Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple dllhost.exe running in windows 7


  • This topic is locked This topic is locked
19 replies to this topic

#1 nomadsam

nomadsam

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 17 February 2014 - 09:07 PM

Not very tech savvy so please be patient with me.

 

I have already run Kaspersky from my flash drive and it caught a few things and "took care of them" I think.  I also have run malware bytes, some microsoft items as well.  

 

Initially, I opened task manager to see why computer was so slow and discovered that several instances of dllhost.exe were running.  After right clicking on one to see where it was, it showed as Windows>SysWOW64.  

 

I am not sure what to do, other than continuously "end process" when the CPU gets to 100%, but obviously that is not a permanent fix.  Not sure if this makes a difference, but didn't notice the computer slowing at first..just that the internet connection was slow.  After a lot of unplugging and plugging in various items, discovered this computer was the problem.  

 

DDS text is below

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.7.2
Run by Lewis at 19:55:49 on 2014-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.1295 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
C:\Users\Lewis\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\Lewis\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hp\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\Hp\HP UT\bin\hppusg.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Users\Lewis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
uRun: [AdobeBridge] <no file>
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1325041409\ee\AOLSoftware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\Users\Lewis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Lewis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://www.fultoncourtrecords.com:7778/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{30DAA431-0433-4787-8D69-5363B8238F30} : DHCPNameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{30DAA431-0433-4787-8D69-5363B8238F30}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{30DAA431-0433-4787-8D69-5363B8238F30}\3456E647572797C496E6B683438333 : DHCPNameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{30DAA431-0433-4787-8D69-5363B8238F30}\C456779637 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-10 46368]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-12 1128952]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-10-3 65657]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-11 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-11 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-11 171416]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-12 2656280]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-2-12 1772056]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-16 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-29 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-12 158976]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-11-12 40320]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-8-12 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-24 19456]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-24 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-2-20 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-16 21:25:04 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2014-02-16 17:22:15 -------- dc----w- C:\Program Files\CCleaner
2014-02-12 16:23:21 -------- dc----w- C:\Users\Lewis\AppData\Local\AVG SafeGuard toolbar
2014-02-12 16:23:14 -------- dc----w- C:\ProgramData\AVG Security Toolbar
2014-02-12 16:23:01 -------- dc----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-02-12 16:23:00 -------- dc----w- C:\ProgramData\AVG SafeGuard toolbar
2014-02-12 16:22:59 -------- dc----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-12 02:38:28 21040 -c--a-w- C:\Windows\System32\sdnclean64.exe
2014-02-12 02:38:27 -------- dc----w- C:\ProgramData\Spybot - Search & Destroy
2014-02-12 02:38:24 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-12 02:23:22 -------- dc----w- C:\AdwCleaner
2014-02-11 21:51:31 -------- dc----w- C:\Users\Lewis\AppData\Roaming\Malwarebytes
2014-02-11 21:51:16 -------- dc----w- C:\ProgramData\Malwarebytes
2014-02-11 21:51:12 25928 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-11 21:51:12 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 21:56:14 -------- dc----w- C:\TDSSKiller_Quarantine
2014-02-03 20:42:16 -------- dc----w- C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP
2014-01-29 14:17:10 -------- dc----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 14:17:10 -------- dc----w- C:\Program Files\iTunes
2014-01-29 14:17:10 -------- dc----w- C:\Program Files\iPod
2014-01-29 14:17:10 -------- dc----w- C:\Program Files (x86)\iTunes
2014-01-24 16:42:31 -------- dc----w- C:\Windows\Migration
2014-01-24 16:37:34 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-01-24 16:33:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-01-24 16:33:50 366592 ----a-w- C:\Windows\System32\qdvd.dll
.
==================== Find3M  ====================
.
2014-02-05 09:46:13 71048 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 09:46:13 692616 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-24 16:39:16 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-01-24 16:37:50 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-01-18 06:13:01 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-18 06:12:57 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-12-18 09:16:41 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-18 09:16:40 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-18 09:15:28 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-18 09:15:28 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-18 09:13:32 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-18 09:13:32 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-18 09:13:07 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-18 09:13:07 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-18 09:11:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-18 09:11:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-18 09:01:13 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-18 09:01:13 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-18 09:01:13 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-18 09:01:13 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-18 09:01:13 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-18 09:01:13 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-18 09:01:13 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-18 09:01:13 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-11-27 01:41:37 343040 -c--a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 -c--a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 -c--a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 -c--a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 -c--a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 -c--a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 -c--a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 03:47:22 196376 -c--a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-11-26 03:47:20 243480 -c--a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-26 03:47:20 150808 -c--a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-20 09:11:18 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-20 09:11:18 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-20 09:10:06 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-20 09:02:18 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-20 09:02:18 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-20 09:01:36 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-20 09:01:36 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-20 09:01:36 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-20 09:01:36 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-20 09:01:36 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
.
============= FINISH: 19:56:27.92 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 22 February 2014 - 02:10 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 February 2014 - 11:40 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Lewis (administrator) on LEWIS-HP on 23-02-2014 22:08:32
Running from C:\Users\Lewis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-13] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [DW7] - "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [IQXsoft] - regsvr32.exe C:\Users\Lewis\AppData\Local\IQXsoft\DvMapUI.dll <===== ATTENTION
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\MountPoints2: {16827164-29b7-11e3-b460-00038a000015} - K:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\MountPoints2: {d9db8594-67a0-11e1-8a2b-00038a000015} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\MountPoints2: {d9db8601-67a0-11e1-8a2b-00038a000015} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5E264D88-D3A5-498A-9AA1-8ECDAC8F52AD}&mid=025df3a84d4947d19971d14acce4e9e6-d215e70cf21ce46d444115bbc173d536abe84689&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-12 10:23:08&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKCU - {E626378A-4AB3-41C0-9916-7B99F8197CFE} URL = 
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: HKLM-x32 {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} http://www.fultoncourtrecords.com:7778/forms/jinitiator/jinit.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-11]
CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Website Logon) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2011-12-22]
CHR Extension: (Pin It Button) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-02-12]
CHR Extension: (AVG SafeGuard toolbar) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-02-12]
CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Lewis\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-02-12] (AVG Secure Search)
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-12] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-23 22:05 - 2014-02-23 22:10 - 00020568 ____C () C:\Users\Lewis\Desktop\FRST.txt
2014-02-23 22:05 - 2014-02-23 22:05 - 00000000 ___DC () C:\FRST
2014-02-23 21:44 - 2014-02-23 21:52 - 02155520 ____C (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2014-02-23 14:21 - 2014-02-23 14:21 - 00000000 ___DC () C:\Windows\pss
2014-02-20 09:13 - 2014-02-20 09:13 - 00003693 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_091305.txt
2014-02-20 00:29 - 2014-02-20 00:29 - 00003659 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_002953.txt
2014-02-19 13:13 - 2014-02-19 13:13 - 00000028 ____C () C:\Users\Lewis\AppData\Roaming\WB.CFG
2014-02-19 13:12 - 2014-02-19 13:13 - 03817984 ____C () C:\Users\Lewis\Desktop\RMuerte.exe
2014-02-19 13:08 - 2014-02-19 13:08 - 00003587 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02192014_130822.txt
2014-02-19 12:20 - 2014-02-19 12:20 - 04413952 ____C () C:\Users\Lewis\Desktop\RogueKillerX64.exe
2014-02-19 12:11 - 2014-02-23 22:11 - 00000292 ____C () C:\Windows\Tasks\Digital Sites.job
2014-02-19 12:11 - 2014-02-20 00:12 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\DigitalSites
2014-02-19 12:11 - 2014-02-19 12:11 - 00003232 ____C () C:\Windows\System32\Tasks\Digital Sites
2014-02-19 09:24 - 2014-02-19 09:26 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-19 09:24 - 2014-02-19 09:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-19 09:17 - 2014-02-19 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-19 09:17 - 2014-02-19 09:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-19 09:16 - 2014-02-19 09:23 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-19 09:16 - 2014-02-19 09:23 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-18 13:12 - 2014-02-20 09:04 - 00000000 ___DC () C:\Users\Lewis\Desktop\RK_Quarantine
2014-02-18 12:52 - 2014-02-18 12:53 - 03813376 ____C () C:\Users\Lewis\Desktop\RogueKiller.exe
2014-02-17 19:56 - 2014-02-17 19:57 - 00028032 ____C () C:\Users\Lewis\Desktop\dds.txt
2014-02-17 19:56 - 2014-02-17 19:57 - 00015866 ____C () C:\Users\Lewis\Desktop\attach.txt
2014-02-17 19:23 - 2014-02-17 19:24 - 00688992 ___RC (Swearware) C:\Users\Lewis\Desktop\dds.com
2014-02-17 12:22 - 2014-02-17 12:57 - 100583192 ____C (Microsoft Corporation) C:\Users\Lewis\Desktop\msert.exe
2014-02-16 20:36 - 2014-02-16 20:25 - 395554816 ____C () C:\Users\Lewis\Desktop\kav_rescue_10.iso
2014-02-16 20:32 - 2014-02-16 20:32 - 00003042 ____C () C:\Windows\System32\Tasks\{A85137F4-E920-4434-9A67-B42800103F8F}
2014-02-16 19:25 - 2014-02-16 19:28 - 00387584 ____C () C:\Users\Lewis\Desktop\rescue2usb.exe
2014-02-16 16:38 - 2014-02-23 14:31 - 00000560 ____C () C:\Windows\setupact.log
2014-02-16 16:38 - 2014-02-16 16:38 - 00000000 ____C () C:\Windows\setuperr.log
2014-02-16 16:37 - 2014-02-20 08:55 - 00008640 ____C () C:\Windows\PFRO.log
2014-02-16 15:25 - 2014-02-17 06:07 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 11:22 - 2014-02-16 11:22 - 00002772 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-16 11:22 - 2014-02-16 11:22 - 00000824 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-16 11:22 - 2014-02-16 11:22 - 00000000 ___DC () C:\Program Files\CCleaner
2014-02-16 11:14 - 2014-02-16 11:20 - 04721920 ____C (Piriform Ltd) C:\Users\Lewis\Downloads\ccsetup410.exe
2014-02-13 00:44 - 2014-02-20 00:41 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 00:44 - 2014-02-20 00:41 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 00:44 - 2014-02-20 00:41 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 00:44 - 2014-02-20 00:41 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 00:44 - 2014-02-20 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 00:44 - 2014-02-20 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\AVG SafeGuard toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG Security Toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG SafeGuard toolbar
2014-02-12 10:22 - 2014-02-13 11:11 - 00000000 ___DC () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-11 21:11 - 2014-02-11 21:26 - 101885720 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\msert (1).exe
2014-02-11 20:38 - 2014-02-11 20:41 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 20:38 - 2014-02-11 20:38 - 00001341 ____C () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Windows\System32\Tasks\Safer-Networking
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 20:38 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-11 20:23 - 2014-02-11 20:27 - 00000000 ___DC () C:\AdwCleaner
2014-02-11 20:21 - 2014-02-11 20:22 - 01166132 ____C () C:\Users\Lewis\Downloads\AdwCleaner.exe
2014-02-11 19:25 - 2014-02-11 19:40 - 25640672 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\Windows-KB890830-x64-V5.9.exe
2014-02-11 18:53 - 2014-02-11 20:02 - 40658208 ____C (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2.2.exe
2014-02-11 18:52 - 2014-02-11 18:52 - 04102163 ____C () C:\Users\Lewis\Downloads\tdsskiller (2).zip
2014-02-11 15:51 - 2014-02-11 15:51 - 00001071 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 15:51 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 13:28 - 2014-02-11 13:50 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Lewis\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 15:58 - 2014-02-08 15:59 - 04102371 ____C () C:\Users\Lewis\Downloads\tdsskiller (1).zip
2014-02-08 15:56 - 2014-02-08 15:56 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2014-02-03 14:42 - 2014-02-03 14:42 - 00000000 ___DC () C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP
2014-02-02 13:16 - 2014-02-02 13:16 - 00068608 ____C () C:\Users\Lewis\Downloads\4b.xls
2014-02-01 15:34 - 2014-02-02 23:26 - 00000000 ___DC () C:\Users\Lewis\Documents\SPEAK Images
2014-01-29 08:17 - 2014-01-29 08:17 - 00001745 ____C () C:\Users\Public\Desktop\iTunes.lnk
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iTunes
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iPod
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-01-24 10:39 - 2014-01-24 10:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-24 10:39 - 2014-01-24 10:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-24 10:39 - 2014-01-24 10:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-24 10:39 - 2014-01-24 10:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-24 10:39 - 2014-01-24 10:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-24 10:39 - 2014-01-24 10:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-24 10:39 - 2014-01-24 10:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-24 10:37 - 2014-01-24 10:37 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-24 10:37 - 2014-01-24 10:37 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-24 10:37 - 2012-08-23 08:08 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-24 10:33 - 2014-01-24 10:41 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-24 10:33 - 2014-01-24 10:41 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-24 10:07 - 2014-01-24 10:07 - 00080973 ____C () C:\Users\Lewis\Desktop\Troubleshoot HP Installation Failure - Network.hta
 
==================== One Month Modified Files and Folders =======
 
2014-02-23 22:11 - 2014-02-19 12:11 - 00000292 ____C () C:\Windows\Tasks\Digital Sites.job
2014-02-23 22:10 - 2014-02-23 22:05 - 00020568 ____C () C:\Users\Lewis\Desktop\FRST.txt
2014-02-23 22:05 - 2014-02-23 22:05 - 00000000 ___DC () C:\FRST
2014-02-23 22:05 - 2012-02-19 14:42 - 00000000 ___DC () C:\ProgramData\MFAData
2014-02-23 22:05 - 2011-12-21 11:29 - 01812401 ____C () C:\Windows\WindowsUpdate.log
2014-02-23 21:52 - 2014-02-23 21:44 - 02155520 ____C (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2014-02-23 21:50 - 2011-12-24 11:34 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 21:46 - 2012-04-11 10:19 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 21:25 - 2013-04-05 22:07 - 00000338 ____C () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-23 19:25 - 2014-01-18 09:42 - 00003186 ____C () C:\Windows\System32\Tasks\HPCeeScheduleForLewis
2014-02-23 19:25 - 2014-01-18 09:42 - 00000332 ____C () C:\Windows\Tasks\HPCeeScheduleForLewis.job
2014-02-23 18:09 - 2011-12-21 22:07 - 00000000 ___DC () C:\Users\Lewis\Documents\Homeschool
2014-02-23 18:07 - 2012-12-12 08:35 - 00000000 ___DC () C:\Users\Lewis\Desktop\Beau Army Desktop stuff
2014-02-23 18:07 - 2011-12-22 14:36 - 00000000 ___DC () C:\Users\Lewis\Documents\Home
2014-02-23 17:25 - 2013-12-24 11:43 - 00002145 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 15:33 - 2011-08-12 21:57 - 00000000 ___DC () C:\ProgramData\PDFC
2014-02-23 14:43 - 2009-07-13 22:45 - 00024608 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 14:43 - 2009-07-13 22:45 - 00024608 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 14:33 - 2012-03-06 21:49 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Htc
2014-02-23 14:31 - 2014-02-16 16:38 - 00000560 ____C () C:\Windows\setupact.log
2014-02-23 14:31 - 2013-06-02 20:24 - 00000350 ____C () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-23 14:31 - 2011-12-24 11:34 - 00000892 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 14:31 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 14:24 - 2011-12-21 11:37 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E34DE9E6-9879-455C-9B49-E1E621E86B39}
2014-02-23 14:21 - 2014-02-23 14:21 - 00000000 ___DC () C:\Windows\pss
2014-02-23 14:05 - 2011-08-12 22:01 - 00000000 ___DC () C:\ProgramData\truesuite
2014-02-20 19:26 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-20 09:13 - 2014-02-20 09:13 - 00003693 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_091305.txt
2014-02-20 09:09 - 2011-12-29 23:53 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Adobe
2014-02-20 09:04 - 2014-02-18 13:12 - 00000000 ___DC () C:\Users\Lewis\Desktop\RK_Quarantine
2014-02-20 08:55 - 2014-02-16 16:37 - 00008640 ____C () C:\Windows\PFRO.log
2014-02-20 00:41 - 2014-02-13 00:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-20 00:41 - 2014-02-13 00:44 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-20 00:41 - 2014-02-13 00:44 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-20 00:41 - 2014-02-13 00:44 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-20 00:41 - 2014-02-13 00:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-20 00:41 - 2014-02-13 00:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-20 00:41 - 2011-12-21 17:37 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-02-20 00:39 - 2014-02-13 00:44 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-20 00:38 - 2011-02-11 11:15 - 00788672 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 00:38 - 2009-07-13 23:13 - 00788672 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 00:37 - 2014-02-13 00:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-20 00:37 - 2014-02-13 00:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-20 00:37 - 2014-02-13 00:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-20 00:37 - 2014-02-13 00:43 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-20 00:29 - 2014-02-20 00:29 - 00003659 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_002953.txt
2014-02-20 00:12 - 2014-02-19 12:11 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\DigitalSites
2014-02-19 13:13 - 2014-02-19 13:13 - 00000028 ____C () C:\Users\Lewis\AppData\Roaming\WB.CFG
2014-02-19 13:13 - 2014-02-19 13:12 - 03817984 ____C () C:\Users\Lewis\Desktop\RMuerte.exe
2014-02-19 13:09 - 2011-12-22 19:34 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\CrashDumps
2014-02-19 13:08 - 2014-02-19 13:08 - 00003587 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02192014_130822.txt
2014-02-19 12:20 - 2014-02-19 12:20 - 04413952 ____C () C:\Users\Lewis\Desktop\RogueKillerX64.exe
2014-02-19 12:11 - 2014-02-19 12:11 - 00003232 ____C () C:\Windows\System32\Tasks\Digital Sites
2014-02-19 09:26 - 2014-02-19 09:24 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-19 09:26 - 2014-02-19 09:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-19 09:23 - 2014-02-19 09:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-19 09:23 - 2014-02-19 09:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-19 09:23 - 2014-02-19 09:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-19 09:23 - 2014-02-19 09:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-18 12:53 - 2014-02-18 12:52 - 03813376 ____C () C:\Users\Lewis\Desktop\RogueKiller.exe
2014-02-17 22:17 - 2012-06-22 22:39 - 00000000 ___DC () C:\Users\Lewis\Documents\Catholic
2014-02-17 19:57 - 2014-02-17 19:56 - 00028032 ____C () C:\Users\Lewis\Desktop\dds.txt
2014-02-17 19:57 - 2014-02-17 19:56 - 00015866 ____C () C:\Users\Lewis\Desktop\attach.txt
2014-02-17 19:24 - 2014-02-17 19:23 - 00688992 ___RC (Swearware) C:\Users\Lewis\Desktop\dds.com
2014-02-17 18:06 - 2012-03-26 09:14 - 00007606 ____C () C:\Users\Lewis\AppData\Local\resmon.resmoncfg
2014-02-17 14:35 - 2013-11-19 17:01 - 00012800 __SHC () C:\Users\Lewis\Thumbs.db
2014-02-17 12:57 - 2014-02-17 12:22 - 100583192 ____C (Microsoft Corporation) C:\Users\Lewis\Desktop\msert.exe
2014-02-17 06:07 - 2014-02-16 15:25 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 20:32 - 2014-02-16 20:32 - 00003042 ____C () C:\Windows\System32\Tasks\{A85137F4-E920-4434-9A67-B42800103F8F}
2014-02-16 20:25 - 2014-02-16 20:36 - 395554816 ____C () C:\Users\Lewis\Desktop\kav_rescue_10.iso
2014-02-16 19:28 - 2014-02-16 19:25 - 00387584 ____C () C:\Users\Lewis\Desktop\rescue2usb.exe
2014-02-16 17:22 - 2011-12-21 11:37 - 00000000 __RDC () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 16:38 - 2014-02-16 16:38 - 00000000 ____C () C:\Windows\setuperr.log
2014-02-16 16:31 - 2012-12-10 19:15 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\TuneUp Software
2014-02-16 12:02 - 2011-12-27 20:23 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Skype
2014-02-16 12:01 - 2011-12-27 18:51 - 00000000 ___DC () C:\Windows\Minidump
2014-02-16 12:01 - 2011-02-11 11:00 - 00000000 ___DC () C:\Windows\Panther
2014-02-16 11:22 - 2014-02-16 11:22 - 00002772 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-16 11:22 - 2014-02-16 11:22 - 00000824 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-16 11:22 - 2014-02-16 11:22 - 00000000 ___DC () C:\Program Files\CCleaner
2014-02-16 11:20 - 2014-02-16 11:14 - 04721920 ____C (Piriform Ltd) C:\Users\Lewis\Downloads\ccsetup410.exe
2014-02-16 00:22 - 2011-12-21 11:30 - 00000000 ___DC () C:\Users\Lewis
2014-02-15 16:24 - 2013-09-20 20:36 - 00000927 ____C () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-13 18:50 - 2012-01-05 21:17 - 00000000 ____C () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-13 18:50 - 2011-12-22 13:15 - 00000052 ____C () C:\Windows\SysWOW64\DOErrors.log
2014-02-13 11:11 - 2014-02-12 10:22 - 00000000 ___DC () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\AVG SafeGuard toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG Security Toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG SafeGuard toolbar
2014-02-12 07:58 - 2013-01-22 20:50 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Dropbox
2014-02-12 00:47 - 2012-03-07 13:37 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Facebook
2014-02-11 21:59 - 2012-09-17 11:00 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-02-11 21:26 - 2014-02-11 21:11 - 101885720 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\msert (1).exe
2014-02-11 20:41 - 2014-02-11 20:38 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 20:38 - 2014-02-11 20:38 - 00001341 ____C () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Windows\System32\Tasks\Safer-Networking
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 20:30 - 2013-01-22 20:53 - 00000000 __RDC () C:\Users\Lewis\Dropbox
2014-02-11 20:29 - 2012-12-10 19:15 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\AVG Secure Search
2014-02-11 20:27 - 2014-02-11 20:23 - 00000000 ___DC () C:\AdwCleaner
2014-02-11 20:22 - 2014-02-11 20:21 - 01166132 ____C () C:\Users\Lewis\Downloads\AdwCleaner.exe
2014-02-11 20:02 - 2014-02-11 18:53 - 40658208 ____C (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2.2.exe
2014-02-11 19:42 - 2012-12-12 04:23 - 00003218 ____C () C:\Windows\System32\Tasks\HPCeeScheduleForLEWIS-HP$
2014-02-11 19:42 - 2012-12-12 04:23 - 00000342 ____C () C:\Windows\Tasks\HPCeeScheduleForLEWIS-HP$.job
2014-02-11 19:40 - 2014-02-11 19:25 - 25640672 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\Windows-KB890830-x64-V5.9.exe
2014-02-11 18:57 - 2013-10-18 20:45 - 00000000 ___DC () C:\Program Files (x86)\The Weather Channel
2014-02-11 18:52 - 2014-02-11 18:52 - 04102163 ____C () C:\Users\Lewis\Downloads\tdsskiller (2).zip
2014-02-11 16:42 - 2012-01-13 23:19 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\DivoGames
2014-02-11 15:51 - 2014-02-11 15:51 - 00001071 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 13:50 - 2014-02-11 13:28 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Lewis\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-11 11:44 - 2011-12-24 11:34 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 11:44 - 2011-12-24 11:34 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 10:46 - 2011-12-21 13:10 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Spotify
2014-02-09 10:23 - 2011-12-21 13:10 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Spotify
2014-02-08 15:59 - 2014-02-08 15:58 - 04102371 ____C () C:\Users\Lewis\Downloads\tdsskiller (1).zip
2014-02-08 15:56 - 2014-02-08 15:56 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2014-02-08 10:25 - 2013-09-20 20:33 - 00000000 ___DC () C:\ProgramData\AVG2014
2014-02-05 03:46 - 2012-04-11 10:19 - 00692616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 03:46 - 2012-04-11 10:19 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 03:46 - 2011-08-12 21:55 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 19:09 - 2011-12-21 12:13 - 88567024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-03 22:50 - 2013-09-20 20:36 - 00000000 ___DC () C:\Program Files (x86)\AVG Secure Search
2014-02-03 15:13 - 2014-01-21 16:15 - 00000000 ___DC () C:\Users\Lewis\Documents\Malia
2014-02-03 14:42 - 2014-02-03 14:42 - 00000000 ___DC () C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP
2014-02-02 23:26 - 2014-02-01 15:34 - 00000000 ___DC () C:\Users\Lewis\Documents\SPEAK Images
2014-02-02 13:16 - 2014-02-02 13:16 - 00068608 ____C () C:\Users\Lewis\Downloads\4b.xls
2014-01-29 08:17 - 2014-01-29 08:17 - 00001745 ____C () C:\Users\Public\Desktop\iTunes.lnk
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iTunes
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iPod
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-01-29 08:14 - 2011-12-21 13:45 - 00000000 ___DC () C:\ProgramData\Apple
2014-01-26 19:43 - 2012-03-06 21:47 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Downloaded Installations
2014-01-26 19:21 - 2009-07-13 21:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2014-01-24 10:41 - 2014-01-24 10:33 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-24 10:41 - 2014-01-24 10:33 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-24 10:41 - 2011-08-12 21:43 - 00000000 ___DC () C:\Windows\SysWOW64\RTCOM
2014-01-24 10:39 - 2014-01-24 10:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-24 10:39 - 2014-01-24 10:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-24 10:39 - 2014-01-24 10:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-24 10:39 - 2014-01-24 10:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-24 10:39 - 2014-01-24 10:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-24 10:39 - 2014-01-24 10:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-24 10:39 - 2014-01-24 10:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-24 10:39 - 2014-01-24 10:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-24 10:39 - 2014-01-24 10:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-24 10:37 - 2014-01-24 10:37 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-24 10:37 - 2014-01-24 10:37 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-24 10:37 - 2014-01-24 10:37 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-24 10:37 - 2014-01-24 10:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-24 10:37 - 2011-08-12 21:48 - 00005779 ____C () C:\Windows\system32\RaCoInst.log
2014-01-24 10:07 - 2014-01-24 10:07 - 00080973 ____C () C:\Users\Lewis\Desktop\Troubleshoot HP Installation Failure - Network.hta
2014-01-24 10:06 - 2011-08-12 21:48 - 00000000 ___DC () C:\Program Files (x86)\Hp
 
Alureon:
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\wow.dll
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-20 19:19
 
==================== End Of Log ============================


#4 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 February 2014 - 11:41 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2014 02
Ran by Lewis at 2014-02-23 22:14:51
Running from C:\Users\Lewis\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.3.0 - Adobe Systems Incorporated) Hidden
AdolescentScheduler (HKLM-x32\...\{CA7B5F5C-3D2A-49B0-9EB4-DC40A9098998}) (Version: 1.0.0 - ITSO)
AdultScheduler (HKLM-x32\...\{9C335A05-FFD2-4D2D-824E-9A096B71279B}) (Version: 1.0.0 - ITSO)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.1.91 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
BufferChm (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Destinations (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
DocProc (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Find Junk Files 1.51 (HKLM-x32\...\{9FE8D71A-BEBC-48F3-9479-E5E25AE2A4F0}_is1) (Version: 1.51 (Build: 1318) - eyeClaxton Software, Incorporated.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homeschool Tracker Plus (HKLM-x32\...\{69A48217-7B48-498A-9DA3-2E2E93975ACD}) (Version: 6.3.6 - TGHomeSoft)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Color LaserJet CM1015/CM1017 MFP 2.0 (HKLM\...\HP Color LaserJet CM1015_CM1017) (Version: 2.0 - HP)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.11182 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.273 - Hewlett-Packard)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
hppCLJCM1017 (x32 Version: 001.102.00042 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 000.001.00055 - Hewlett-Packard) Hidden
hppIOFiles (x32 Version: 002.000.00030 - Hewlett-Packard) Hidden
hppManualsCM1017 (x32 Version: 001.102.00039 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
hppscanCM1017 (x32 Version: 001.102.00046 - Hewlett-Packard) Hidden
hppScanTo (x32 Version: 001.102.00042 - Hewlett-Packard) Hidden
hppTLBXFXCM1017 (x32 Version: 001.003.00045 - Hewlett-Packard) Hidden
hppusgCM1017 (x32 Version: 000.106.00100 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 002.006.00195 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
Oracle JInitiator 1.3.1.22 (HKLM-x32\...\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}) (Version:  - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Product_Full_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Product_Min_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sheet Music Plus Digital Print (HKLM-x32\...\com.sheetmusicplus.DigitalAirPrint) (Version: v2011.11.14 - Sheet Music Plus, LLC)
Sheet Music Plus Digital Print (x32 Version: 255.11.14 - Sheet Music Plus, LLC) Hidden
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
SolutionCenter (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TrayApp (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Typing Instructor for Kids (HKLM-x32\...\{94D3E3CE-CE56-428B-A92D-F06B7723CF9E}) (Version: 5.0.0 - Individual Software)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS) <==== ATTENTION
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Viewer_armyifx (HKLM-x32\...\Viewer_armyifx) (Version: 3.5.1 - )
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {037D87C9-281A-4B13-AA39-92FBE0B3ECE0} - System32\Tasks\HPCeeScheduleForLewis => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {156A4737-DF81-4A8E-9CA1-2A8D8834BE8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {24370377-FBA5-4C7C-B221-8EB00DBA733A} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{95F8127F-E2ED-4455-A48B-C34FE567A471}.exe
Task: {246AB64C-E87C-4A8B-A32D-EDE2ADD3967E} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {28C68E97-0E72-4452-BCE7-5535C62623F6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2917B8C1-5648-442D-85F2-3952F107E928} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {3CD7A425-0567-4CFD-8FEB-B9198C5AB2B5} - System32\Tasks\AdobeAAMUpdater-1.0-Lewis-HP-Lewis => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {413CA579-A1F6-463E-84AD-3E0E0643B945} - System32\Tasks\{17A36F3A-732A-4C73-982E-C11D1FF630CD} => C:\Users\Lewis\AppData\Local\Amazon\Kindle\application\Kindle.exe [2012-07-03] (Amazon.com)
Task: {46C28ABC-7FB1-48A1-9D78-8362A1E9B428} - System32\Tasks\{F696FAD5-D314-4839-A3B7-113EFF62CC72} => C:\Program Files (x86)\Free Download Manager\fdm.exe
Task: {5423F311-BF7D-4695-AF18-4F559E357A27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {6EEFDFDD-F0DA-4ADC-8DAC-08E2F39CA84E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {732876F6-90AB-4CF4-88A2-E188BE5B7C67} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {8131D5E5-4156-4B23-B1B8-DD93E0C0B3C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {9348D7DE-3E6B-40FD-94E3-44EB5B1E4E0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {97F40515-E58B-4871-9139-BC79AAC18D28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.)
Task: {97FAA6E4-C49E-4C18-9A5F-B399B5C0E4ED} - System32\Tasks\Digital Sites => C:\Users\Lewis\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9AE70E49-0102-47FF-B88D-AF8E54EDC03F} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A547F44D-4657-4894-99AA-45E24CDA0561} - System32\Tasks\{280CAF4A-471A-4D3F-BC9A-A00FDC6A6A71} => C:\Users\Lewis\Desktop\hp_CLJ_CM1015-CM1017_v32v64_Full_Solution_AMWE.exe [2011-12-21] ()
Task: {ABFDB75D-4EAC-4AAF-9D92-AF3A73DA076C} - System32\Tasks\HPCeeScheduleForLEWIS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BE486385-3BB2-483B-A4BE-A9793C9CC638} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {BE732B26-DBCB-4EC2-ACD1-B97D47AA2448} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C0562963-E8F7-470A-AADA-F2F3888E5A86} - \Scheduled Update for Ask Toolbar No Task File
Task: {C10ABC6C-D41E-4A46-BFDF-D09962610D15} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {CA69049E-3C29-4D91-9D80-A0E6124A661B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E5C32A2E-9A26-4CC7-A211-E1345C2AF582} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7BD72A9-5C04-4896-9B3F-08ECBE45D2F0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {EA71E06F-001C-4F02-9769-4BA7CC6D1E78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-01-22] ()
Task: {F40FC6C3-47B8-4203-BE4A-802FF9FE39EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{95F8127F-E2ED-4455-A48B-C34FE567A471}.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Lewis\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLEWIS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLewis.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-12 21:40 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-06 22:07 - 2011-02-14 07:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
2012-04-17 16:05 - 2012-04-17 16:05 - 00651264 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2014-02-12 10:23 - 2014-02-13 11:11 - 02552856 ____C () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-12-23 10:19 - 2013-12-23 10:19 - 00017920 ____C () C:\Users\Lewis\AppData\Local\IQXsoft\DvMapUI.dll
2014-02-11 20:38 - 2013-05-16 10:55 - 00113496 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-11 20:38 - 2013-05-16 10:55 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-11 20:38 - 2013-05-16 10:55 - 00161112 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-11 20:38 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-11 20:38 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 00103936 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 00516599 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 00094208 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 00389120 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 00151552 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 00172032 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 00559244 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-04-17 16:05 - 2012-04-17 16:05 - 01515520 ____C () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2014-02-12 10:23 - 2014-02-12 10:22 - 00519704 ____C () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 ____C () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 ____C () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Lewis\Downloads\Family PT Day- Seeking Volunteers to help with kids games and_or bring food (UNCLASSIFIED).eml:OECustomProperty
AlternateDataStreams: C:\Users\Lewis\Downloads\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\Lewis\Downloads\Reading assignments (UNCLASSIFIED) (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Lewis\Downloads\Reading assignments (UNCLASSIFIED) (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Lewis\Downloads\Reading assignments (UNCLASSIFIED).eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39948682.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39948682.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: AVG-Secure-Search-Update_0214c => C:\Users\Lewis\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=025df3a84d4947d19971d14acce4e9e6-d215e70cf21ce46d444115bbc173d536abe84689 /CMPID=0214c
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1325041409\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Photosmart 7520 series (NET) => "C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2882B23705VV:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HPUsageTracking => "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PCShowServer => "C:\Users\Lewis\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lewis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: ToolBoxFX => "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/23/2014 10:07:18 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2a6c
 
Start Time: 01cf31159addafe4
 
Termination Time: 0
 
Application Path: C:\Users\Lewis\Desktop\FRST64.exe
 
Report Id: f5cf03b2-9d08-11e3-839c-00038a000015
 
Error: (02/23/2014 02:27:16 PM) (Source: Application Hang) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2588
 
Start Time: 01cf30d518b21a0f
 
Termination Time: 10
 
Application Path: C:\Windows\system32\mmc.exe
 
Report Id: cf5b9758-9cc8-11e3-835d-00038a000015
 
Error: (02/20/2014 09:29:54 PM) (Source: Application Hang) (User: )
Description: The program avgui.exe version 14.0.0.4330 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3c90
 
Start Time: 01cf2eb509a1b1c3
 
Termination Time: 15
 
Application Path: C:\Program Files (x86)\AVG\AVG2014\avgui.exe
 
Report Id: 6cef9d99-9aa8-11e3-8fd4-00038a000015
 
Error: (02/20/2014 09:28:45 PM) (Source: Application Hang) (User: )
Description: The program avgui.exe version 14.0.0.4330 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1440
 
Start Time: 01cf2e4c104035ca
 
Termination Time: 94
 
Application Path: C:\Program Files (x86)\AVG\AVG2014\avgui.exe
 
Report Id: 4326358a-9aa8-11e3-8fd4-00038a000015
 
Error: (02/20/2014 09:32:59 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/20/2014 09:08:19 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (02/19/2014 03:44:03 PM) (Source: Application Hang) (User: )
Description: The program SDScan.exe version 2.2.18.177 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 48bc
 
Start Time: 01cf2dbafabeea50
 
Termination Time: 50
 
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
Report Id: ceaf2c82-99ae-11e3-8fa6-00038a000015
 
Error: (02/19/2014 03:35:29 PM) (Source: Application Hang) (User: )
Description: The program RogueKiller  reg(1).exe version 8.8.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14e4
 
Start Time: 01cf2da6c7c6fd8d
 
Termination Time: 3
 
Application Path: C:\Users\Lewis\Desktop\RogueKiller  reg(1).exe
 
Report Id: ad4b75eb-99ad-11e3-8fa6-00038a000015
 
Error: (02/19/2014 01:08:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: RogueKillerX64.exe, version: 8.8.8.0, time stamp: 0x530479ed
Faulting module name: RogueKillerX64.exe, version: 8.8.8.0, time stamp: 0x530479ed
Exception code: 0xc0000005
Fault offset: 0x000000000007840b
Faulting process id: 0xfb4
Faulting application start time: 0xRogueKillerX64.exe0
Faulting application path: RogueKillerX64.exe1
Faulting module path: RogueKillerX64.exe2
Report Id: RogueKillerX64.exe3
 
Error: (02/18/2014 08:57:34 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
 
System errors:
=============
Error: (02/23/2014 07:31:55 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/23/2014 02:38:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:35 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
Error: (02/23/2014 02:38:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%126
 
 
Microsoft Office Sessions:
=========================
Error: (02/23/2014 10:07:18 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.22a6c01cf31159addafe40C:\Users\Lewis\Desktop\FRST64.exef5cf03b2-9d08-11e3-839c-00038a000015
 
Error: (02/23/2014 02:27:16 PM) (Source: Application Hang)(User: )
Description: mmc.exe6.1.7600.16385258801cf30d518b21a0f10C:\Windows\system32\mmc.execf5b9758-9cc8-11e3-835d-00038a000015
 
Error: (02/20/2014 09:29:54 PM) (Source: Application Hang)(User: )
Description: avgui.exe14.0.0.43303c9001cf2eb509a1b1c315C:\Program Files (x86)\AVG\AVG2014\avgui.exe6cef9d99-9aa8-11e3-8fd4-00038a000015
 
Error: (02/20/2014 09:28:45 PM) (Source: Application Hang)(User: )
Description: avgui.exe14.0.0.4330144001cf2e4c104035ca94C:\Program Files (x86)\AVG\AVG2014\avgui.exe4326358a-9aa8-11e3-8fd4-00038a000015
 
Error: (02/20/2014 09:32:59 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 
System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (02/20/2014 09:08:19 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 
System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (02/19/2014 03:44:03 PM) (Source: Application Hang)(User: )
Description: SDScan.exe2.2.18.17748bc01cf2dbafabeea5050C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.execeaf2c82-99ae-11e3-8fa6-00038a000015
 
Error: (02/19/2014 03:35:29 PM) (Source: Application Hang)(User: )
Description: RogueKiller  reg(1).exe8.8.8.014e401cf2da6c7c6fd8d3C:\Users\Lewis\Desktop\RogueKiller  reg(1).exead4b75eb-99ad-11e3-8fa6-00038a000015
 
Error: (02/19/2014 01:08:42 PM) (Source: Application Error)(User: )
Description: RogueKillerX64.exe8.8.8.0530479edRogueKillerX64.exe8.8.8.0530479edc0000005000000000007840bfb401cf2d9f513060ccC:\Users\Lewis\Desktop\RogueKillerX64.exeC:\Users\Lewis\Desktop\RogueKillerX64.exe3eb67f5a-9999-11e3-8fa6-00038a000015
 
Error: (02/18/2014 08:57:34 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 85%
Total physical RAM: 6050.52 MB
Available physical RAM: 849.74 MB
Total Pagefile: 12099.21 MB
Available Pagefile: 4659.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.73 GB) (Free:783.76 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 653988FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 23 February 2014 - 11:44 PM

A "friend" suggested cleaning up my desktop (which to me had very little to do with this), but also suggesting defrag hard drive, and some other things (he never opened the task manager) and swore that dllhost is some kind of "time bomb" that windows sets to go off when a new windows version comes out.  

 

Sigh.

 

Now in addition to the dllhost hogging the cpu, I have a window popping up "Your current security settings do not allow this file to be downloaded".  But I am not trying to download anything.  This all seems to go away if I disconnect from the internet.  Not sure if this helps but thought I would mention it all.

 

Thanks!!



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 24 February 2014 - 03:36 AM

Hi,

and swore that dllhost is some kind of "time bomb" that windows sets to go off when a new windows version comes out.

I've no idea what your friend might be talking about :scratchhead:  (and I suspect he doesn't neither..).
No, your symptoms are caused by the malware that is running on your computer.
Please don't try any removal actions on your own while we are trying to get rid of this malware.
 
 
Let's do two fixes with a reboot in between:
(Beware: Although the first two steps look identical the two fixlist.txt that are provided are different!)


Step 1

Please download this attached Attached File  fixlist.txt   230bytes   9 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Reboot your computer immediately after this fix.



Step 2

Please download this attached Attached File  fixlist.txt   221bytes   6 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Reboot your computer again.



Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 February 2014 - 02:41 PM

Before I do this, I want to make sure I understand...when you say directory...do you mean where the file is saved?  Not sure I understand that part.  The addition and frst text files seemed to just pop up after running the FRST program (which is saved to the desktop).  So for the sake of not messing this up more...exactly where do I save these?  



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 24 February 2014 - 03:05 PM

when you say directory...do you mean where the file is saved?

Exactly. Save the fixlist.txt to the Desktop. (One at a time. First the one from step 1, and after the first fix and the reboot the fixlist.txt from step 2.)

#9 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 February 2014 - 03:50 PM

Here's the first one:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014
Ran by Lewis at 2014-02-24 14:48:45 Run:1
Running from C:\Users\Lewis\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [IQXsoft] - regsvr32.exe C:\Users\Lewis\AppData\Local\IQXsoft\DvMapUI.dll <===== ATTENTION
C:\Users\Lewis\AppData\Local\Temp\saeeibw
C:\Users\Lewis\AppData\Local\IQXsoft
*****************
 
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IQXsoft => Value deleted successfully.
 
"C:\Users\Lewis\AppData\Local\Temp\saeeibw" directory move:
 
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp10C5.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp10F5.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp17.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp188E.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp188F.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp1EC7.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp21C2.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp2231.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp2A08.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp2A09.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp2C70.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp3B92.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp3B93.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp4D0C.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp4D0D.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp4E67.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp507A.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp5621.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp5631.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp5DCD.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp5E86.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp5E87.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp6.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp676C.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp678C.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp7000.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp7001.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp7047.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp714.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp715.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp784A.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp785B.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp817A.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp817B.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp89A5.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp89B6.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp92F5.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp92F6.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp9AC2.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmp9AD2.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpA46F.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpA470.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpAAB6.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpAAC6.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpB119.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpB139.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpB5E9.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpB5EA.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpB9FE.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpBC20.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpBC31.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpBE01.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpC254.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpC274.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpC763.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpC764.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpCD5C.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpCD6D.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD2A6.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD2A7.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD380.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD3B0.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD4B.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD4C.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD8DD.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpD8DE.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpDD50.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpDD61.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpDDDF.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpE420.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpE421.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpE48D.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpE4CD.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpEA57.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpEA58.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpEB4A.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpEBA8.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpEEAB.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpEEBC.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpF0BF.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpF59A.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpF59B.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpF5B9.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpF5E9.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpFBD1.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\tmpFBD2.tmp => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\wow.dll => Moved successfully.
C:\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\wow.ini => Moved successfully.
"C:\Users\Lewis\AppData\Local\Temp\saeeibw" => Directory moved successfully.
 
C:\Users\Lewis\AppData\Local\IQXsoft => Moved successfully.
 
==== End of Fixlog ====


#10 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 February 2014 - 03:58 PM

Part Two:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014
Ran by Lewis at 2014-02-24 14:58:28 Run:2
Running from C:\Users\Lewis\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Lewis\AppData\Local\Temp\saeeibw\silmvcy\wow.dll ATTENTION! ====> ZeroAccess?
*****************
 
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
 
==== End of Fixlog ====


#11 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 February 2014 - 04:05 PM

Step three:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014
Ran by Lewis (administrator) on LEWIS-HP on 24-02-2014 15:03:39
Running from C:\Users\Lewis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-13] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [DW7] - "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\MountPoints2: {16827164-29b7-11e3-b460-00038a000015} - K:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\MountPoints2: {d9db8594-67a0-11e1-8a2b-00038a000015} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-3346182691-426452167-2658289945-1000\...\MountPoints2: {d9db8601-67a0-11e1-8a2b-00038a000015} - K:\TL-Bootstrap.exe
Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:blank
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5E264D88-D3A5-498A-9AA1-8ECDAC8F52AD}&mid=025df3a84d4947d19971d14acce4e9e6-d215e70cf21ce46d444115bbc173d536abe84689&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-12 10:23:08&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5E264D88-D3A5-498A-9AA1-8ECDAC8F52AD}&mid=025df3a84d4947d19971d14acce4e9e6-d215e70cf21ce46d444115bbc173d536abe84689&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-12 10:23:08&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKCU - {E626378A-4AB3-41C0-9916-7B99F8197CFE} URL = 
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: HKLM-x32 {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} http://www.fultoncourtrecords.com:7778/forms/jinitiator/jinit.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
 
Chrome: 
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={5E264D88-D3A5-498A-9AA1-8ECDAC8F52AD}&mid=025df3a84d4947d19971d14acce4e9e6-d215e70cf21ce46d444115bbc173d536abe84689&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-12 10:23:08&v=17.3.1.91&pid=safeguard&sg=&sap=hp
CHR Extension: (Google Docs) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-09-11]
CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Website Logon) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2011-12-22]
CHR Extension: (Pin It Button) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-02-12]
CHR Extension: (AVG SafeGuard toolbar) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-02-12]
CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [aaaanoehjhfnnichccofiabhckegmaaj] - C:\Users\Lewis\AppData\Local\APN\GoogleCRXs\aaaanoehjhfnnichccofiabhckegmaaj_7.15.4.0.crx [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-02-12] (AVG Secure Search)
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-12] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-24 14:46 - 2014-02-24 14:46 - 00000000 ___DC () C:\Users\Lewis\Desktop\FRST-OlderVersion
2014-02-23 22:14 - 2014-02-23 22:18 - 00055864 ____C () C:\Users\Lewis\Desktop\Addition.txt
2014-02-23 22:05 - 2014-02-24 15:03 - 00018399 ____C () C:\Users\Lewis\Desktop\FRST.txt
2014-02-23 22:05 - 2014-02-24 15:03 - 00000000 ___DC () C:\FRST
2014-02-23 21:44 - 2014-02-24 14:46 - 02156032 ____C (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2014-02-23 14:21 - 2014-02-23 14:21 - 00000000 ___DC () C:\Windows\pss
2014-02-20 09:13 - 2014-02-20 09:13 - 00003693 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_091305.txt
2014-02-20 00:29 - 2014-02-20 00:29 - 00003659 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_002953.txt
2014-02-19 13:13 - 2014-02-19 13:13 - 00000028 ____C () C:\Users\Lewis\AppData\Roaming\WB.CFG
2014-02-19 13:12 - 2014-02-19 13:13 - 03817984 ____C () C:\Users\Lewis\Desktop\RMuerte.exe
2014-02-19 13:08 - 2014-02-19 13:08 - 00003587 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02192014_130822.txt
2014-02-19 12:20 - 2014-02-19 12:20 - 04413952 ____C () C:\Users\Lewis\Desktop\RogueKillerX64.exe
2014-02-19 12:11 - 2014-02-24 14:11 - 00000292 ____C () C:\Windows\Tasks\Digital Sites.job
2014-02-19 12:11 - 2014-02-20 00:12 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\DigitalSites
2014-02-19 12:11 - 2014-02-19 12:11 - 00003232 ____C () C:\Windows\System32\Tasks\Digital Sites
2014-02-19 09:24 - 2014-02-19 09:26 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-19 09:24 - 2014-02-19 09:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-19 09:17 - 2014-02-19 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-19 09:17 - 2014-02-19 09:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-19 09:17 - 2014-02-19 09:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-19 09:16 - 2014-02-19 09:23 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-19 09:16 - 2014-02-19 09:23 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-19 09:16 - 2014-02-19 09:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-19 09:16 - 2014-02-19 09:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-18 13:12 - 2014-02-20 09:04 - 00000000 ___DC () C:\Users\Lewis\Desktop\RK_Quarantine
2014-02-18 12:52 - 2014-02-18 12:53 - 03813376 ____C () C:\Users\Lewis\Desktop\RogueKiller.exe
2014-02-17 19:56 - 2014-02-17 19:57 - 00028032 ____C () C:\Users\Lewis\Desktop\dds.txt
2014-02-17 19:56 - 2014-02-17 19:57 - 00015866 ____C () C:\Users\Lewis\Desktop\attach.txt
2014-02-17 19:23 - 2014-02-17 19:24 - 00688992 ___RC (Swearware) C:\Users\Lewis\Desktop\dds.com
2014-02-17 12:22 - 2014-02-17 12:57 - 100583192 ____C (Microsoft Corporation) C:\Users\Lewis\Desktop\msert.exe
2014-02-16 20:36 - 2014-02-16 20:25 - 395554816 ____C () C:\Users\Lewis\Desktop\kav_rescue_10.iso
2014-02-16 20:32 - 2014-02-16 20:32 - 00003042 ____C () C:\Windows\System32\Tasks\{A85137F4-E920-4434-9A67-B42800103F8F}
2014-02-16 19:25 - 2014-02-16 19:28 - 00387584 ____C () C:\Users\Lewis\Desktop\rescue2usb.exe
2014-02-16 16:38 - 2014-02-24 15:00 - 00000728 ____C () C:\Windows\setupact.log
2014-02-16 16:38 - 2014-02-16 16:38 - 00000000 ____C () C:\Windows\setuperr.log
2014-02-16 16:37 - 2014-02-20 08:55 - 00008640 ____C () C:\Windows\PFRO.log
2014-02-16 15:25 - 2014-02-17 06:07 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 11:22 - 2014-02-16 11:22 - 00002772 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-16 11:22 - 2014-02-16 11:22 - 00000824 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-16 11:22 - 2014-02-16 11:22 - 00000000 ___DC () C:\Program Files\CCleaner
2014-02-16 11:14 - 2014-02-16 11:20 - 04721920 ____C (Piriform Ltd) C:\Users\Lewis\Downloads\ccsetup410.exe
2014-02-13 00:44 - 2014-02-20 00:41 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 00:44 - 2014-02-20 00:41 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 00:44 - 2014-02-20 00:41 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 00:44 - 2014-02-20 00:41 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 00:44 - 2014-02-20 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 00:44 - 2014-02-20 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 00:44 - 2014-02-20 00:39 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 00:44 - 2014-02-20 00:39 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 00:43 - 2014-02-20 00:37 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\AVG SafeGuard toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG Security Toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG SafeGuard toolbar
2014-02-12 10:22 - 2014-02-13 11:11 - 00000000 ___DC () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-11 21:11 - 2014-02-11 21:26 - 101885720 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\msert (1).exe
2014-02-11 20:38 - 2014-02-11 20:41 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 20:38 - 2014-02-11 20:38 - 00001341 ____C () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Windows\System32\Tasks\Safer-Networking
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 20:38 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-11 20:23 - 2014-02-11 20:27 - 00000000 ___DC () C:\AdwCleaner
2014-02-11 20:21 - 2014-02-11 20:22 - 01166132 ____C () C:\Users\Lewis\Downloads\AdwCleaner.exe
2014-02-11 19:25 - 2014-02-11 19:40 - 25640672 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\Windows-KB890830-x64-V5.9.exe
2014-02-11 18:53 - 2014-02-11 20:02 - 40658208 ____C (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2.2.exe
2014-02-11 18:52 - 2014-02-11 18:52 - 04102163 ____C () C:\Users\Lewis\Downloads\tdsskiller (2).zip
2014-02-11 15:51 - 2014-02-11 15:51 - 00001071 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 15:51 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 13:28 - 2014-02-11 13:50 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Lewis\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 15:58 - 2014-02-08 15:59 - 04102371 ____C () C:\Users\Lewis\Downloads\tdsskiller (1).zip
2014-02-08 15:56 - 2014-02-08 15:56 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2014-02-03 14:42 - 2014-02-03 14:42 - 00000000 ___DC () C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP
2014-02-02 13:16 - 2014-02-02 13:16 - 00068608 ____C () C:\Users\Lewis\Downloads\4b.xls
2014-02-01 15:34 - 2014-02-02 23:26 - 00000000 ___DC () C:\Users\Lewis\Documents\SPEAK Images
2014-01-29 08:17 - 2014-01-29 08:17 - 00001745 ____C () C:\Users\Public\Desktop\iTunes.lnk
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iTunes
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iPod
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files (x86)\iTunes
 
==================== One Month Modified Files and Folders =======
 
2014-02-24 15:03 - 2014-02-23 22:05 - 00018399 ____C () C:\Users\Lewis\Desktop\FRST.txt
2014-02-24 15:03 - 2014-02-23 22:05 - 00000000 ___DC () C:\FRST
2014-02-24 15:01 - 2012-03-06 21:49 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Htc
2014-02-24 15:01 - 2011-08-12 21:57 - 00000000 ___DC () C:\ProgramData\PDFC
2014-02-24 15:00 - 2014-02-16 16:38 - 00000728 ____C () C:\Windows\setupact.log
2014-02-24 15:00 - 2013-06-02 20:24 - 00000350 ____C () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-24 15:00 - 2011-12-24 11:34 - 00000892 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 15:00 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 14:59 - 2011-12-21 11:29 - 01841165 ____C () C:\Windows\WindowsUpdate.log
2014-02-24 14:59 - 2009-07-13 22:45 - 00024608 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 14:59 - 2009-07-13 22:45 - 00024608 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 14:56 - 2011-12-21 11:37 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E34DE9E6-9879-455C-9B49-E1E621E86B39}
2014-02-24 14:54 - 2011-12-24 11:34 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 14:46 - 2014-02-24 14:46 - 00000000 ___DC () C:\Users\Lewis\Desktop\FRST-OlderVersion
2014-02-24 14:46 - 2014-02-23 21:44 - 02156032 ____C (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2014-02-24 14:46 - 2012-04-11 10:19 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 14:25 - 2013-04-05 22:07 - 00000338 ____C () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-24 14:11 - 2014-02-19 12:11 - 00000292 ____C () C:\Windows\Tasks\Digital Sites.job
2014-02-24 13:31 - 2012-02-19 14:42 - 00000000 ___DC () C:\ProgramData\MFAData
2014-02-24 13:25 - 2011-08-12 22:01 - 00000000 ___DC () C:\ProgramData\truesuite
2014-02-23 22:18 - 2014-02-23 22:14 - 00055864 ____C () C:\Users\Lewis\Desktop\Addition.txt
2014-02-23 19:25 - 2014-01-18 09:42 - 00003186 ____C () C:\Windows\System32\Tasks\HPCeeScheduleForLewis
2014-02-23 19:25 - 2014-01-18 09:42 - 00000332 ____C () C:\Windows\Tasks\HPCeeScheduleForLewis.job
2014-02-23 18:09 - 2011-12-21 22:07 - 00000000 ___DC () C:\Users\Lewis\Documents\Homeschool
2014-02-23 18:07 - 2012-12-12 08:35 - 00000000 ___DC () C:\Users\Lewis\Desktop\Beau Army Desktop stuff
2014-02-23 18:07 - 2011-12-22 14:36 - 00000000 ___DC () C:\Users\Lewis\Documents\Home
2014-02-23 17:25 - 2013-12-24 11:43 - 00002145 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 14:21 - 2014-02-23 14:21 - 00000000 ___DC () C:\Windows\pss
2014-02-20 19:26 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-20 09:13 - 2014-02-20 09:13 - 00003693 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_091305.txt
2014-02-20 09:09 - 2011-12-29 23:53 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Adobe
2014-02-20 09:04 - 2014-02-18 13:12 - 00000000 ___DC () C:\Users\Lewis\Desktop\RK_Quarantine
2014-02-20 08:55 - 2014-02-16 16:37 - 00008640 ____C () C:\Windows\PFRO.log
2014-02-20 00:41 - 2014-02-13 00:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-20 00:41 - 2014-02-13 00:44 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-20 00:41 - 2014-02-13 00:44 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-20 00:41 - 2014-02-13 00:44 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-20 00:41 - 2014-02-13 00:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-20 00:41 - 2014-02-13 00:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-20 00:41 - 2011-12-21 17:37 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-02-20 00:39 - 2014-02-13 00:44 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-20 00:39 - 2014-02-13 00:44 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-20 00:39 - 2014-02-13 00:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-20 00:38 - 2011-02-11 11:15 - 00788672 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 00:38 - 2009-07-13 23:13 - 00788672 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 00:37 - 2014-02-13 00:43 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-20 00:37 - 2014-02-13 00:43 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-20 00:37 - 2014-02-13 00:43 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-20 00:37 - 2014-02-13 00:43 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-20 00:29 - 2014-02-20 00:29 - 00003659 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02202014_002953.txt
2014-02-20 00:12 - 2014-02-19 12:11 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\DigitalSites
2014-02-19 13:13 - 2014-02-19 13:13 - 00000028 ____C () C:\Users\Lewis\AppData\Roaming\WB.CFG
2014-02-19 13:13 - 2014-02-19 13:12 - 03817984 ____C () C:\Users\Lewis\Desktop\RMuerte.exe
2014-02-19 13:09 - 2011-12-22 19:34 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\CrashDumps
2014-02-19 13:08 - 2014-02-19 13:08 - 00003587 ____C () C:\Users\Lewis\Desktop\RKreport[0]_S_02192014_130822.txt
2014-02-19 12:20 - 2014-02-19 12:20 - 04413952 ____C () C:\Users\Lewis\Desktop\RogueKillerX64.exe
2014-02-19 12:11 - 2014-02-19 12:11 - 00003232 ____C () C:\Windows\System32\Tasks\Digital Sites
2014-02-19 09:26 - 2014-02-19 09:24 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-19 09:26 - 2014-02-19 09:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-19 09:23 - 2014-02-19 09:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-19 09:23 - 2014-02-19 09:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-19 09:23 - 2014-02-19 09:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-19 09:23 - 2014-02-19 09:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-19 09:23 - 2014-02-19 09:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-19 09:23 - 2014-02-19 09:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-19 09:23 - 2014-02-19 09:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-18 12:53 - 2014-02-18 12:52 - 03813376 ____C () C:\Users\Lewis\Desktop\RogueKiller.exe
2014-02-17 22:17 - 2012-06-22 22:39 - 00000000 ___DC () C:\Users\Lewis\Documents\Catholic
2014-02-17 19:57 - 2014-02-17 19:56 - 00028032 ____C () C:\Users\Lewis\Desktop\dds.txt
2014-02-17 19:57 - 2014-02-17 19:56 - 00015866 ____C () C:\Users\Lewis\Desktop\attach.txt
2014-02-17 19:24 - 2014-02-17 19:23 - 00688992 ___RC (Swearware) C:\Users\Lewis\Desktop\dds.com
2014-02-17 18:06 - 2012-03-26 09:14 - 00007606 ____C () C:\Users\Lewis\AppData\Local\resmon.resmoncfg
2014-02-17 14:35 - 2013-11-19 17:01 - 00012800 __SHC () C:\Users\Lewis\Thumbs.db
2014-02-17 12:57 - 2014-02-17 12:22 - 100583192 ____C (Microsoft Corporation) C:\Users\Lewis\Desktop\msert.exe
2014-02-17 06:07 - 2014-02-16 15:25 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 20:32 - 2014-02-16 20:32 - 00003042 ____C () C:\Windows\System32\Tasks\{A85137F4-E920-4434-9A67-B42800103F8F}
2014-02-16 20:25 - 2014-02-16 20:36 - 395554816 ____C () C:\Users\Lewis\Desktop\kav_rescue_10.iso
2014-02-16 19:28 - 2014-02-16 19:25 - 00387584 ____C () C:\Users\Lewis\Desktop\rescue2usb.exe
2014-02-16 17:22 - 2011-12-21 11:37 - 00000000 __RDC () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 16:38 - 2014-02-16 16:38 - 00000000 ____C () C:\Windows\setuperr.log
2014-02-16 16:31 - 2012-12-10 19:15 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\TuneUp Software
2014-02-16 12:02 - 2011-12-27 20:23 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Skype
2014-02-16 12:01 - 2011-12-27 18:51 - 00000000 ___DC () C:\Windows\Minidump
2014-02-16 12:01 - 2011-02-11 11:00 - 00000000 ___DC () C:\Windows\Panther
2014-02-16 11:22 - 2014-02-16 11:22 - 00002772 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-16 11:22 - 2014-02-16 11:22 - 00000824 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-16 11:22 - 2014-02-16 11:22 - 00000000 ___DC () C:\Program Files\CCleaner
2014-02-16 11:20 - 2014-02-16 11:14 - 04721920 ____C (Piriform Ltd) C:\Users\Lewis\Downloads\ccsetup410.exe
2014-02-16 00:22 - 2011-12-21 11:30 - 00000000 ___DC () C:\Users\Lewis
2014-02-15 16:24 - 2013-09-20 20:36 - 00000927 ____C () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-13 18:50 - 2012-01-05 21:17 - 00000000 ____C () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-13 18:50 - 2011-12-22 13:15 - 00000052 ____C () C:\Windows\SysWOW64\DOErrors.log
2014-02-13 11:11 - 2014-02-12 10:22 - 00000000 ___DC () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\AVG SafeGuard toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG Security Toolbar
2014-02-12 10:23 - 2014-02-12 10:23 - 00000000 ___DC () C:\ProgramData\AVG SafeGuard toolbar
2014-02-12 07:58 - 2013-01-22 20:50 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Dropbox
2014-02-12 00:47 - 2012-03-07 13:37 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Facebook
2014-02-11 21:59 - 2012-09-17 11:00 - 00000000 ___DC () C:\Program Files (x86)\Citrix
2014-02-11 21:26 - 2014-02-11 21:11 - 101885720 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\msert (1).exe
2014-02-11 20:41 - 2014-02-11 20:38 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 20:38 - 2014-02-11 20:38 - 00001341 ____C () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Windows\System32\Tasks\Safer-Networking
2014-02-11 20:38 - 2014-02-11 20:38 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 20:30 - 2013-01-22 20:53 - 00000000 __RDC () C:\Users\Lewis\Dropbox
2014-02-11 20:29 - 2012-12-10 19:15 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\AVG Secure Search
2014-02-11 20:27 - 2014-02-11 20:23 - 00000000 ___DC () C:\AdwCleaner
2014-02-11 20:22 - 2014-02-11 20:21 - 01166132 ____C () C:\Users\Lewis\Downloads\AdwCleaner.exe
2014-02-11 20:02 - 2014-02-11 18:53 - 40658208 ____C (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2.2.exe
2014-02-11 19:42 - 2012-12-12 04:23 - 00003218 ____C () C:\Windows\System32\Tasks\HPCeeScheduleForLEWIS-HP$
2014-02-11 19:42 - 2012-12-12 04:23 - 00000342 ____C () C:\Windows\Tasks\HPCeeScheduleForLEWIS-HP$.job
2014-02-11 19:40 - 2014-02-11 19:25 - 25640672 ____C (Microsoft Corporation) C:\Users\Lewis\Downloads\Windows-KB890830-x64-V5.9.exe
2014-02-11 18:57 - 2013-10-18 20:45 - 00000000 ___DC () C:\Program Files (x86)\The Weather Channel
2014-02-11 18:52 - 2014-02-11 18:52 - 04102163 ____C () C:\Users\Lewis\Downloads\tdsskiller (2).zip
2014-02-11 16:42 - 2012-01-13 23:19 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\DivoGames
2014-02-11 15:51 - 2014-02-11 15:51 - 00001071 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-02-11 15:51 - 2014-02-11 15:51 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 13:50 - 2014-02-11 13:28 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\Lewis\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-11 11:44 - 2011-12-24 11:34 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 11:44 - 2011-12-24 11:34 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 10:46 - 2011-12-21 13:10 - 00000000 ___DC () C:\Users\Lewis\AppData\Roaming\Spotify
2014-02-09 10:23 - 2011-12-21 13:10 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Spotify
2014-02-08 15:59 - 2014-02-08 15:58 - 04102371 ____C () C:\Users\Lewis\Downloads\tdsskiller (1).zip
2014-02-08 15:56 - 2014-02-08 15:56 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2014-02-08 10:25 - 2013-09-20 20:33 - 00000000 ___DC () C:\ProgramData\AVG2014
2014-02-05 03:46 - 2012-04-11 10:19 - 00692616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 03:46 - 2012-04-11 10:19 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 03:46 - 2011-08-12 21:55 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 19:09 - 2011-12-21 12:13 - 88567024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-03 22:50 - 2013-09-20 20:36 - 00000000 ___DC () C:\Program Files (x86)\AVG Secure Search
2014-02-03 15:13 - 2014-01-21 16:15 - 00000000 ___DC () C:\Users\Lewis\Documents\Malia
2014-02-03 14:42 - 2014-02-03 14:42 - 00000000 ___DC () C:\Windows\08BFB9128D714E299A8018BFB385F19B.TMP
2014-02-02 23:26 - 2014-02-01 15:34 - 00000000 ___DC () C:\Users\Lewis\Documents\SPEAK Images
2014-02-02 13:16 - 2014-02-02 13:16 - 00068608 ____C () C:\Users\Lewis\Downloads\4b.xls
2014-01-29 08:17 - 2014-01-29 08:17 - 00001745 ____C () C:\Users\Public\Desktop\iTunes.lnk
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iTunes
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files\iPod
2014-01-29 08:17 - 2014-01-29 08:17 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-01-29 08:14 - 2011-12-21 13:45 - 00000000 ___DC () C:\ProgramData\Apple
2014-01-26 19:43 - 2012-03-06 21:47 - 00000000 ___DC () C:\Users\Lewis\AppData\Local\Downloaded Installations
2014-01-26 19:21 - 2009-07-13 21:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-20 19:19
 
==================== End Of Log ============================


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 24 February 2014 - 04:16 PM

Hi,
 
looks better. How is your computer running now? Which problems still persist?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
  • Note: Do not forget to re-enable your antivirus application after running the above scan!


#13 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 February 2014 - 04:38 PM

Wow...so far so good.  Going to do the last part now!  Thanks!!!



#14 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 February 2014 - 04:42 PM

Quick question, may seem silly....

 

How do I know which antivirus software is running?  I have installed so much the last few weeks trying to get this thing working.  I went into the task manager and clicked on the services tab to see, but am unsure if that's correct.  



#15 nomadsam

nomadsam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 24 February 2014 - 10:12 PM

I figured it out...still waiting for the scan to finish...so far 9 threats.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users