Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014 Ran by coldharbor1950 at 2014-01-07 12:52:36 Running from C:\Users\coldharbor1950\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) AccelerateTab (x32 Version: 1.4 - AccelerateTab) Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Amazon Kindle (HKCU Version: - Amazon) AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden AVG 2014 (Version: 2014.0.4259 - AVG Technologies) Blio (x32 Version: 2.2.8188 - K-NFB Reading Technology, Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806 - ATI Technologies, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden CCleaner (Version: 4.09 - Piriform) CutePDF Writer 3.0 (Version: 3.0 - CutePDF.com) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Driver Booster (x32 Version: 1.1 - IObit) Game Booster 3 (x32 Version: 3.4 - IObit) Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.) Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden H&R Block Deluxe + Efile + State 2012 (x32 Version: 12.05.7803 - HRB Technology, LLC.) H&R Block Wisconsin 2012 (x32 Version: 1.12.4201 - HRB Technology, LLC.) HiJackThis (x32 Version: 1.0.0 - Trend Micro) HP Application Assistant (Version: 1.0.409.3882 - Hewlett-Packard) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Calendar (x32 Version: 5.1.4245.23508 - Hewlett-Packard) HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP Clock (x32 Version: 5.1.4244.16367 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Deskjet 3050A J611 series Basic Device Software (Version: 25.0.571.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Help (x32 Version: 140.0.2.2 - Hewlett Packard) HP LinkUp (x32 Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas (x32 Version: 5.1.15.0 - Hewlett-Packard) HP Magic Canvas Tutorials (x32 Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden HP MovieStore (x32 Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (x32 Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard) HP Photo Creations (x32 Version: 1.0.0.5192 - HP Photo Creations) HP RSS (x32 Version: 5.1.4301.21494 - Hewlett-Packard) HP Setup (x32 Version: 9.0.15076.3891 - Hewlett-Packard Company) HP Setup Manager (x32 Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 6.1.12.1 - Hewlett-Packard Company) HP Support Information (x32 Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (x32 Version: 5.1.4295.16450 - Hewlett-Packard) IObit Uninstaller (x32 Version: 3.0.5.1228 - IObit) Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kobo (x32 Version: 2.0.3 - Kobo Inc.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Masque IGT Slots Wolf Run (x32 Version: 1.0.3 - Masque Publishing) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics (x32 Version: 4.0 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) NETGEAR WNA3100 wireless USB 2.0 adapter (x32 Version: 1.01.206 - NETGEAR) Nikon Message Center 2 (x32 Version: 2.1.0 - Nikon) Nikon Movie Editor (x32 Version: 2.6.0 - Nikon) OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Special Edition (x32 Version: 4.0.65 - PDF Complete, Inc) Pdf995 (installed by H&R Block) (x32 Version: - ) PdfEdit995 (installed by H&R Block) (x32 Version: - ) Picture Control Utility x64 (Version: 1.4.7 - Nikon) PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation) Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden PressReader (x32 Version: 5.11.0721.0 - NewspaperDirect Inc.) PrintMaster 2012 Platinum (x32 Version: 4.0.0.200 - Encore Software Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (x32 Version: 15.0.6 - RealNetworks) Realtek High Definition Audio Driver (x32 Version: 6.0.1.7106 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (x32 Version: 5.4.5 - Hewlett-Packard) RoboForm 7-9-2-5 (All Users) (x32 Version: 7-9-2-5 - Siber Systems) Serif PagePlus Starter Edition (x32 Version: 3.0.0.3 - Serif (Europe) Ltd) Serif PagePlus: Poster Template Pack 1 (x32 Version: 1.0.1.042 - Serif (Europe) Ltd) Serif PhotoPlus 8.0 (x32 Version: - ) Serif PhotoPlus Association File Formats (x32 Version: - ) Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.) Smart Defrag 2 (x32 Version: 2.9 - IObit) Surfing Protection (x32 Version: 1.0 - IObit) TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden ViewNX 2 (Version: 2.6.0 - Nikon) Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation) WMS Slots Reel 'em in (x32 Version: 1.00.0000 - Phantom EFX) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Restore Points ========================= 07-01-2014 00:34:38 ComboFix created restore point ==================== Hosts content: ========================== 2009-07-13 20:34 - 2014-01-01 14:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {10DA9D0D-86FA-4A5A-9B53-C0557B3E7EC8} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/php/pums/pums_usrlogfrm.php" Task: {2B3C8B51-8C6C-4C18-8F28-F424F85A6F2A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2C140C34-A8B8-4C6A-8E33-789BFD79D723} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2014-01-01] (Siber Systems) Task: {3E61AE64-0809-4D19-91FC-E89602101DDD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-10-15] (IObit) Task: {43906D32-72F8-4EB9-84FD-22471AA0884A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-04] (IObit) Task: {496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit) Task: {58878F70-3779-420B-AEDC-BC0EB8C2CB31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {6914A14E-3ED5-43DD-B107-F7ED62A2AF7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02] (Google Inc.) Task: {6B026375-BCB7-498B-ACA9-EBD05EEF8CC6} - \BackgroundContainer Startup Task No Task File Task: {77D02D23-2882-4103-A493-8B4BB916D478} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe [2013-06-20] () Task: {9406294F-592E-4613-ABC6-B1E7046ADA2E} - System32\Tasks\HPCeeScheduleForcoldharbor1950 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {AB3455F7-763A-49FA-AFC5-F713E64C8A52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {B6BC5812-7C94-43D3-9D72-3FF27C567B1F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-387024861-1857405023-142887614-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {C15E4170-D91C-4ED5-A054-DF14FF27CD1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated) Task: {D9259BEB-EF06-4D5F-87DC-A7F267FA4F3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-02] (Google Inc.) Task: {F1E2FB07-561F-4198-8D5D-99C62CB53C0C} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] () Task: {F8781616-5534-4F40-A524-9D3E273A72BB} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-01] (IObit) Task: {FCBF47C5-0A30-485A-BF2B-62E032392A1A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-387024861-1857405023-142887614-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe Task: C:\Windows\Tasks\HPCeeScheduleForcoldharbor1950.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-05 08:32 - 2011-10-25 14:54 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2014-01-05 08:32 - 2011-09-13 16:57 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll 2012-11-09 22:04 - 2013-10-15 12:37 - 00048960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\coldharbor1950\Documents\Butternut Dining Room.ppp:SummaryInformation AlternateDataStreams: C:\Users\coldharbor1950\Documents\Butternut Dining Room.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\coldharbor1950\Documents\Butternut Dining Room.Spp:SummaryInformation AlternateDataStreams: C:\Users\coldharbor1950\Documents\Butternut Dining Room.Spp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2014 00:51:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:48:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:45:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:42:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:39:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:36:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:33:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:30:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:27:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:24:46 PM) (Source: HPTouchSmartCalendar) (User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) System errors: ============= Microsoft Office Sessions: ========================= Error: (01/07/2014 00:51:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:48:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:45:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:42:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:39:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:36:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:33:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:30:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:27:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) Error: (01/07/2014 00:24:46 PM) (Source: HPTouchSmartCalendar)(User: ) Description: Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime dateLastSyncDate, String strProvider) CodeIntegrity Errors: =================================== Date: 2014-01-01 14:36:33.274 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-01 14:36:32.666 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 3686.54 MB Available physical RAM: 2145.74 MB Total Pagefile: 7371.27 MB Available Pagefile: 5626.07 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:449.07 GB) (Free:404.2 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:16.59 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5476193F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS) ==================== End Of Log ============================