digitally signed

 

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

 

C:\Windows\System32\services.exe => File is digitally signed

 

C:\Windows\System32\User32.dll => File is digitally signed

 

C:\Windows\SysWOW64\User32.dll => File is digitally signed

 

C:\Windows\System32\userinit.exe => File is digitally signed

 

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

 

C:\Windows\System32\rpcss.dll => File is digitally signed

 

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

 

LastRegBack: 2012-08-03 15:23

 

 

==================== End Of Log ============================

 

ADDITION Log*****  NOTE  ****  I purposely disable my Ethernet and WiFi connections when not in use.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by LLF LLC at 2014-06-23 17:32:14
Running from C:\Users\LLF LLC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1711.120 - Alps Electric)
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A5E09CCF-DC87-9063-764F-CF6D5FC00766}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3919 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2817 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A0589A51-8D50-448D-97F2-99019B82F009}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 10.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.12 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-07-25 22:26 - 2014-06-23 17:25 - 00000768 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3F8E4AD6-5799-4005-A19D-BF5F54BB21BA} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {4C9CB084-3CD6-40CB-B2F9-EC42544E2286} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {7D2E843D-2027-46A9-BC70-0B3A188660A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7DBBD36F-2D87-413E-B1DE-58532D78F391} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {91384541-0D5C-4171-96DF-10348D711F19} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CCC0324A-29BC-4A65-9442-3191C3E479F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

==================== Loaded Modules (whitelisted) =============

2013-03-13 09:41 - 2013-03-13 09:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (06/23/2014 05:12:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:12:56 PM on ‎6/‎23/‎2014 was unexpected.

Error: (06/23/2014 01:22:52 PM) (Source: DCOM) (EventID: 10010) (User: LLF_LLC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/23/2014 00:51:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:41:21 PM on ‎6/‎19/‎2014 was unexpected.

Error: (06/17/2014 06:16:54 PM) (Source: DCOM) (EventID: 10010) (User: LLF_LLC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/17/2014 06:13:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/17/2014 06:11:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/17/2014 06:11:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/17/2014 06:09:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/17/2014 05:55:00 PM) (Source: DCOM) (EventID: 10005) (User: LLF_LLC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/17/2014 05:54:54 PM) (Source: DCOM) (EventID: 10005) (User: LLF_LLC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 7389.25 MB
Available physical RAM: 5970.05 MB
Total Pagefile: 11997.25 MB
Available Pagefile: 10902.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.16 GB) (Free:522.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.58 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:7.39 GB) (Free:6.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D0AFD229)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 Bianca KS

Bianca KS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 23 June 2014 - 08:33 PM

Okay...I ran those two programs, as directed above.  Here are the reports generated.  The Rogue Killer only found Registry Entries to delete, which I did.  Everything else appeared clear.  However, I would note that it states User 1 AND User 2 "OK".  I only have 1 user (unless they are counting Administrator). 

 

Also, in the second log, it states that Windows Defender is disabled but up to date.  I don't know how it could be up to date, I can't even get it to turn on.   

 

Once we are able to determine what the issue is...If possible, I would like to know how to turn off all the non-essential programs or most anything on autorun.  I don't like the Bing bars or any of the non-web security auto-add ons.

 

I also note it says my "start page" is an msn address.  That isn't correct.  It should be AOL as my start or home page. 

 

Much thanks again for your help.  I hope there are some answers in these logs.   BKS

 

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : LLF LLC [Admin rights]
Mode : Remove -- Date : 06/23/2014  17:28:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SATA Disk Device +++++
--- User ---
[MBR] fd5d04ff4e7f0cb683a8bad10d421cee
[BSP] 4701b44624b6a6e47398c86965913293 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_06232014_172246.log

 

===============================================================================================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by LLF LLC at 2014-06-23 17:32:14
Running from C:\Users\LLF LLC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1711.120 - Alps Electric)
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A5E09CCF-DC87-9063-764F-CF6D5FC00766}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0928.15155 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.929.15155 - Advanced Micro Devices, Inc.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3919 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2817 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A0589A51-8D50-448D-97F2-99019B82F009}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 10.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.12 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-07-25 22:26 - 2014-06-23 17:25 - 00000768 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3F8E4AD6-5799-4005-A19D-BF5F54BB21BA} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {4C9CB084-3CD6-40CB-B2F9-EC42544E2286} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {7D2E843D-2027-46A9-BC70-0B3A188660A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7DBBD36F-2D87-413E-B1DE-58532D78F391} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {91384541-0D5C-4171-96DF-10348D711F19} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CCC0324A-29BC-4A65-9442-3191C3E479F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

==================== Loaded Modules (whitelisted) =============

2013-03-13 09:41 - 2013-03-13 09:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (06/23/2014 05:12:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:12:56 PM on ‎6/‎23/‎2014 was unexpected.

Error: (06/23/2014 01:22:52 PM) (Source: DCOM) (EventID: 10010) (User: LLF_LLC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/23/2014 00:51:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:41:21 PM on ‎6/‎19/‎2014 was unexpected.

Error: (06/17/2014 06:16:54 PM) (Source: DCOM) (EventID: 10010) (User: LLF_LLC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/17/2014 06:13:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/17/2014 06:11:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/17/2014 06:11:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/17/2014 06:09:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/17/2014 05:55:00 PM) (Source: DCOM) (EventID: 10005) (User: LLF_LLC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/17/2014 05:54:54 PM) (Source: DCOM) (EventID: 10005) (User: LLF_LLC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 05:29:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 05:16:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 01:06:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 00:56:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (06/23/2014 00:55:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 7389.25 MB
Available physical RAM: 5970.05 MB
Total Pagefile: 11997.25 MB
Available Pagefile: 10902.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.16 GB) (Free:522.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.58 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:7.39 GB) (Free:6.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D0AFD229)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01

 

Ran by LLF LLC (administrator) on LLF_LLC on 23-06-2014 17:31:26

 

Running from C:\Users\LLF LLC\Desktop

 

Platform: Windows 8 (X64) OS Language: English (United States)

 

Internet Explorer Version 10

 

Boot Mode: Normal

 

 

The only official download link for FRST:

 

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

 

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(AMD) C:\Windows\System32\atiesrxx.exe

 

(AMD) C:\Windows\System32\atieclxx.exe

 

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

 

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

 

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

 

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

 

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe

 

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

 

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

 

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

 

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

 

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

 

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

 

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)

 

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [679768 2013-04-25] (Alps Electric Co., Ltd.)

 

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)

 

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company)

 

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)

 

HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

 

HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-06-16] (Webroot)

 

HKU\S-1-5-21-1697108532-2456640442-1510844185-1002\...\MountPoints2: {27225028-846c-11e3-bea1-a45d367d149f} - "E:\WD Drive Unlock.exe" autoplay=true

 

HKU\S-1-5-21-1697108532-2456640442-1510844185-1002\...\MountPoints2: {b8f2b587-45c9-11e3-be8f-8aadbfe40226} - "E:\Autorun.exe"

 

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

 

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

 

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

ShellIconOverlayIdentifiers: _WrSyncExcl -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers: _WrSyncGreen -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers: _WrSyncRed -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers: _WrSyncYellow -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)

 

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

 

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

 

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

 

 

==================== Internet (Whitelisted) ====================

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/

 

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

 

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

 

BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)

 

BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)

 

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

 

Hosts: 127.0.0.1 localhost

 

 

FireFox:

 

========

 

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

 

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

 

==================== Services (Whitelisted) =================

 

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-13] (Advanced Micro Devices, Inc.) [File not signed]

 

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]

 

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)

 

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

 

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-06-11] (Microsoft Corporation)

 

S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-06-16] (Webroot)

 

 

==================== Drivers (Whitelisted) ====================

 

 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

 

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-10] (Realtek Semiconductor Corp.)

 

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [406088 2013-04-16] (Realsil Semiconductor Corporation)

 

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

 

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-06-16] (Webroot)

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

==================== One Month Created Files and Folders ========

 

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00009042 _____ () C:\Users\LLF LLC\Desktop\FRST.txt

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00000000 ____D () C:\FRST

 

2014-06-23 17:27 - 2014-06-23 17:27 - 00001691 _____ () C:\Users\LLF LLC\Desktop\RKreport_SCN_06232014_172246.log

 

2014-06-23 17:14 - 2014-06-23 17:14 - 00000000 ____D () C:\ProgramData\RogueKiller

 

2014-06-23 12:59 - 2014-06-22 12:15 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\LLF LLC\Desktop\mbam-setup.exe

 

2014-06-23 12:59 - 2014-06-22 12:03 - 02083328 _____ (Farbar) C:\Users\LLF LLC\Desktop\FRST64.exe

 

2014-06-23 12:59 - 2014-06-22 11:49 - 05268992 _____ () C:\Users\LLF LLC\Desktop\RogueKillerX64.exe

 

2014-06-23 12:58 - 2014-06-23 12:58 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Macromedia

 

2014-06-23 12:57 - 2014-06-18 04:01 - 19719512 _____ (SUPERAntiSpyware) C:\Users\LLF LLC\Desktop\SUPERANTISPYWARE.EXE

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\Program Files\Webroot

 

2014-06-16 16:19 - 2014-06-23 13:11 - 00000000 ____D () C:\ProgramData\WRData

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\SUPERAntiSpyware.com

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

 

2014-06-15 22:25 - 2014-06-15 22:25 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\hpqlog

 

2014-06-15 19:45 - 2014-06-16 22:50 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Hewlett-Packard

 

2014-06-15 16:40 - 2014-06-16 16:45 - 00042300 _____ () C:\Windows\WindowsUpdate.log

 

2014-06-15 16:26 - 2014-06-15 16:26 - 00000291 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk

 

2014-06-15 16:25 - 2014-06-15 16:25 - 00000000 ____D () C:\ProgramData\Western Digital

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00262144 _____ () C:\Windows\system32\config\userdiff

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00000000 ____D () C:\Windows.old

 

2014-06-15 13:37 - 2014-06-23 17:17 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-1002

 

2014-06-15 13:18 - 2014-06-15 13:18 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\AMD

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\ATI

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\ATI

 

2014-06-15 13:16 - 2014-06-15 22:25 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\Hewlett-Packard

 

2014-06-15 13:15 - 2014-06-23 12:58 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B41E2DDC-3049-473E-98A9-7BEE79C96F15}

 

2014-06-15 13:15 - 2014-06-15 13:15 - 00023164 _____ () C:\Users\LLF LLC\Desktop\Removed Apps.html

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00001441 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Adobe

 

2014-06-15 13:08 - 2014-06-16 12:12 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\VirtualStore

 

2014-06-15 13:08 - 2014-06-15 13:08 - 00000020 ___SH () C:\Users\LLF LLC\ntuser.ini

 

2014-06-15 13:03 - 2014-06-15 13:03 - 00006363 _____ () C:\Users\Administrator\AppData\Local\Application.xml

 

2014-06-15 13:01 - 2014-06-17 09:50 - 00000000 ____D () C:\Users\LLF LLC

 

2014-06-15 13:01 - 2014-06-15 13:02 - 00017148 _____ () C:\Windows\diagwrn.xml

 

2014-06-15 13:01 - 2014-06-15 13:02 - 00017148 _____ () C:\Windows\diagerr.xml

 

2014-06-15 13:01 - 2014-06-15 13:02 - 00000000 ___HD () C:\Users\LLF LLC\Documents\hp.system.package.metadata

 

2014-06-15 13:01 - 2013-06-11 21:29 - 00002100 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

 

2014-06-15 13:01 - 2013-06-11 21:20 - 00000000 ___RD () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

 

2014-06-15 13:01 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

 

2014-06-15 13:01 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

 

2014-06-15 13:01 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

 

2014-06-15 12:57 - 2014-06-15 12:57 - 00002308 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-500

 

2014-06-11 20:50 - 2014-06-11 20:50 - 00221800 _____ () C:\Users\LLF LLC\Desktop\PCMatic-Support.zip

 

2014-05-25 22:47 - 2014-05-25 22:47 - 00604440 _____ () C:\Users\LLF LLC\Downloads\SAS_ForceUpdate.exe

 

 

==================== One Month Modified Files and Folders =======

 

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00009042 _____ () C:\Users\LLF LLC\Desktop\FRST.txt

 

2014-06-23 17:31 - 2014-06-23 17:31 - 00000000 ____D () C:\FRST

 

2014-06-23 17:29 - 2012-07-26 00:28 - 00006364 _____ () C:\Windows\system32\PerfStringBackup.INI

 

2014-06-23 17:27 - 2014-06-23 17:27 - 00001691 _____ () C:\Users\LLF LLC\Desktop\RKreport_SCN_06232014_172246.log

 

2014-06-23 17:17 - 2014-06-15 13:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-1002

 

2014-06-23 17:14 - 2014-06-23 17:14 - 00000000 ____D () C:\ProgramData\RogueKiller

 

2014-06-23 17:12 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

 

2014-06-23 17:10 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru

 

2014-06-23 13:11 - 2014-06-16 16:19 - 00000000 ____D () C:\ProgramData\WRData

 

2014-06-23 12:58 - 2014-06-23 12:58 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Macromedia

 

2014-06-23 12:58 - 2014-06-15 13:15 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B41E2DDC-3049-473E-98A9-7BEE79C96F15}

 

2014-06-22 12:15 - 2014-06-23 12:59 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\LLF LLC\Desktop\mbam-setup.exe

 

2014-06-22 12:03 - 2014-06-23 12:59 - 02083328 _____ (Farbar) C:\Users\LLF LLC\Desktop\FRST64.exe

 

2014-06-22 11:49 - 2014-06-23 12:59 - 05268992 _____ () C:\Users\LLF LLC\Desktop\RogueKillerX64.exe

 

2014-06-18 04:01 - 2014-06-23 12:57 - 19719512 _____ (SUPERAntiSpyware) C:\Users\LLF LLC\Desktop\SUPERANTISPYWARE.EXE

 

2014-06-17 18:17 - 2013-07-23 10:51 - 00000000 ____D () C:\ProgramData\Norton

 

2014-06-17 18:17 - 2012-08-03 15:23 - 00953056 _____ () C:\Windows\PFRO.log

 

2014-06-17 18:17 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

 

2014-06-17 18:14 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

 

2014-06-17 09:50 - 2014-06-15 13:01 - 00000000 ____D () C:\Users\LLF LLC

 

2014-06-17 08:03 - 2013-06-11 21:40 - 00000000 ____D () C:\ProgramData\WildTangent

 

2014-06-17 08:03 - 2013-06-11 21:40 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games

 

2014-06-16 22:50 - 2014-06-15 19:45 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Hewlett-Packard

 

2014-06-16 16:45 - 2014-06-15 16:40 - 00042300 _____ () C:\Windows\WindowsUpdate.log

 

2014-06-16 16:26 - 2013-07-23 10:43 - 00000000 ____D () C:\ProgramData\Temp

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere

 

2014-06-16 16:21 - 2014-06-16 16:21 - 00000000 ____D () C:\Program Files\Webroot

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\SUPERAntiSpyware.com

 

2014-06-16 16:02 - 2014-06-16 16:02 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

 

2014-06-16 12:12 - 2014-06-15 13:08 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\VirtualStore

 

2014-06-15 22:25 - 2014-06-15 22:25 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\hpqlog

 

2014-06-15 22:25 - 2014-06-15 13:16 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\Hewlett-Packard

 

2014-06-15 16:42 - 2012-07-26 00:21 - 00034488 _____ () C:\Windows\setupact.log

 

2014-06-15 16:26 - 2014-06-15 16:26 - 00000291 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk

 

2014-06-15 16:25 - 2014-06-15 16:25 - 00000000 ____D () C:\ProgramData\Western Digital

 

2014-06-15 16:16 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00262144 _____ () C:\Windows\system32\config\userdiff

 

2014-06-15 13:55 - 2014-06-15 13:55 - 00000000 ____D () C:\Windows.old

 

2014-06-15 13:55 - 2012-07-26 01:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

 

2014-06-15 13:21 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent

 

2014-06-15 13:18 - 2014-06-15 13:18 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\AMD

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\ATI

 

2014-06-15 13:17 - 2014-06-15 13:17 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\ATI

 

2014-06-15 13:15 - 2014-06-15 13:15 - 00023164 _____ () C:\Users\LLF LLC\Desktop\Removed Apps.html

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00001441 _____ () C:\Users\LLF LLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

 

2014-06-15 13:14 - 2014-06-15 13:14 - 00000000 ____D () C:\Users\LLF LLC\AppData\Roaming\Adobe

 

2014-06-15 13:14 - 2013-08-12 15:37 - 00000000 ____D () C:\Users\LLF LLC\AppData\Local\Packages

 

2014-06-15 13:14 - 2013-07-23 10:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat

 

2014-06-15 13:14 - 2013-06-11 21:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

 

2014-06-15 13:14 - 2013-06-11 21:33 - 00000000 ___RD () C:\Program Files (x86)\Online Services

 

2014-06-15 13:14 - 2013-06-11 21:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

 

2014-06-15 13:14 - 2013-06-11 21:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

 

2014-06-15 13:14 - 2012-08-03 17:02 - 00000000 ___HD () C:\SYSTEM.SAV

 

2014-06-15 13:10 - 2013-06-11 21:10 - 00291288 _____ () C:\Windows\system32\FNTCACHE.DAT

 

2014-06-15 13:08 - 2014-06-15 13:08 - 00000020 ___SH () C:\Users\LLF LLC\ntuser.ini

 

2014-06-15 13:07 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Recovery

 

2014-06-15 13:07 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache

 

2014-06-15 13:03 - 2014-06-15 13:03 - 00006363 _____ () C:\Users\Administrator\AppData\Local\Application.xml

 

2014-06-15 13:02 - 2014-06-15 13:01 - 00017148 _____ () C:\Windows\diagwrn.xml

 

2014-06-15 13:02 - 2014-06-15 13:01 - 00017148 _____ () C:\Windows\diagerr.xml

 

2014-06-15 13:02 - 2014-06-15 13:01 - 00000000 ___HD () C:\Users\LLF LLC\Documents\hp.system.package.metadata

 

2014-06-15 13:02 - 2012-08-03 16:21 - 00000000 ____D () C:\Windows\Panther

 

2014-06-15 13:02 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries

 

2014-06-15 13:00 - 2012-07-25 22:37 - 00000000 __RHD () C:\Users\Default

 

2014-06-15 12:57 - 2014-06-15 12:57 - 00002308 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1697108532-2456640442-1510844185-500

 

2014-06-15 12:57 - 2012-08-03 15:40 - 00010171 _____ () C:\Windows\iis.log

 

2014-06-15 12:57 - 2012-07-26 01:13 - 00004552 _____ () C:\Windows\DtcInstall.log

 

2014-06-13 10:08 - 2013-10-22 07:46 - 00000000 ____D () C:\Users\LLF LLC\Documents\SOFTBACK

 

2014-06-11 20:50 - 2014-06-11 20:50 - 00221800 _____ () C:\Users\LLF LLC\Desktop\PCMatic-Support.zip

 

2014-06-11 16:35 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

 

2014-06-09 16:08 - 2013-09-16 10:29 - 00000000 ____D () C:\Users\LLF LLC\Documents\TAROT

 

2014-06-08 18:27 - 2013-12-16 09:11 - 00000000 ____D () C:\Users\LLF LLC\Documents\0000_HORSE RECORDS

 

2014-06-07 10:53 - 2013-10-22 07:08 - 00000000 ____D () C:\Users\LLF LLC\Documents\LLF_LLC

 

2014-06-07 10:46 - 2013-08-24 06:59 - 00000000 ____D () C:\Users\LLF LLC\Documents\Technology

 

2014-06-07 10:01 - 2014-02-17 17:55 - 00000000 ____D () C:\Users\LLF LLC\Documents\0000_McCarty

 

2014-06-07 09:58 - 2013-11-13 15:04 - 00000000 ____D () C:\Users\LLF LLC\Technology

 

2014-05-28 23:09 - 2013-09-25 12:13 - 00000000 ____D () C:\Users\LLF LLC\Documents\HEALTH

 

2014-05-25 22:47 - 2014-05-25 22:47 - 00604440 _____ () C:\Users\LLF LLC\Downloads\SAS_ForceUpdate.exe

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\System32\winlogon.exe => File is digitally signed

 

C:\Windows\System32\wininit.exe => File is digitally signed

 

C:\Windows\explorer.exe => File is digitally signed

 

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

 

C:\Windows\System32\svchost.exe => File is digitally signed

 

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

 

C:\Windows\System32\services.exe => File is digitally signed

 

C:\Windows\System32\User32.dll => File is digitally signed

 

C:\Windows\SysWOW64\User32.dll => File is digitally signed

 

C:\Windows\System32\userinit.exe => File is digitally signed

 

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

 

C:\Windows\System32\rpcss.dll => File is digitally signed

 

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

 

LastRegBack: 2012-08-03 15:23

 

 

==================== End Of Log ============================

 

ADDITION Log  attached.  *****  NOTE  ****  I purposely disable my Ethernet and WiFi connections when not in use.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 24 June 2014 - 08:16 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If your problem persists let see what we can find about it.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.


#8 Bianca KS

Bianca KS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 24 June 2014 - 11:22 AM

Got it...thank you Nasdaq.  Will be able to do later today.  Is this a virus or hacking of my computer?  Or is this just Microsoft once again screwing up life? Not a fan of Microsoft....sorry. 

 

Also...do I copy and paste the "start" and "end" parts of the box? 

 

Thanks again!   BKS



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 25 June 2014 - 06:40 AM

Is this a virus or hacking of my computer? Or is this just Microsoft once again screwing up life? Not a fan of Microsoft....sorry.

Also...do I copy and paste the "start" and "end" parts of the box?


I do not expect a change to the computer status. All I'm doing is cleaning some unwanted entries.

Yes include the Start/End from the code box.

#10 Bianca KS

Bianca KS
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 26 June 2014 - 04:25 PM

Hi Nasdaq....

 

I find I am uncertain as to whether I should save "fixlist.txt" to the FRST64 application file or paste it or save it to the FRST.txt file.  My apologies.

 

Thanks & regards...BKS



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 27 June 2014 - 07:13 AM

The fix file must be saved as fixlist.txt

The tool is running from your Desktop
Running from C:\Users\LLF LLC\Desktop

Place the fixlist.txt file on your Desktop also.

Run the FRST tool and select the fix button.

Post the resultant log.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 03 July 2014 - 09:01 AM

Are you still with me?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 AM

Posted 09 July 2014 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users