Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe again


  • This topic is locked This topic is locked
6 replies to this topic

#1 kniggem

kniggem

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 22 February 2014 - 12:38 AM

I need some help with this one.  There is a post on Feb 13th, 2014 by Greg Staples (member) and I can't reply to the post.

 

http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=new_post&f=22

 

  I have the same issue with a Vista x 64 Home Premium machine.  I have followed all of the steps including the RogueKiller x 64.  All of the steps have been great thus far.

 

I need to know where to proceed from here.  The Windows update service is missing and the MS Fixit tool does not work either to run updates.

 

Can someone help?

 

Thanks in advance!

 

RogueKiller log:

 

RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Lisa Fenske [Admin rights]
Mode : Scan -- Date : 02/21/2014 22:09:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\Lisa Fenske\AppData\Local\Udmedia\OutMapCmds32.dll [-] -> regsvr32.exe KILLED [TermProc]
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\Lisa Fenske\AppData\Local\Udmedia\OutMapCmds32.dll [-] -> regsvr32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Udmedia (regsvr32.exe "C:\Users\Lisa Fenske\AppData\Local\Udmedia\OutMapCmds32.dll" [x][-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-288858502-3419077098-1286135609-1000\[...]\Run : Udmedia (regsvr32.exe "C:\Users\Lisa Fenske\AppData\Local\Udmedia\OutMapCmds32.dll" [x][-]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ][PUM] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume1\Users\Lisa Fenske\AppData\Local\Temp\stpnrbk\stoqdpi\wow.dll [-]) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] Security Center Update - 120211436 : C:\Users\Lisa Fenske\AppData\Roaming\Lootedbi\heirs.exe [x] -> FOUND
[V2][SUSP PATH] Security Center Update - 2358223933 : C:\Users\Lisa Fenske\AppData\Roaming\Idkeum\haakvu.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Users\Lisa Fenske\AppData\Local\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD5000AAKS-65A7B2 +++++
--- User ---
[MBR] 497aa2ae4d4b4ecf7cb88a205f09abd4
[BSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 463414 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949072005 | Size: 13523 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02212014_220944.txt >>

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 22 February 2014 - 02:06 PM

Hi there,

your computer looks badly infected.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by aharonov, 25 February 2014 - 05:08 AM.


#3 kniggem

kniggem
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 22 February 2014 - 09:19 PM

Thank you for the response.  I have Vista Home Premium x 64.  The multiple dllhost.exe has stopped, but I know there are still problems.  I was able to get Windows update to finally run by finding a fix to re-register the dll's. It appears as though this computer has been infected for quite some time (Oct, 2013 is when the last Windows updates were installed). I ran the Farbar x 64 tool last night and again tonight.  It did not create the Addition.txt tonight when I ran it, but it created it last night.

 

Here is the log for FRST from tonight and Addition.txt from last night.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014 01
Ran by Lisa Fenske (administrator) on LISAFENSKE-PC on 22-02-2014 20:08:02
Running from C:\Users\Lisa Fenske\Desktop\MWK Tools
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fortiwf.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCWscD7.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [281600 2008-10-13] (OsdMaestro)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [15853088 2008-10-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [82464 2008-10-15] (NVIDIA Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [OsdMaestro] - c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [281600 2008-10-13] (OsdMaestro)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298616 2013-04-01] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1652736 2010-10-29] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\MountPoints2: {1584b378-27e0-11e1-99c1-00248c9c61a0} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\MountPoints2: {ea622b92-082c-11e0-9cf0-00248c9c61a0} - F:\KODAK_Software_Downloader.exe

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
URLSearchHook: HKLM-x32 - (No Name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
URLSearchHook: HKCU - (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {036BF94E-F84B-48CA-8414-96C7EACB4321} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {3D126962-867B-4768-AFE3-3A192D77719D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {3D126962-867B-4768-AFE3-3A192D77719D} URL =
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKLM-x32 - No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKCU - No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} -  No File
Toolbar: HKCU - No Name - {548F6736-8FE4-4680-82F2-170D6C07E1D2} -  No File
Toolbar: HKCU - No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} -  No File
Toolbar: HKCU - No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lisa Fenske\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (ConduitChromeApi) - C:\Users\Lisa Fenske\AppData\Local\Google\Chrome\User Data\Default\Extensions\miibnaellakajfaoacbheaiigfkiahlb\2.4.0.4_0\js/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Coupon Alert Plugin Stub) - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lisa Fenske\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.2) - C:\Users\Lisa Fenske\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll No File
CHR Plugin: (Move Streaming Media Player) - C:\Users\Lisa Fenske\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Lisa Fenske\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Services (Whitelisted) =================

R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [73746 2012-05-14] (Fortinet Inc.)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" [X]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

==================== Drivers (Whitelisted) ====================

S3 ccHP; C:\Windows\system32\drivers\N360x64\0308030.006\ccHPx64.sys [561800 2011-09-21] (Symantec Corporation)
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [52328 2012-05-14] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [49768 2012-05-14] (Fortinet Inc)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2007-06-18] (LeapFrog)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [23928 2011-09-09] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [126056 2012-05-14] (Fortinet Inc)
R3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [46184 2012-05-14] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [42088 2012-05-14] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-02-04] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2010-01-20] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-10-21] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-21 22:10 - 2014-02-21 22:10 - 00007462 _____ () C:\Users\Lisa Fenske\Desktop\RKreport[0]_D_02212014_221016.txt
2014-02-21 22:09 - 2014-02-21 22:47 - 00005433 _____ () C:\Users\Lisa Fenske\Desktop\RKreport[0]_S_02212014_220944.txt
2014-02-21 22:07 - 2014-02-21 22:07 - 04413952 _____ () C:\Users\Lisa Fenske\Downloads\RogueKillerX64.exe
2014-02-21 22:06 - 2014-02-21 22:10 - 00000000 ____D () C:\Users\Lisa Fenske\Desktop\RK_Quarantine
2014-02-21 22:00 - 2014-02-22 20:08 - 00000000 ____D () C:\FRST
2014-02-20 22:14 - 2014-02-20 22:14 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 22:02 - 2014-02-22 20:08 - 00000000 ____D () C:\Users\Lisa Fenske\Desktop\MWK Tools
2014-02-20 21:52 - 2014-02-20 21:56 - 00000000 ____D () C:\AdwCleaner
2014-02-20 21:45 - 2014-02-20 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-20 21:32 - 2014-02-20 21:32 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 23:13 - 2014-02-19 23:13 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-19 22:08 - 2014-02-04 19:09 - 85946576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2014-02-19 21:45 - 2014-02-19 22:18 - 00001590 _____ () C:\Windows\setupact.log
2014-02-19 21:45 - 2014-02-19 21:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 17:22 - 2014-02-16 17:22 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\Avg2014
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGTDIA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGRKX64.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGLOGA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSHA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSDRIVERA.SYS
2014-02-16 16:10 - 2014-02-16 16:10 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\TuneUp Software
2014-02-16 15:50 - 2014-02-16 16:27 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-16 15:48 - 2014-02-16 15:48 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-16 15:39 - 2014-02-16 17:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-16 15:39 - 2014-02-16 15:39 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\MFAData
2014-02-16 15:34 - 2014-02-16 15:34 - 04462384 _____ (AVG Technologies) C:\Users\Lisa Fenske\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-16 15:28 - 2014-02-16 23:47 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 15:03 - 2014-02-16 16:43 - 00005688 _____ () C:\Windows\PFRO.log
2014-02-16 14:16 - 2014-02-22 20:06 - 00857394 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 10:51 - 2014-02-16 10:51 - 04721920 _____ (Piriform Ltd) C:\Users\Lisa Fenske\Downloads\ccsetup410.exe
2014-02-12 20:53 - 2014-02-16 14:46 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Lootedbi
2014-02-06 09:48 - 2014-02-16 14:46 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Idkeum
2014-01-27 21:58 - 2014-01-27 21:58 - 00000888 _____ () C:\Users\Lisa Fenske\Desktop\Continue VuuPC Installation.lnk
2014-01-27 21:54 - 2014-02-20 21:58 - 00000961 _____ () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-01-27 21:45 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-24 00:40 - 2014-01-25 04:35 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Ylkeal

==================== One Month Modified Files and Folders =======

2014-02-22 20:08 - 2014-02-21 22:00 - 00000000 ____D () C:\FRST
2014-02-22 20:08 - 2014-02-20 22:02 - 00000000 ____D () C:\Users\Lisa Fenske\Desktop\MWK Tools
2014-02-22 20:06 - 2014-02-16 14:16 - 00857394 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 20:02 - 2012-04-10 11:56 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\WeatherBug
2014-02-22 19:49 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-22 19:49 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-22 19:42 - 2010-01-14 16:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-22 19:31 - 2013-02-10 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-22 19:24 - 2011-08-16 18:13 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000UA.job
2014-02-22 19:11 - 2010-01-29 22:24 - 00000414 ____H () C:\Windows\Tasks\Norton Security Scan for Lisa Fenske.job
2014-02-22 13:24 - 2011-08-16 18:13 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000Core.job
2014-02-22 07:56 - 2006-11-02 06:46 - 00703152 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-22 07:50 - 2009-10-20 17:29 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Skype
2014-02-22 07:49 - 2010-01-14 16:16 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-22 07:49 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-22 07:47 - 2006-11-02 09:42 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-22 00:17 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\registration
2014-02-21 22:47 - 2014-02-21 22:09 - 00005433 _____ () C:\Users\Lisa Fenske\Desktop\RKreport[0]_S_02212014_220944.txt
2014-02-21 22:23 - 2009-10-20 17:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-21 22:23 - 2009-10-20 17:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-21 22:10 - 2014-02-21 22:10 - 00007462 _____ () C:\Users\Lisa Fenske\Desktop\RKreport[0]_D_02212014_221016.txt
2014-02-21 22:10 - 2014-02-21 22:06 - 00000000 ____D () C:\Users\Lisa Fenske\Desktop\RK_Quarantine
2014-02-21 22:07 - 2014-02-21 22:07 - 04413952 _____ () C:\Users\Lisa Fenske\Downloads\RogueKillerX64.exe
2014-02-21 16:15 - 2009-07-03 17:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-21 08:47 - 2010-01-14 16:18 - 00001987 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 22:14 - 2014-02-20 22:14 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 22:10 - 2009-06-30 20:56 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\funkitron
2014-02-20 22:09 - 2009-06-27 07:18 - 00000000 ____D () C:\Users\Lisa Fenske
2014-02-20 21:58 - 2014-01-27 21:54 - 00000961 _____ () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-20 21:56 - 2014-02-20 21:52 - 00000000 ____D () C:\AdwCleaner
2014-02-20 21:45 - 2014-02-20 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-20 21:36 - 2013-02-10 13:04 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:35 - 2013-02-10 13:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:35 - 2012-04-10 11:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 21:32 - 2014-02-20 21:32 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 23:13 - 2014-02-19 23:13 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-19 22:18 - 2014-02-19 21:45 - 00001590 _____ () C:\Windows\setupact.log
2014-02-19 21:45 - 2014-02-19 21:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 23:47 - 2014-02-16 15:28 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 21:12 - 2013-11-17 13:04 - 00000358 _____ () C:\Windows\Tasks\HPCeeScheduleForLisa Fenske.job
2014-02-16 17:44 - 2014-02-16 15:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-16 17:22 - 2014-02-16 17:22 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\Avg2014
2014-02-16 16:43 - 2014-02-16 15:03 - 00005688 _____ () C:\Windows\PFRO.log
2014-02-16 16:27 - 2014-02-16 15:50 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGTDIA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGRKX64.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGLOGA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSHA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSDRIVERA.SYS
2014-02-16 16:10 - 2014-02-16 16:10 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\TuneUp Software
2014-02-16 15:50 - 2013-11-17 13:04 - 00003134 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLisa Fenske
2014-02-16 15:48 - 2014-02-16 15:48 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-16 15:39 - 2014-02-16 15:39 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\MFAData
2014-02-16 15:34 - 2014-02-16 15:34 - 04462384 _____ (AVG Technologies) C:\Users\Lisa Fenske\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-16 15:03 - 2009-07-24 19:52 - 00000000 ____D () C:\Program Files\Google
2014-02-16 15:03 - 2009-06-29 05:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-16 14:46 - 2014-02-12 20:53 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Lootedbi
2014-02-16 14:46 - 2014-02-06 09:48 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Idkeum
2014-02-16 10:51 - 2014-02-16 10:51 - 04721920 _____ (Piriform Ltd) C:\Users\Lisa Fenske\Downloads\ccsetup410.exe
2014-02-16 10:51 - 2012-07-24 20:53 - 00000772 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-16 10:51 - 2012-07-24 20:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-16 10:46 - 2009-06-29 05:41 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\Google
2014-02-16 10:46 - 2009-06-29 05:36 - 00000000 ____D () C:\ProgramData\Google
2014-02-16 09:01 - 2009-06-27 07:45 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\PictureMover
2014-02-14 08:47 - 2014-01-01 16:54 - 00050634 _____ () C:\Users\Lisa Fenske\Documents\Babysitting2014.xlsx
2014-02-13 11:15 - 2009-09-10 06:02 - 00008268 _____ () C:\Users\Lisa Fenske\AppData\Local\d3d9caps.dat
2014-02-11 22:37 - 2010-01-14 16:16 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 22:37 - 2010-01-14 16:16 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-04 19:09 - 2014-02-19 22:08 - 85946576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2014-02-04 19:09 - 2006-11-02 06:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-30 10:59 - 2009-06-27 07:27 - 00000000 ___RD () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 07:02 - 2012-07-23 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 07:00 - 2012-07-24 19:46 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-29 07:08 - 2011-04-13 05:27 - 00000000 ____D () C:\Windows\Minidump
2014-01-27 21:58 - 2014-01-27 21:58 - 00000888 _____ () C:\Users\Lisa Fenske\Desktop\Continue VuuPC Installation.lnk
2014-01-27 21:45 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-25 04:35 - 2014-01-24 00:40 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Ylkeal
2014-01-23 00:28 - 2014-01-22 23:02 - 01034494 _____ () C:\Users\Lisa Fenske\Documents\Gatorade.pptx

Alureon:
C:\Users\Lisa Fenske\AppData\Local\Temp\stpnrbk\stoqdpi\wow.dll

Files to move or delete:
====================
C:\Users\Lisa Fenske\jagex_runescape_preferences.dat
C:\Users\Lisa Fenske\jagex_runescape_preferences2.dat

Some content of TEMP:
====================
C:\Users\Lisa Fenske\AppData\Local\Temp\hiinmx.exe
C:\Users\Lisa Fenske\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lisa Fenske\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa Fenske\AppData\Local\Temp\vxxsle.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-22 20:01

==================== End Of Log ============================

 

Additional.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
Ran by Lisa Fenske at 2014-02-21 22:01:54
Running from C:\Users\Lisa Fenske\Desktop\MWK Tools
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: FortiClient Lite AntiVirus (Enabled - Up to date) {385618A6-2256-708E-3FB9-7E98B93F91F9}
AS: FortiClient Lite AntiVirus (Enabled - Up to date) {8337F942-046C-7F00-0509-45EAC2B8DB44}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620 - Adobe Systems, Inc.)
AIM 7 (x32 Version:  - )
Amelie's Cafe (remove only) (x32 Version:  - )
Annas Ice Cream (remove only) (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
Babysitting Mania (remove only) (x32 Version:  - )
Big Fish Games: Game Manager (x32 Version: 3.0.1.60 - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Burger Shop 2 (remove only) (x32 Version:  - )
Cake Mania 2 (remove only) (x32 Version: 3.4.11.14 - )
Cake Mania 2 (x32 Version: 3.4.11.14 - Yahoo) Hidden
Carbonite Online Backup Setup (x32 Version: 3.7.3 - Carbonite Inc.)
CCleaner (Version: 4.10 - Piriform)
Citrix XenApp Plugin for Hosted Apps (x32 Version: 11.0.150.5357 - Citrix Systems, Inc.)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111 - CyberLink Corp.) Hidden
D4300 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
D4300_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Diner Dash (x32 Version:  - PlayFirst)
Diner Dash Flo Through Time (remove only) (x32 Version:  - )
Diner Dash: Flo on the Go (remove only) (x32 Version: 3.3.5.17 - )
Diner Dash: Flo on the Go (x32 Version: 3.3.5.17 - Yahoo) Hidden
DinerTown Detective Agency (remove only) (x32 Version:  - )
DJ_SF_03_D4300_ProductContext (x32 Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Dora Saves the Crystal Kingdom (x32 Version:  - )
Dora Saves the Crystal Kingdom! (x32 Version: 32.0.0.0 - Nick Jr. Arcade)
Dora Saves the Snow Princess (x32 Version: 32.0.0.0 - Nick Jr. Arcade)
Dora the Explorer: Swiper's Big Adventure! (x32 Version:  - )
Dora's Big Birthday Adventure (x32 Version: 32.0.0.0 - Shockwave.com)
Doras Carnival 2: At the Boardwalk (x32 Version:  - )
Doras Carnival Adventure (x32 Version:  - )
Dora's Carnival Adventure (x32 Version: 32.0.0.0 - Nick Jr. Arcade)
Dora's Lost and Found Adventure (x32 Version: 32.0.0.0 - Nick Jr. Arcade)
Enhanced Multimedia Keyboard Solution (x32 Version: 1.0.9.2 - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
FortiClient Lite (Version: 4.3.4.0461 - Fortinet Inc)
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden
Google Chrome (x32 Version: 33.0.1750.117 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Active Support Library (x32 Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2784 - Hewlett-Packard)
HP Customer Participation Program 10.0 (Version: 10.0 - HP)
HP Demo (x32 Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet 2540 series Basic Device Software (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (x32 Version: 30.0.0 - Hewlett Packard)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (x32 Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3 (Version: 10.0 - HP)
HP Games (x32 Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 10.0 (Version: 10.0 - HP)
HP MediaSmart DVD (x32 Version: 2.0.2401 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.0.2401 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2217 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 2.0.8 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (Version: 1.00.012 - Hewlett-Packard)
HP Photo Creations (x32 Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 2.5 (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (x32 Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Recovery Manager RSS (x32 Version: 91.0.0.10 - Hewlet Packard Company) Hidden
HP Smart Web Printing (Version: 3.5 - HP)
HP Solution Center 10.0 (Version: 10.0 - HP)
HP Total Care Advisor (x32 Version: 2.4.5106.2815 - Hewlett-Packard)
HP Total Care Setup (x32 Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (x32 Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (x32 Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (x32 Version: 1.6.0.70 - Sun Microsystems, Inc.)
KODAK Share Button App (x32 Version: 3.01.0000.0000 - Eastman Kodak Company)
LabelPrint (x32 Version: 2.5.0904 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0904 - CyberLink Corp.) Hidden
LeapFrog Connect (x32 Version: 4.2.14.16426 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.14.16426 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.13.16151 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LightScribe System Software (x32 Version: 1.18.3.2 - LightScribe)
LightScribe Template Labeler (x32 Version: 1.14.25.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (x32 Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Monopoly (remove only) (x32 Version: 3.4.7.22 - )
Monopoly (x32 Version: 3.4.7.22 - Yahoo) Hidden
Mplayer 0.6.9 (x32 Version: 0.6.9 - )
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (x32 Version: 7.0.35.8201 - muvee Technologies Pte Ltd)
NVIDIA Drivers (Version:  - )
PictureMover (x32 Version: 3.3.1.7 - Hewlett-Packard Company)
Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2202 - CyberLink Corp.) Hidden
Product Improvement Study for HP Deskjet 2540 series (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5735 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (x32 Version: 1.94 - VS Revo Group)
SCRABBLE Plus (remove only) (x32 Version:  - )
Shop for HP Supplies (Version: 10.0 - HP)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
SmartWebPrintingOC (x32 Version: 100.0.189.000 - Hewlett-Packard) Hidden
Smilebox (HKCU Version:  - )
Snap.Do (x32 Version: 10.206.1.14585 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU Version: 10.206.1.14585 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (x32 Version: 1.00.0000 - Electronic Arts)
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (x32 Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (x32 Version: 4.2.9.15649 - LeapFrog)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WeatherBug (x32 Version: 7.0.0.7 - AWS Convergence Technologies)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Restore Points  =========================

30-01-2014 03:29:36 Scheduled Checkpoint
01-02-2014 00:06:40 Scheduled Checkpoint
02-02-2014 13:02:35 Scheduled Checkpoint
03-02-2014 06:02:55 Scheduled Checkpoint
04-02-2014 06:04:11 Scheduled Checkpoint
05-02-2014 06:06:35 Scheduled Checkpoint
10-02-2014 07:04:35 Scheduled Checkpoint
11-02-2014 06:04:56 Scheduled Checkpoint
12-02-2014 10:14:58 Scheduled Checkpoint
13-02-2014 04:04:05 Scheduled Checkpoint
13-02-2014 22:20:34 Scheduled Checkpoint
16-02-2014 13:59:40 Removed WeatherBug
16-02-2014 21:45:52 Installed AVG 2014
16-02-2014 21:48:48 Installed AVG 2014
16-02-2014 22:20:39 Removed AVG 2014
19-02-2014 06:11:35 Scheduled Checkpoint
20-02-2014 03:37:08 Restore Point before Corrupt Patch Registry keys
21-02-2014 06:45:07 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 06:34 - 2006-09-18 15:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {025F339D-F4E5-42D1-A169-2593652B0DF0} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Lisa Fenske => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {074DDC26-553D-46F4-9FAA-C8695B09998B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] ()
Task: {08D20FEC-ACC4-47FD-9EB7-41B2C64ACDF7} - System32\Tasks\{1233D200-8200-408C-B5B7-18ABA9AD98D8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {09E475F9-F7A6-4460-BD5B-6ADA85CCC8C7} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0D2DD6E6-CFA2-4BE5-B090-98BFFD670A35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {35EDFD9E-42D2-45D8-97F5-1E88E70969F0} - System32\Tasks\{F75D7ADE-277B-4EA8-93A3-F6F99E049BEE} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=-3
Task: {3B0F14C9-A7F7-4CA9-BF99-DDB686FCEA71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {45F7F61D-450C-4CE5-B71F-DFC5C96AE1C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {49E3A2B7-DC7F-4DA8-98C9-C51AA5B57E2F} - System32\Tasks\{4523FCF2-58CE-435F-B03B-61737B46B694} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {603A2B4B-BC0F-4C28-93D0-39EC7CA802F0} - System32\Tasks\{21D39B1A-C174-4672-A959-D9DA0290ADFF} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {6C60036A-CA7D-4F11-8153-881ECDA1982C} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2011-03-07] (Eastman Kodak Company)
Task: {74868FEE-7F7A-4123-B6C3-995BD8D31E12} - System32\Tasks\HPCeeScheduleForLisa Fenske => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {969090B3-CAF7-4D4F-98D6-05018C9A0B6E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000UA => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B4B81158-7EC0-444D-8E5A-B8E8FF46D6E9} - System32\Tasks\Norton Security Scan for Lisa Fenske => C:\PROGRA~2\NORTON~4\Engine\301~1.8\Nss.exe
Task: {B68BB5CD-0608-4A45-9E4A-0B58C296B7B1} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {B6B83861-B7E7-4E65-AC4C-C14A4AB8269F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C40C4058-6227-42DA-A5B1-5EF395157BC0} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {CDB14DD0-526F-4103-BDBF-E7955FFEB3BB} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe
Task: {D7F2DF60-1A36-48A1-A96F-BB14414395D4} - System32\Tasks\Security Center Update - 120211436 => C:\Users\Lisa Fenske\AppData\Roaming\Lootedbi\heirs.exe <==== ATTENTION
Task: {DD7BC377-1E22-493E-808E-4DF5E6116D1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {E1660DE6-93FE-4F04-B66B-5569498437B6} - System32\Tasks\{A6114526-930E-4C6E-8E3B-9E0E8B15DD4C} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.259/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {E3D638DD-0537-421A-9718-289E34E17053} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000Core => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {ED929258-35B3-4356-9BE3-C9C363F21FD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {F1AE839D-889E-41C2-9D7F-3EA9B1C30F41} - System32\Tasks\{E20E6FFA-54F1-4A19-97C1-AE48AEBE4AE8} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {F7866213-8E1D-4427-85FB-AAC811A91BDF} - System32\Tasks\{2683F328-DE43-4511-974D-AFA6CBD7B1B6} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.259/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {F8E37C03-5C12-4BB0-96E0-B4DD0E2864F2} - System32\Tasks\Security Center Update - 2358223933 => C:\Users\Lisa Fenske\AppData\Roaming\Idkeum\haakvu.exe <==== ATTENTION
Task: {FCABB909-0789-480E-AF04-0BC1133CDE43} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000Core.job => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000UA.job => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLisa Fenske.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for Lisa Fenske.job => C:\PROGRA~2\NORTON~4\Engine\301~1.8\Nss.exe

==================== Loaded Modules (whitelisted) =============

2012-05-14 13:48 - 2012-05-14 13:48 - 00323584 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2013-11-19 06:24 - 2013-11-19 06:24 - 00020992 _____ () C:\Users\Lisa Fenske\AppData\Local\Udmedia\OutMapCmds32.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00057344 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-17 10:39 - 2008-10-17 10:39 - 00032768 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00118784 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-12-03 07:02 - 2009-04-11 00:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00010240 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:114BD271
AlternateDataStreams: C:\ProgramData\Temp:773DA865
AlternateDataStreams: C:\ProgramData\Temp:8BE2CBE9
AlternateDataStreams: C:\ProgramData\Temp:8DA0EB21
AlternateDataStreams: C:\ProgramData\Temp:CD6E25A6
AlternateDataStreams: C:\ProgramData\Temp:CF31AEF5
AlternateDataStreams: C:\ProgramData\Temp:CF75D88F
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:F65D490F
AlternateDataStreams: C:\ProgramData\Temp:FE29FBBF

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12429333.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12429333.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KBD => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 09:18:38 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x10b4, application start time 0xrundll32.exe0.

Error: (02/21/2014 09:12:12 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x17cc, application start time 0xrundll32.exe0.

Error: (02/21/2014 07:49:51 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x1470, application start time 0xrundll32.exe0.

Error: (02/21/2014 07:47:43 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x2310, application start time 0xrundll32.exe0.

Error: (02/21/2014 07:34:40 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x25cc, application start time 0xrundll32.exe0.

Error: (02/21/2014 04:14:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\3E9E661.RBF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (02/21/2014 10:47:16 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0xfb8, application start time 0xrundll32.exe0.

Error: (02/21/2014 08:03:17 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x2a00, application start time 0xrundll32.exe0.

Error: (02/21/2014 06:47:53 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x14cc, application start time 0xrundll32.exe0.

Error: (02/21/2014 06:39:20 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065cd44, exception code 0x0eedfade, fault offset 0x0001d8cb,
process id 0x1248, application start time 0xrundll32.exe0.

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/08/2011 07:29:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 557 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-02-21 22:01:25.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-21 22:01:24.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-21 22:01:24.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-21 22:01:24.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-16 14:04:52.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-16 14:04:52.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-16 14:04:52.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-16 14:04:52.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-16 14:04:52.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-16 14:04:51.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 4094.33 MB
Available physical RAM: 2620.29 MB
Total Pagefile: 8399.94 MB
Available Pagefile: 6737.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:452.55 GB) (Free:277.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.21 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (WD Passport) (Fixed) (Total:111.76 GB) (Free:39.74 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 112 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=112 GB) - (Type=0C)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 23 February 2014 - 08:51 AM

Your computer is still infected.


Step 1

Please download Combofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
Reboot your computer afterwards.



Step 2

Start FRST with administator privileges.

  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#5 kniggem

kniggem
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 23 February 2014 - 02:57 PM

Ok, I have run the ComboFix and the FRST as instructed.

 

ComboFox Log:

 

ComboFix 14-02-23.01 - Lisa Fenske 02/23/2014  12:12:31.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4094.2459 [GMT -6:00]
Running from: c:\users\Lisa Fenske\Desktop\MWK Tools\ComboFix.exe
AV: FortiClient AntiVirus *Disabled/Outdated* {385618A6-2256-708E-3FB9-7E98B93F91F9}
SP: FortiClient AntiVirus *Disabled/Outdated* {8337F942-046C-7F00-0509-45EAC2B8DB44}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-23 to 2014-02-23  )))))))))))))))))))))))))))))))
.
.
2014-02-23 18:27 . 2014-02-23 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-23 18:04 . 2014-02-23 18:08 -------- d-----w- c:\windows\LastGood
2014-02-23 18:02 . 2011-03-21 18:54 16928 ----a-w- c:\windows\system32\drivers\ftvnic.sys
2014-02-23 17:58 . 2014-02-23 17:58 512000 ----a-w- c:\windows\system32\DIFxAPI.dll
2014-02-23 17:58 . 2014-02-23 17:58 -------- d-----w- c:\program files\Common Files\Fortinet
2014-02-23 12:47 . 2014-02-23 12:47 -------- d-----w- C:\NVIDIA
2014-02-23 12:22 . 2014-02-23 12:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06A91F96-D21F-4BF0-80FA-AADC13C8B0B7}\offreg.dll
2014-02-23 12:06 . 2014-02-23 12:06 -------- d-----w- c:\users\Lisa Fenske\AppData\Local\Avg2014
2014-02-23 09:23 . 2014-02-17 07:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06A91F96-D21F-4BF0-80FA-AADC13C8B0B7}\mpengine.dll
2014-02-23 04:01 . 2014-02-23 04:01 -------- d-----w- c:\windows\Migration
2014-02-23 03:51 . 2014-02-23 03:51 -------- d-----w- c:\program files (x86)\AVG
2014-02-23 03:50 . 2014-02-23 03:50 -------- d-----w- c:\users\UpdatusUser
2014-02-23 03:50 . 2014-02-23 03:50 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2014-02-23 03:49 . 2012-03-06 22:44 63296 ----a-w- c:\windows\system32\nvshext.dll
2014-02-23 03:49 . 2012-03-06 22:44 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2014-02-23 03:48 . 2012-03-07 07:08 68928 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-23 03:48 . 2012-03-07 07:08 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-23 03:47 . 2014-02-23 03:47 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-02-23 03:43 . 2014-02-23 03:50 -------- d-----w- c:\program files\NVIDIA Corporation
2014-02-22 14:07 . 2013-10-30 04:34 374784 ----a-w- c:\windows\system32\SysFxUI.dll
2014-02-22 14:07 . 2013-10-30 03:55 122368 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-02-22 14:07 . 2013-10-30 02:33 218112 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-02-22 13:44 . 2013-10-11 04:27 144384 ----a-w- c:\windows\system32\wshom.ocx
2014-02-22 04:00 . 2014-02-23 17:51 -------- d-----w- C:\FRST
2014-02-21 04:14 . 2014-02-21 04:14 -------- d-----w- c:\windows\ERUNT
2014-02-21 03:52 . 2014-02-21 03:56 -------- d-----w- C:\AdwCleaner
2014-02-21 03:45 . 2014-02-21 03:45 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-21 03:32 . 2014-02-21 03:32 8835464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-20 05:13 . 2014-02-20 05:13 -------- d-----w- c:\programdata\WindowsSearch
2014-02-18 05:14 . 2014-02-23 03:57 -------- d-----w- c:\users\Lisa Fenske\AppData\Local\ElevatedDiagnostics
2014-02-16 22:19 . 2014-02-16 22:19 0 ----a-w- c:\windows\SysWow64\drivers\AVGTDIA.SYS
2014-02-16 22:19 . 2014-02-16 22:19 0 ----a-w- c:\windows\SysWow64\drivers\AVGRKX64.SYS
2014-02-16 22:19 . 2014-02-16 22:19 0 ----a-w- c:\windows\SysWow64\drivers\AVGLOGA.SYS
2014-02-16 22:19 . 2014-02-16 22:19 0 ----a-w- c:\windows\SysWow64\drivers\AVGIDSHA.SYS
2014-02-16 22:19 . 2014-02-16 22:19 0 ----a-w- c:\windows\SysWow64\drivers\AVGIDSDRIVERA.SYS
2014-02-16 22:10 . 2014-02-16 22:10 -------- d-----w- c:\users\Lisa Fenske\AppData\Roaming\TuneUp Software
2014-02-16 21:39 . 2014-02-23 03:52 -------- d-----w- c:\programdata\MFAData
2014-02-16 21:39 . 2014-02-16 21:39 -------- d--h--w- c:\programdata\Common Files
2014-02-16 21:39 . 2014-02-16 21:39 -------- d-----w- c:\users\Lisa Fenske\AppData\Local\MFAData
2014-02-16 21:28 . 2014-02-17 05:47 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2014-02-13 02:53 . 2014-02-16 20:46 -------- d-----w- c:\users\Lisa Fenske\AppData\Roaming\Lootedbi
2014-02-06 15:48 . 2014-02-16 20:46 -------- d-----w- c:\users\Lisa Fenske\AppData\Roaming\Idkeum
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 03:35 . 2013-02-10 19:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 03:35 . 2012-04-10 17:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 01:09 . 2006-11-02 12:35 88567024 ----a-w- c:\windows\system32\mrt.exe
2013-12-18 12:13 . 2011-03-22 14:02 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-07-12 07:55 . 2013-07-12 07:55 4188160 ----a-w- c:\program files (x86)\GUT74A8.tmp
2011-05-14 23:05 . 2012-07-25 01:59 702464 ----a-w- c:\program files (x86)\Uninstall Coupon Alert.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2008-10-13 281600]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-04-01 298616]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2013-08-20 287792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FORTIAPD
*NewlyCreated* - FORTIFW
*NewlyCreated* - MDAREDRIVER_43
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 14:44 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 03:35]
.
2014-02-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000Core.job
- c:\users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:19]
.
2014-02-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000UA.job
- c:\users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:19]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-14 22:16]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-14 22:16]
.
2014-02-17 c:\windows\Tasks\HPCeeScheduleForLisa Fenske.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-06-22 18:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2008-10-13 281600]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{548F6736-8FE4-4680-82F2-170D6C07E1D2} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-02-23  12:29:51
ComboFix-quarantined-files.txt  2014-02-23 18:29
ComboFix2.txt  2014-02-23 13:59
.
Pre-Run: 288,886,878,208 bytes free
Post-Run: 288,802,254,848 bytes free
.
- - End Of File - - 0AA4C0C78D3C72EC9D806EF51509D507
03BA8F890B47C0BE359A4D5A636D214D

 

 

FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 01
Ran by Lisa Fenske (administrator) on LISAFENSKE-PC on 23-02-2014 13:22:30
Running from C:\Users\Lisa Fenske\Desktop\MWK Tools
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\system32\DrvInst.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OsdMaestro] - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [281600 2008-10-13] (OsdMaestro)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [OsdMaestro] - c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [281600 2008-10-13] (OsdMaestro)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298616 2013-04-01] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [MFARestart] - C:\ProgramData\MFAData\pack\avgrunasx.exe [287792 2013-08-20] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1652736 2010-10-29] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-288858502-3419077098-1286135609-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
URLSearchHook: HKLM-x32 - (No Name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {036BF94E-F84B-48CA-8414-96C7EACB4321} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {3D126962-867B-4768-AFE3-3A192D77719D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {3D126962-867B-4768-AFE3-3A192D77719D} URL =
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKLM-x32 - No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {548F6736-8FE4-4680-82F2-170D6C07E1D2} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lisa Fenske\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (ConduitChromeApi) - C:\Users\Lisa Fenske\AppData\Local\Google\Chrome\User Data\Default\Extensions\miibnaellakajfaoacbheaiigfkiahlb\2.4.0.4_0\js/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Coupon Alert Plugin Stub) - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lisa Fenske\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.2) - C:\Users\Lisa Fenske\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll No File
CHR Plugin: (Move Streaming Media Player) - C:\Users\Lisa Fenske\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Lisa Fenske\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Services (Whitelisted) =================

U2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [98322 2013-11-27] (Fortinet Inc.)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" [X]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

==================== Drivers (Whitelisted) ====================

S1 Beep; No ImagePath
S3 ccHP; C:\Windows\system32\drivers\N360x64\0308030.006\ccHPx64.sys [561800 2011-09-21] (Symantec Corporation)
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [56032 2013-11-27] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [50912 2013-11-27] (Fortinet Inc)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2007-06-18] (LeapFrog)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [16096 2013-11-27] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37600 2013-11-27] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [12512 2013-11-27] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [127712 2013-11-27] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [47328 2013-11-27] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [56544 2013-11-27] (Fortinet Inc)
S3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [27872 2013-11-27] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
S3 mdareDriver_43; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [90848 2014-02-23] (Fortinet Inc.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-02-04] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2010-01-20] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-10-21] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-23 13:24 - 2014-02-23 13:24 - 00000000 ____D () C:\Windows\LastGood
2014-02-23 12:29 - 2014-02-23 12:29 - 00015960 _____ () C:\ComboFix.txt
2014-02-23 12:02 - 2011-03-21 12:54 - 00016928 _____ (Fortinet Inc.) C:\Windows\system32\Drivers\ftvnic.sys
2014-02-23 11:58 - 2014-02-23 13:17 - 00001907 _____ () C:\Users\Public\Desktop\FortiClient.lnk
2014-02-23 11:58 - 2014-02-23 11:58 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2014-02-23 11:58 - 2014-02-23 11:58 - 00000000 ____D () C:\Program Files\Common Files\Fortinet
2014-02-23 06:57 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-23 06:57 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-23 06:57 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-23 06:57 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-23 06:57 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-23 06:57 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-23 06:57 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-23 06:57 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-23 06:56 - 2014-02-23 12:29 - 00000000 ____D () C:\Qoobox
2014-02-23 06:55 - 2014-02-23 07:53 - 00000000 ____D () C:\Windows\erdnt
2014-02-23 06:47 - 2014-02-23 06:47 - 00000000 ____D () C:\NVIDIA
2014-02-23 06:43 - 2014-02-23 06:47 - 232660160 _____ (NVIDIA Corporation) C:\Users\Lisa Fenske\Downloads\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-02-23 06:06 - 2014-02-23 06:06 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\Avg2014
2014-02-22 21:51 - 2014-02-22 21:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-22 21:50 - 2014-02-22 21:50 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-22 21:50 - 2014-02-22 21:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-22 21:50 - 2009-06-30 02:01 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2014-02-22 21:50 - 2009-06-22 12:33 - 00001338 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2014-02-22 21:50 - 2008-01-20 21:20 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-22 21:50 - 2008-01-20 21:20 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-22 21:49 - 2012-03-06 16:44 - 02561856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-22 21:49 - 2012-03-06 16:44 - 00063296 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-22 21:48 - 2012-03-07 01:08 - 00068928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-22 21:48 - 2012-03-07 01:08 - 00061248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-22 21:47 - 2014-02-22 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-22 21:43 - 2014-02-22 21:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-22 20:52 - 2014-02-05 04:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-22 20:52 - 2014-02-05 04:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-22 20:52 - 2014-02-05 04:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-22 20:52 - 2014-02-05 03:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-22 20:52 - 2014-02-05 03:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-22 20:52 - 2014-02-05 03:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-22 20:52 - 2014-02-05 03:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-22 20:52 - 2014-02-05 03:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-22 20:52 - 2014-02-05 03:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-22 20:52 - 2014-02-05 03:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-22 20:52 - 2014-02-05 03:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-22 20:52 - 2014-02-05 03:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-22 20:52 - 2014-02-05 03:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-22 20:52 - 2014-02-05 03:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-22 20:52 - 2014-02-05 03:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-22 20:52 - 2014-02-05 03:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-22 20:52 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-22 20:52 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-22 20:52 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-22 20:52 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-22 20:52 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-22 20:52 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-22 20:52 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-22 20:52 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-22 20:52 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-22 20:52 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-22 20:52 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-22 20:52 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-22 20:52 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-22 20:52 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-22 20:52 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-22 20:52 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-22 20:40 - 2014-02-22 20:40 - 04462384 _____ (AVG Technologies) C:\Users\Lisa Fenske\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-22 08:07 - 2013-10-29 22:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-02-22 08:07 - 2013-10-29 21:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-22 08:07 - 2013-10-29 20:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-22 07:45 - 2013-12-04 22:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-22 07:45 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-22 07:45 - 2013-10-29 20:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-22 07:45 - 2013-10-10 22:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-22 07:45 - 2013-10-10 22:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-22 07:45 - 2013-10-10 20:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF
2014-02-22 07:45 - 2013-10-10 20:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-22 07:45 - 2013-10-03 09:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-22 07:45 - 2013-10-03 06:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-02-22 07:45 - 2013-08-26 21:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-02-22 07:45 - 2013-08-26 21:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-02-22 07:45 - 2013-08-26 21:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-02-22 07:45 - 2013-08-26 21:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-02-22 07:45 - 2013-08-26 20:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-02-22 07:45 - 2013-08-26 20:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-02-22 07:45 - 2013-08-26 20:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-02-22 07:45 - 2013-08-26 20:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-02-22 07:45 - 2013-08-26 20:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-22 07:45 - 2013-08-26 20:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-02-22 07:45 - 2013-08-26 20:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-22 07:45 - 2013-08-26 20:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-22 07:45 - 2013-08-26 20:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-02-22 07:45 - 2013-08-26 19:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-22 07:45 - 2013-08-26 19:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-02-22 07:45 - 2013-08-26 19:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-22 07:45 - 2013-08-26 19:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-02-22 07:45 - 2013-07-31 22:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-22 07:45 - 2013-07-31 21:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-02-22 07:45 - 2013-07-12 03:19 - 00099200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-02-22 07:45 - 2013-07-02 20:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-02-22 07:45 - 2013-07-02 20:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-02-22 07:45 - 2013-06-03 22:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-22 07:45 - 2013-06-03 22:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-02-22 07:45 - 2013-06-03 20:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-22 07:45 - 2013-06-03 19:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-02-22 07:44 - 2013-10-22 03:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-22 07:44 - 2013-10-22 01:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-22 07:44 - 2013-10-10 22:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-22 07:44 - 2013-10-10 22:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-22 07:44 - 2013-10-10 20:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-22 07:44 - 2013-10-10 20:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-22 07:44 - 2013-10-10 20:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-22 07:44 - 2013-10-10 20:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-02-22 07:44 - 2013-10-10 20:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-02-22 07:44 - 2013-10-10 18:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-02-22 07:44 - 2013-10-10 18:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-22 07:44 - 2013-10-03 09:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-22 07:44 - 2013-10-03 06:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-22 07:44 - 2013-09-03 20:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-22 07:44 - 2013-07-20 04:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-22 07:44 - 2013-07-20 04:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-02-22 07:44 - 2013-07-03 22:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-02-22 07:44 - 2013-07-03 22:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-22 07:44 - 2013-06-28 20:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-22 07:44 - 2013-06-28 20:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-22 07:44 - 2013-06-28 20:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-22 07:44 - 2013-06-28 20:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-22 07:44 - 2013-06-26 17:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-22 07:44 - 2011-05-05 08:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-22 07:44 - 2011-05-05 08:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-21 22:00 - 2014-02-23 13:22 - 00000000 ____D () C:\FRST
2014-02-20 22:14 - 2014-02-20 22:14 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 22:02 - 2014-02-23 13:22 - 00000000 ____D () C:\Users\Lisa Fenske\Desktop\MWK Tools
2014-02-20 21:52 - 2014-02-20 21:56 - 00000000 ____D () C:\AdwCleaner
2014-02-20 21:45 - 2014-02-20 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-20 21:32 - 2014-02-20 21:32 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 23:13 - 2014-02-19 23:13 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-19 22:08 - 2014-02-04 19:09 - 85946576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2014-02-19 21:45 - 2014-02-19 22:18 - 00001590 _____ () C:\Windows\setupact.log
2014-02-19 21:45 - 2014-02-19 21:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGTDIA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGRKX64.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGLOGA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSHA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSDRIVERA.SYS
2014-02-16 16:10 - 2014-02-16 16:10 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\TuneUp Software
2014-02-16 15:39 - 2014-02-22 21:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-16 15:39 - 2014-02-16 15:39 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\MFAData
2014-02-16 15:28 - 2014-02-16 23:47 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 15:03 - 2014-02-23 13:19 - 00064264 _____ () C:\Windows\PFRO.log
2014-02-16 14:16 - 2014-02-23 13:18 - 01158635 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 10:51 - 2014-02-16 10:51 - 04721920 _____ (Piriform Ltd) C:\Users\Lisa Fenske\Downloads\ccsetup410.exe
2014-02-12 20:53 - 2014-02-16 14:46 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Lootedbi
2014-02-06 09:48 - 2014-02-16 14:46 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Idkeum
2014-01-27 21:54 - 2014-02-20 21:58 - 00000961 _____ () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-01-27 21:45 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-24 00:40 - 2014-01-25 04:35 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Ylkeal

==================== One Month Modified Files and Folders =======

2014-02-23 13:24 - 2014-02-23 13:24 - 00000000 ____D () C:\Windows\LastGood
2014-02-23 13:24 - 2011-08-16 18:13 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000UA.job
2014-02-23 13:24 - 2011-08-16 18:13 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000Core.job
2014-02-23 13:22 - 2014-02-21 22:00 - 00000000 ____D () C:\FRST
2014-02-23 13:22 - 2014-02-20 22:02 - 00000000 ____D () C:\Users\Lisa Fenske\Desktop\MWK Tools
2014-02-23 13:22 - 2009-10-19 23:31 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-23 13:20 - 2010-01-14 16:16 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 13:19 - 2014-02-16 15:03 - 00064264 _____ () C:\Windows\PFRO.log
2014-02-23 13:19 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 13:19 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 13:19 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 13:18 - 2014-02-16 14:16 - 01158635 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 13:18 - 2006-11-02 09:42 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-23 13:17 - 2014-02-23 11:58 - 00001907 _____ () C:\Users\Public\Desktop\FortiClient.lnk
2014-02-23 12:42 - 2010-01-14 16:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 12:31 - 2013-02-10 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 12:29 - 2014-02-23 12:29 - 00015960 _____ () C:\ComboFix.txt
2014-02-23 12:29 - 2014-02-23 06:56 - 00000000 ____D () C:\Qoobox
2014-02-23 12:27 - 2006-11-02 06:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-23 12:09 - 2006-11-02 06:46 - 00759218 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 11:58 - 2014-02-23 11:58 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2014-02-23 11:58 - 2014-02-23 11:58 - 00000000 ____D () C:\Program Files\Common Files\Fortinet
2014-02-23 08:00 - 2006-11-02 07:33 - 00000000 __RHD () C:\Users\Default
2014-02-23 07:53 - 2014-02-23 06:55 - 00000000 ____D () C:\Windows\erdnt
2014-02-23 07:46 - 2009-10-20 17:29 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Skype
2014-02-23 06:47 - 2014-02-23 06:47 - 00000000 ____D () C:\NVIDIA
2014-02-23 06:47 - 2014-02-23 06:43 - 232660160 _____ (NVIDIA Corporation) C:\Users\Lisa Fenske\Downloads\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-02-23 06:22 - 2009-06-22 12:51 - 00000000 ____D () C:\Program Files (x86)\SMINST
2014-02-23 06:08 - 2009-10-20 17:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-23 06:07 - 2009-10-20 17:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-23 06:06 - 2014-02-23 06:06 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\Avg2014
2014-02-23 03:18 - 2009-06-22 12:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-23 00:15 - 2009-06-30 20:56 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\funkitron
2014-02-22 22:05 - 2011-03-21 07:25 - 00748986 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-22 21:52 - 2014-02-16 15:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-22 21:51 - 2014-02-22 21:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-22 21:50 - 2014-02-22 21:50 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-02-22 21:50 - 2014-02-22 21:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-22 21:50 - 2014-02-22 21:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-22 21:49 - 2009-06-22 12:06 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-02-22 21:47 - 2014-02-22 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-22 21:39 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\rescache
2014-02-22 21:18 - 2009-06-22 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-22 21:18 - 2006-11-02 09:21 - 00302440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-22 20:54 - 2009-06-22 12:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-22 20:40 - 2014-02-22 20:40 - 04462384 _____ (AVG Technologies) C:\Users\Lisa Fenske\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-22 20:02 - 2012-04-10 11:56 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\WeatherBug
2014-02-22 00:17 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\registration
2014-02-21 16:15 - 2009-07-03 17:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-21 08:47 - 2010-01-14 16:18 - 00001987 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 22:14 - 2014-02-20 22:14 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 22:09 - 2009-06-27 07:18 - 00000000 ____D () C:\Users\Lisa Fenske
2014-02-20 21:58 - 2014-01-27 21:54 - 00000961 _____ () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-20 21:56 - 2014-02-20 21:52 - 00000000 ____D () C:\AdwCleaner
2014-02-20 21:45 - 2014-02-20 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-20 21:36 - 2013-02-10 13:04 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:35 - 2013-02-10 13:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:35 - 2012-04-10 11:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 21:32 - 2014-02-20 21:32 - 08835464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 23:13 - 2014-02-19 23:13 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-19 22:18 - 2014-02-19 21:45 - 00001590 _____ () C:\Windows\setupact.log
2014-02-19 21:45 - 2014-02-19 21:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 23:47 - 2014-02-16 15:28 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-16 21:12 - 2013-11-17 13:04 - 00000358 _____ () C:\Windows\Tasks\HPCeeScheduleForLisa Fenske.job
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGTDIA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGRKX64.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGLOGA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSHA.SYS
2014-02-16 16:19 - 2014-02-16 16:19 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\AVGIDSDRIVERA.SYS
2014-02-16 16:10 - 2014-02-16 16:10 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\TuneUp Software
2014-02-16 15:50 - 2013-11-17 13:04 - 00003134 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLisa Fenske
2014-02-16 15:39 - 2014-02-16 15:39 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\MFAData
2014-02-16 15:03 - 2009-07-24 19:52 - 00000000 ____D () C:\Program Files\Google
2014-02-16 15:03 - 2009-06-29 05:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-16 14:46 - 2014-02-12 20:53 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Lootedbi
2014-02-16 14:46 - 2014-02-06 09:48 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Idkeum
2014-02-16 10:51 - 2014-02-16 10:51 - 04721920 _____ (Piriform Ltd) C:\Users\Lisa Fenske\Downloads\ccsetup410.exe
2014-02-16 10:51 - 2012-07-24 20:53 - 00000772 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-16 10:51 - 2012-07-24 20:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-16 10:46 - 2009-06-29 05:41 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Local\Google
2014-02-16 10:46 - 2009-06-29 05:36 - 00000000 ____D () C:\ProgramData\Google
2014-02-16 09:01 - 2009-06-27 07:45 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\PictureMover
2014-02-14 08:47 - 2014-01-01 16:54 - 00050634 _____ () C:\Users\Lisa Fenske\Documents\Babysitting2014.xlsx
2014-02-13 11:15 - 2009-09-10 06:02 - 00008268 _____ () C:\Users\Lisa Fenske\AppData\Local\d3d9caps.dat
2014-02-11 22:37 - 2010-01-14 16:16 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 22:37 - 2010-01-14 16:16 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-05 04:19 - 2014-02-22 20:52 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 04:02 - 2014-02-22 20:52 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 04:00 - 2014-02-22 20:52 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:54 - 2014-02-22 20:52 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:54 - 2014-02-22 20:52 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:52 - 2014-02-22 20:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:52 - 2014-02-22 20:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:52 - 2014-02-22 20:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:51 - 2014-02-22 20:52 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:51 - 2014-02-22 20:52 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:51 - 2014-02-22 20:52 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:51 - 2014-02-22 20:52 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:51 - 2014-02-22 20:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:50 - 2014-02-22 20:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:50 - 2014-02-22 20:52 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 03:50 - 2014-02-22 20:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:58 - 2014-02-22 20:52 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 02:56 - 2014-02-22 20:52 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 02:53 - 2014-02-22 20:52 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 02:51 - 2014-02-22 20:52 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 02:50 - 2014-02-22 20:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 02:49 - 2014-02-22 20:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 02:49 - 2014-02-22 20:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 02:48 - 2014-02-22 20:52 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 02:48 - 2014-02-22 20:52 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 02:48 - 2014-02-22 20:52 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 02:48 - 2014-02-22 20:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 02:48 - 2014-02-22 20:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 02:47 - 2014-02-22 20:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 02:47 - 2014-02-22 20:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 02:47 - 2014-02-22 20:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 02:46 - 2014-02-22 20:52 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 19:09 - 2014-02-19 22:08 - 85946576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2014-02-04 19:09 - 2006-11-02 06:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-30 10:59 - 2009-06-27 07:27 - 00000000 ___RD () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 07:02 - 2012-07-23 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 07:00 - 2012-07-24 19:46 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-29 07:08 - 2011-04-13 05:27 - 00000000 ____D () C:\Windows\Minidump
2014-01-27 21:45 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-25 04:35 - 2014-01-24 00:40 - 00000000 ____D () C:\Users\Lisa Fenske\AppData\Roaming\Ylkeal

Files to move or delete:
====================
C:\Users\Lisa Fenske\jagex_runescape_preferences.dat
C:\Users\Lisa Fenske\jagex_runescape_preferences2.dat

Some content of TEMP:
====================
C:\Users\Lisa Fenske\AppData\Local\Temp\fasle.dll
C:\Users\Lisa Fenske\AppData\Local\Temp\libav.dll
C:\Users\Lisa Fenske\AppData\Local\Temp\mdare.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

Additional.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2014 01
Ran by Lisa Fenske at 2014-02-23 11:49:04
Running from C:\Users\Lisa Fenske\Desktop\MWK Tools
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: FortiClient Lite AntiVirus (Enabled - Up to date) {385618A6-2256-708E-3FB9-7E98B93F91F9}
AS: FortiClient Lite AntiVirus (Enabled - Up to date) {8337F942-046C-7F00-0509-45EAC2B8DB44}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Amelie's Cafe (remove only) (HKLM-x32\...\Amelie's Cafe) (Version:  - )
Annas Ice Cream (remove only) (HKLM-x32\...\Annas Ice Cream) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
Babysitting Mania (remove only) (HKLM-x32\...\Babysitting Mania) (Version:  - )
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Burger Shop 2 (remove only) (HKLM-x32\...\Burger Shop 2) (Version:  - )
Cake Mania 2 (remove only) (HKLM-x32\...\Cake Mania 2) (Version: 3.4.11.14 - )
Cake Mania 2 (x32 Version: 3.4.11.14 - Yahoo) Hidden
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.7.3 - Carbonite Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Citrix XenApp Plugin for Hosted Apps (HKLM-x32\...\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111 - CyberLink Corp.) Hidden
D4300 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
D4300_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Diner Dash (HKLM-x32\...\Diner Dash_is1) (Version:  - PlayFirst)
Diner Dash Flo Through Time (remove only) (HKLM-x32\...\Diner Dash Flo Through Time) (Version:  - )
Diner Dash: Flo on the Go (remove only) (HKLM-x32\...\Diner Dash: Flo on the Go) (Version: 3.3.5.17 - )
Diner Dash: Flo on the Go (x32 Version: 3.3.5.17 - Yahoo) Hidden
DinerTown Detective Agency (remove only) (HKLM-x32\...\DinerTown Detective Agency) (Version:  - )
DJ_SF_03_D4300_ProductContext (x32 Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Dora Saves the Crystal Kingdom (HKLM-x32\...\BFG-Dora Saves the Crystal Kingdom) (Version:  - )
Dora Saves the Crystal Kingdom! (HKLM-x32\...\Dora Saves the Crystal Kingdom!) (Version: 32.0.0.0 - Nick Jr. Arcade)
Dora Saves the Snow Princess (HKLM-x32\...\Dora Saves the Snow Princess) (Version: 32.0.0.0 - Nick Jr. Arcade)
Dora the Explorer: Swiper's Big Adventure! (HKLM-x32\...\BFG-Dora the Explorer - Swiper's Big Adventure!) (Version:  - )
Dora's Big Birthday Adventure (HKLM-x32\...\Dora's Big Birthday Adventure) (Version: 32.0.0.0 - Shockwave.com)
Doras Carnival 2: At the Boardwalk (HKLM-x32\...\BFG-Doras Carnival 2 - At the Boardwalk) (Version:  - )
Doras Carnival Adventure (HKLM-x32\...\BFG-Doras Carnival Adventure) (Version:  - )
Dora's Carnival Adventure (HKLM-x32\...\Dora's Carnival Adventure) (Version: 32.0.0.0 - Nick Jr. Arcade)
Dora's Lost and Found Adventure (HKLM-x32\...\Dora's Lost and Found Adventure) (Version: 32.0.0.0 - Nick Jr. Arcade)
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FortiClient Lite (HKLM\...\{70BF7717-7EE0-4B38-8AB9-60AE1192CB86}) (Version: 4.3.4.0461 - Fortinet Inc)
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Demo (HKLM-x32\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3 (HKLM\...\{387D9916-BD27-480f-8CF0-3228832BBAA2}) (Version: 10.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2401 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.0.2401 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2217 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: 1.00.012 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (x32 Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Recovery Manager RSS (x32 Version: 91.0.0.10 - Hewlet Packard Company) Hidden
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
KODAK Share Button App (HKLM-x32\...\{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}) (Version: 3.01.0000.0000 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0904 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0904 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.14.16426 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.14.16426 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.13.16151 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{5BD0CB24-11AF-4BA8-A198-38D25257C656}) (Version: 1.14.25.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Monopoly (remove only) (HKLM-x32\...\Monopoly) (Version: 3.4.7.22 - )
Monopoly (x32 Version: 3.4.7.22 - Yahoo) Hidden
Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.8201 - muvee Technologies Pte Ltd)
NVIDIA Control Panel 296.19 (Version: 296.19 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 296.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.19 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2202 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2202 - CyberLink Corp.) Hidden
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SCRABBLE Plus (remove only) (HKLM-x32\...\SCRABBLE Plus) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrintingOC (x32 Version: 100.0.189.000 - Hewlett-Packard) Hidden
Smilebox (HKCU\...\Smilebox) (Version:  - )
Snap.Do (HKLM-x32\...\{C8677C55-B0A2-478C-AC34-7BE762BA6C99}) (Version: 10.206.1.14585 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{58b607d7-aa3c-41e7-99d8-9aa0f5b85134}) (Version: 10.206.1.14585 - ReSoft Ltd.) <==== ATTENTION
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.7 - AWS Convergence Technologies)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Restore Points  =========================

03-02-2014 06:02:55 Scheduled Checkpoint
04-02-2014 06:04:11 Scheduled Checkpoint
05-02-2014 06:06:35 Scheduled Checkpoint
10-02-2014 07:04:35 Scheduled Checkpoint
11-02-2014 06:04:56 Scheduled Checkpoint
12-02-2014 10:14:58 Scheduled Checkpoint
13-02-2014 04:04:05 Scheduled Checkpoint
13-02-2014 22:20:34 Scheduled Checkpoint
16-02-2014 13:59:40 Removed WeatherBug
16-02-2014 21:45:52 Installed AVG 2014
16-02-2014 21:48:48 Installed AVG 2014
16-02-2014 22:20:39 Removed AVG 2014
19-02-2014 06:11:35 Scheduled Checkpoint
20-02-2014 03:37:08 Restore Point before Corrupt Patch Registry keys
21-02-2014 06:45:07 Scheduled Checkpoint
22-02-2014 04:17:31 Removed Skype Click to Call
22-02-2014 04:21:55 Removed Skype Click to Call
22-02-2014 06:18:42 Installed Microsoft Fix it 50981
22-02-2014 06:22:29 Windows Update
22-02-2014 13:09:50 Windows Update
23-02-2014 01:29:33 Scheduled Checkpoint
23-02-2014 02:20:56 Windows Update
23-02-2014 03:29:28 Installed AVG 2014
23-02-2014 03:33:27 Removed AVG 2014
23-02-2014 03:41:47 Windows Update
23-02-2014 12:07:02 Windows Update

==================== Hosts content: ==========================

2006-11-02 06:34 - 2014-02-23 07:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {025F339D-F4E5-42D1-A169-2593652B0DF0} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Lisa Fenske => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {08D20FEC-ACC4-47FD-9EB7-41B2C64ACDF7} - System32\Tasks\{1233D200-8200-408C-B5B7-18ABA9AD98D8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0D2DD6E6-CFA2-4BE5-B090-98BFFD670A35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {35EDFD9E-42D2-45D8-97F5-1E88E70969F0} - System32\Tasks\{F75D7ADE-277B-4EA8-93A3-F6F99E049BEE} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=-3
Task: {3B0F14C9-A7F7-4CA9-BF99-DDB686FCEA71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {45F7F61D-450C-4CE5-B71F-DFC5C96AE1C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {49E3A2B7-DC7F-4DA8-98C9-C51AA5B57E2F} - System32\Tasks\{4523FCF2-58CE-435F-B03B-61737B46B694} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {603A2B4B-BC0F-4C28-93D0-39EC7CA802F0} - System32\Tasks\{21D39B1A-C174-4672-A959-D9DA0290ADFF} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {6C60036A-CA7D-4F11-8153-881ECDA1982C} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2011-03-07] (Eastman Kodak Company)
Task: {74868FEE-7F7A-4123-B6C3-995BD8D31E12} - System32\Tasks\HPCeeScheduleForLisa Fenske => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {969090B3-CAF7-4D4F-98D6-05018C9A0B6E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000UA => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B68BB5CD-0608-4A45-9E4A-0B58C296B7B1} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {B6B83861-B7E7-4E65-AC4C-C14A4AB8269F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C40C4058-6227-42DA-A5B1-5EF395157BC0} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {CDB14DD0-526F-4103-BDBF-E7955FFEB3BB} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe
Task: {DD7BC377-1E22-493E-808E-4DF5E6116D1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {E1660DE6-93FE-4F04-B66B-5569498437B6} - System32\Tasks\{A6114526-930E-4C6E-8E3B-9E0E8B15DD4C} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.259/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {E3D638DD-0537-421A-9718-289E34E17053} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000Core => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {ED929258-35B3-4356-9BE3-C9C363F21FD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-14] (Google Inc.)
Task: {F1AE839D-889E-41C2-9D7F-3EA9B1C30F41} - System32\Tasks\{E20E6FFA-54F1-4A19-97C1-AE48AEBE4AE8} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?source=lightinstaller&amp;page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {F7866213-8E1D-4427-85FB-AAC811A91BDF} - System32\Tasks\{2683F328-DE43-4511-974D-AFA6CBD7B1B6} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.259/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {FCABB909-0789-480E-AF04-0BC1133CDE43} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000Core.job => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-288858502-3419077098-1286135609-1000UA.job => C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLisa Fenske.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-05-14 13:48 - 2012-05-14 13:48 - 00323584 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00057344 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-10-17 10:39 - 2008-10-17 10:39 - 00032768 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00118784 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-12-03 07:02 - 2009-04-11 00:28 - 00368640 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00010240 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-10-17 10:32 - 2008-10-17 10:32 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:114BD271
AlternateDataStreams: C:\ProgramData\Temp:773DA865
AlternateDataStreams: C:\ProgramData\Temp:8BE2CBE9
AlternateDataStreams: C:\ProgramData\Temp:8DA0EB21
AlternateDataStreams: C:\ProgramData\Temp:CD6E25A6
AlternateDataStreams: C:\ProgramData\Temp:CF31AEF5
AlternateDataStreams: C:\ProgramData\Temp:CF75D88F
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:F65D490F
AlternateDataStreams: C:\ProgramData\Temp:FE29FBBF

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Lisa Fenske\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KBD => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2014 11:46:21 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
   at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
   at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
   at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
   at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (02/23/2014 11:44:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 07:59:49 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP01> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (02/23/2014 07:56:49 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (02/23/2014 07:56:19 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (02/23/2014 07:56:19 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (02/23/2014 07:53:42 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (02/23/2014 07:47:18 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (02/23/2014 07:47:04 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
   at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
   at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
   at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
   at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (02/23/2014 07:36:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/23/2014 11:45:57 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (02/23/2014 11:45:57 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/23/2014 11:45:03 AM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (02/23/2014 11:44:38 AM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgentAVGIDSDriver

Error: (02/23/2014 07:53:48 AM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (02/23/2014 07:46:02 AM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (02/23/2014 07:36:52 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (02/23/2014 07:36:52 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (02/23/2014 07:36:40 AM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgentAVGIDSDriver

Error: (02/23/2014 07:33:59 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Microsoft Office Sessions:
=========================
Error: (05/08/2011 07:29:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 557 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-02-23 11:48:03.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 11:48:03.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 11:48:02.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 11:48:02.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 07:31:18.893
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-23 07:31:18.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-23 07:00:19.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 07:00:19.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 07:00:18.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 07:00:18.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 4094.33 MB
Available physical RAM: 2585.89 MB
Total Pagefile: 8361.95 MB
Available Pagefile: 6750.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:452.55 GB) (Free:270.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.21 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (WD Passport) (Fixed) (Total:111.76 GB) (Free:39.77 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 112 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=112 GB) - (Type=0C)

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 25 February 2014 - 05:20 AM

Hello,
 
this look better now. How is your computer running? Which problems persist?


Step 1

Please download this attached Attached File  fixlist.txt   1.57KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Reboot your computer.



Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 12 March 2014 - 12:02 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users