DRC

OK. News and better news. Uninstalled AVG and there was some difference with disk access. There was also some difference when I un-checked the Malwarebytes tics. I reported 'no change' with the un-checking of the tics in Malwarebytes because the lag times within Windows and while on the internet hadn't changed. You asked me to tell you how I was measuring the disc access and internet speeds. Pretty much by 'seat of the pants'. You get to know your PC just like the vehicle you drive. I knew something was wrong but didn't have the knowledge to fix it. I did read the posted information on Malwarebytes site that this type of work takes time. I should be patient. Every problem solved could be a great guide for someone with the same symptions. I just ran out of patience and ran back to a place familiar to me. I must thank Ron Lewis and everyone else at Malwarebytes for doing what they did to try and solve my problem. My hat is off to you guys!!!! Thursday evening I talked to an acquaintance from a city college where I taught for years. He's now the head IT for Engineering and Technolgy (which is where I was a part of) and other departments. I describe to him what the problem was and sent a copied html page(s) of this topic with the processes you have so graciously instructed me to perform. He answered by saying you guys at Malwarebytes and any where else that fixes these types of problems without being in front of the computer have a very tough job. You could have one unique problem on 1 computer, have 4 people use that computer and each would explain the problem they were having differently. They see it all the time in his position. He told me to bring the computer to him and he'd take a look to see what he could do. I drove over there and met up with him 7:00 am this morning. It's now 4:15 pm Pacific daylight time and my computer is now as fast and snappy as you'd expect it to be. When I first tried it I was blown away. I said, "Yes, this is what an i7-3770K CPU, 16gb mem, NVIDIA GeForce GTX 570, and internet at 35 mbps should feel like!" He told me he had one of his techs do the work but hadn't sat down with him to see what processes he took to fix the problem. Some of the techs have coded a lot of diagnostic and repair utilities written just for this type of stuff as you could imagine the trouble they run into especially in the computer labs. Come next week I will post what info I get from my IT friend. PLEASE CONSIDER THIS SESSION CLOSED....

Sorry.... Have a project that has to be done by Friday and need the computer to complete the work so I can get paid and take care of the rent. Can't take a chance anything happens where the program or computer is unstable or unusable. I'm very close and looks like the e.t.a. will be mid to late afternoon Thursday. Then I will try your suggestion and report back. Thanks for checking up on me.

Ok I'll remove AVG and use the download you gave me a link to. Thanks

I would love to say that was the answer but it wasn't. Same as before. Do you have any more suggestions? Thanks again.

By the way: Do you think Adding Exclusions In AVG 2012 internet Security and Malwarebytes will fix some of the disk access? I Googled how to do that and many give up to 2011 on AVG and then a lot give info for Malwarebytes. If you think it will work the I need instructions for the Paid version of AVG 2012 Internet Security andPaid version of Malwarebytes thanks.

Only found 1 version of Java to uninstall. Ran the TFC.exe and it did it's thing but still have same problem...??? Whats next?

Sorry for the delay. Here is combofix text -------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 13-08-22.01 - Dave 08/23/2013 16:20:50.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16350.14536 [GMT -7:00] Running from: d:\users\Dave\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\regobj.dll c:\windows\SysWow64\tmp50AE.tmp c:\windows\SysWow64\tmp50BF.tmp c:\windows\SysWow64\tmp8304.tmp c:\windows\SysWow64\tmp8314.tmp D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2013-07-23 to 2013-08-23 ))))))))))))))))))))))))))))))) . . 2013-08-22 23:43 . 2013-08-22 23:43 -------- d-----w- c:\users\Dave\AppData\Local\Help 2013-08-20 22:36 . 2013-08-20 22:36 -------- d-----w- C:\FRST 2013-08-20 21:49 . 2013-08-20 21:49 -------- d-----w- c:\program files (x86)\ESET 2013-08-20 21:26 . 2013-08-20 21:35 -------- d-----w- C:\AdwCleaner 2013-08-20 21:15 . 2013-08-20 21:15 -------- d-----w- c:\windows\ERUNT 2013-08-20 21:07 . 2013-08-20 21:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-20 17:09 . 2013-08-20 17:09 -------- d-----w- c:\program files (x86)\ERUNT 2013-08-19 22:07 . 2013-08-19 22:07 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys 2013-08-19 22:07 . 2013-08-19 22:07 994912 ----a-w- c:\windows\system32\drivers\timntr.sys 2013-08-19 22:07 . 2013-08-19 22:07 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2013-08-19 22:07 . 2013-08-19 22:07 211552 ----a-w- c:\windows\system32\drivers\vididr.sys 2013-08-19 22:07 . 2013-08-19 22:07 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys 2013-08-19 22:07 . 2013-08-19 22:07 320096 ----a-w- c:\windows\system32\drivers\snapman.sys 2013-08-19 22:07 . 2013-08-19 22:07 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2013-08-19 22:07 . 2013-08-19 22:07 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2013-08-19 22:07 . 2013-08-19 22:07 -------- d-----w- c:\program files (x86)\Acronis 2013-08-18 21:39 . 2013-08-18 21:39 -------- d-----w- c:\users\Dave\AppData\Roaming\AVG2012 2013-08-18 21:39 . 2013-08-18 21:39 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2013-08-18 21:38 . 2013-08-23 22:33 -------- d-----w- c:\windows\system32\drivers\AVG 2013-08-18 21:38 . 2013-08-18 21:44 -------- d-----w- c:\programdata\AVG2012 2013-08-18 21:38 . 2013-08-18 21:38 -------- d-----w- C:\$AVG 2013-08-18 19:56 . 2013-08-18 19:56 -------- d-----w- c:\program files\CCleaner 2013-08-18 19:33 . 2013-08-18 19:34 -------- d-----w- c:\windows\system32\MRT 2013-07-31 21:09 . 2009-07-14 01:14 9728 ----a-w- c:\windows\winhlp32_backup.exe 2013-07-31 21:09 . 2013-07-31 21:09 -------- d-----w- c:\program files (x86)\Arts & Letters . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-05 23:14 . 2012-12-12 19:13 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-12 17:06 . 2013-01-03 17:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-12 17:06 . 2013-01-03 17:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-24 16:54 . 2013-06-24 16:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-24 16:54 . 2013-05-10 18:42 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-24 16:54 . 2013-05-10 18:42 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files (x86)\Common Files\IRAABOUT.DLL 1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files (x86)\Common Files\IRAMDMTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files (x86)\Common Files\IRALPTTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files (x86)\Common Files\IRAWEBTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files (x86)\Common Files\IRAREG.DLL 1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files (x86)\Common Files\IRASRIAL.DLL . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-01 835224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "NBAgent"="d:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136] "QuickTime Task"="d:\program files\Quicktime 7.7.3\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-29 5955088] "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-29 1171336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Event Planner Reminder.lnk - d:\program files\Hallmark Card Studio 2013\Planner\PLNRnote.exe [2013-1-11 363520] Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 CtHdaSvc;SB Recon3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] R3 cthda;SB Recon3D HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x] R3 CTHDB;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\CtHDb.sys;c:\windows\SYSNATIVE\DRIVERS\CtHDb.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x] S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x] S2 TeamViewer8;TeamViewer 8;d:\program files\Teamviewer\Version8\TeamViewer_Service.exe;d:\program files\Teamviewer\Version8\TeamViewer_Service.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-03 17:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-29 403144] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-23 16:23:34 ComboFix-quarantined-files.txt 2013-08-23 23:23 . Pre-Run: 430,886,817,792 bytes free Post-Run: 431,084,453,888 bytes free . - - End Of File - - 266DF0A37A284320AB67AF404424D170 A36C5E4F47E84449FF07ED3517B43A31

Thanks. Will run ComboFix this evening.

Did the chkdsk /r on both drives. C: was fine. D: had some free space allocation adjustment. Still the problem persists. Next suggestion?

Disk access and Internet lag is still the same. ):

Done! --------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.20.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dave :: DAVE-PC [administrator] 8/20/2013 2:07:36 PM mbar-log-2013-08-20 (14-07-36).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 262865 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) -------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.492000 GHz Memory total: 17144246272, free: 14896361472 Downloaded database version: v2013.08.20.07 Initializing... ------------ Kernel report ------------ 08/20/2013 14:07:34 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\system32\DRIVERS\vsflt67.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tdrpman.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\NBVol.sys \SystemRoot\system32\DRIVERS\NBVolUp.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\Windows\system32\drivers\avgtpx64.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\avgfwd6a.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\e1c62x64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\afcdp.sys \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk9\DR9 Upper Device Object: 0xfffffa800e41d790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009c\ Lower Device Object: 0xfffffa800e63fb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk8\DR8 Upper Device Object: 0xfffffa800e3b6060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa800e63ab60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa800e3a9060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000091\ Lower Device Object: 0xfffffa800e5f2b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa800e3a0060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000090\ Lower Device Object: 0xfffffa800e5f1b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa800e3a7060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008f\ Lower Device Object: 0xfffffa800e5dab60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa800e3b3060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008e\ Lower Device Object: 0xfffffa800e5eeb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800e3b5060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008d\ Lower Device Object: 0xfffffa800e5deb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800d029790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\ Lower Device Object: 0xfffffa800cdfd060 Lower Device Driver Name: \Driver\atapi\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800d023790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa800cdf8060 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800d023790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800d0232c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800d023790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cf4de10, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800cdf8060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B3A84834 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1000005632 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 512110190592 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1000195216-1000215216)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800d029790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800d0292c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800d029790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cf57b30, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800cdfd060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2E2DDE34 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800e3b5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e5e1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e3b5060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e579e10, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800e5deb60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800e3b3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e3b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e3b3060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e5f7b30, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800e5eeb60, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa800e3a7060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e5fe870, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e3a7060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e5ffd30, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800e5dab60, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa800e3a0060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e3a0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e3a0060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e607c90, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800e5f1b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa800e3a9060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e3a9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e3a9060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e60cac0, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800e5f2b60, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 8, DevicePointer: 0xfffffa800e3b6060, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e3b6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e3b6060, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e647e10, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800e63ab60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 8 Scanning MBR on drive 8... Inspecting partition table: MBR Signature: 55AA Disk Signature: 4037166D Partition information: Partition 0 type is Other (0xe) Partition is ACTIVE. Partition starts at LBA: 16 Numsec = 974832 Partition file system is FAT Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 499122176 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 9, DevicePointer: 0xfffffa800e41d790, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e674b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800e41d790, DeviceName: \Device\Harddisk9\DR9\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e669c00, DeviceName: Unknown, DriverName: \Driver\vidsflt67\ DevicePointer: 0xfffffa800e63fb60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- <<<2>>> Device number: 1, partition: 1 <<<3>>> Volume: D: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_8_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_8_0_16_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_8_r.mbam... Removal finished ------------------------------------------------------------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.1 (08.19.2013:1) OS: Windows 7 Professional x64 Ran by Dave on Tue 08/20/2013 at 14:15:36.11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/20/2013 at 14:18:20.12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----------------------------------------------------------------------------------------------------------------------------------------------------------------- # AdwCleaner v3.000 - Report created 20/08/2013 at 14:35:09 # Updated 20/08/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Dave - DAVE-PC # Running from : D:\Users\Dave\Desktop\Spam Cleanup\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : vToolbarUpdater14.2.0 ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] ******* vProt belongs to AVG ******???? ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 ************************* AdwCleaner[R0].txt - [911 octets] - [20/08/2013 14:31:21] AdwCleaner[R1].txt - [970 octets] - [20/08/2013 14:34:28] AdwCleaner[s0].txt - [902 octets] - [20/08/2013 14:35:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [961 octets] ########## --------------------------------------------------------------------------------------------------------------------------------------------------- ESET Export D:\Users\Dave\Documents\Downloads - XP\Nero 9\backup\Nero_BackItUp-4[1].2.16.0_update.exe Win32/Toolbar.AskSBar application D:\Users\Dave\Documents\Downloads - XP\SWF-Stuff\SWF-FLV Player\cnet2_swfflv_player_exe.exe a variant of Win32/InstallCore.D application D:\Users\Dave\Documents\Downloads - XP\Windows Boot Disc\UBCD4WinV360.exe Win32/PrcView application ---------------------------------------------------------------------------------------------------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 05 Ran by Dave (administrator) on 20-08-2013 15:37:07 Running from D:\Users\Dave\Desktop\Spam Cleanup Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Creative Home) D:\Program Files\Hallmark Card Studio 2013\Planner\PLNRnote.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (TeamViewer GmbH) D:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis) HKCU\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [NBAgent] - D:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [QuickTime Task] - D:\Program Files\Quicktime 7.7.3\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis) HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis) HKU\UpdatusUser\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated) HKU\UpdatusUser\...\RunOnce: [CTAutoUpdate] - "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller [x] HKU\UpdatusUser\...\RunOnce: [inetReg] - "C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 [x] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk ShortcutTarget: Event Planner Reminder.lnk -> D:\Program Files\Hallmark Card Studio 2013\Planner\PLNRnote.exe (Creative Home) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> D:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab Handler: ipp - No CLSID Value - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler: msdaipp - No CLSID Value - Handler-x32: ipp - No CLSID Value - Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) S2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [104448 2011-11-03] (Creative Technology Ltd) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 TeamViewer8; D:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe [4153184 2013-07-08] (TeamViewer GmbH) ==================== Drivers (Whitelisted) ==================== R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-21] (AVG Technologies) S3 cthda; C:\Windows\System32\drivers\cthda.sys [1265752 2011-11-04] (Creative Technology Ltd) S3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [24152 2011-11-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RTCore64; C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2011-08-12] () R3 RTCore64; C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2011-08-12] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-20 14:49 - 2013-08-20 14:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-20 14:26 - 2013-08-20 14:35 - 00000000 ____D C:\AdwCleaner 2013-08-20 14:15 - 2013-08-20 14:15 - 00000000 ____D C:\Windows\ERUNT 2013-08-20 14:07 - 2013-08-20 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-20 10:17 - 2013-08-20 10:17 - 00002637 _____ D:\Users\Dave\Desktop\RKreport[0]_S_08202013_101724.txt 2013-08-20 10:16 - 2013-08-20 12:35 - 00000000 ____D D:\Users\Dave\Desktop\RK_Quarantine 2013-08-20 10:14 - 2013-08-20 10:14 - 00000000 ____D C:\Windows\ERDNT 2013-08-20 10:09 - 2013-08-20 10:09 - 00000928 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2013-08-20 10:09 - 2013-08-20 10:09 - 00000909 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2013-08-20 10:09 - 2013-08-20 10:09 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-08-20 10:04 - 2013-08-20 10:04 - 00002940 _____ D:\Users\Dave\Desktop\Rkill.txt 2013-08-20 10:04 - 2013-08-20 10:04 - 00000000 ____D D:\Users\Dave\Desktop\rkill 2013-08-19 15:18 - 2013-08-19 15:18 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Acronis 2013-08-19 15:07 - 2013-08-19 15:46 - 00000000 ____D C:\ProgramData\Acronis 2013-08-19 15:07 - 2013-08-19 15:07 - 01294432 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00994912 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00320096 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00211552 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00146528 _____ (Acronis) C:\Windows\system32\Drivers\vsflt67.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00137312 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00001139 _____ C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk 2013-08-19 15:07 - 2013-08-19 15:07 - 00000000 ____D C:\Program Files (x86)\Acronis 2013-08-19 11:50 - 2013-08-19 11:50 - 00015916 _____ D:\Users\Dave\Desktop\dds.txt 2013-08-19 11:50 - 2013-08-19 11:50 - 00013606 _____ D:\Users\Dave\Desktop\attach.txt 2013-08-19 11:02 - 2013-08-19 11:47 - 00000598 _____ D:\Users\Dave\Desktop\Virus text.txt 2013-08-19 10:51 - 2013-08-19 10:51 - 00688992 ____R (Swearware) D:\Users\Dave\Desktop\dds.scr 2013-08-18 16:24 - 2013-08-20 15:35 - 00000000 ____D D:\Users\Dave\Desktop\Spam Cleanup 2013-08-18 14:39 - 2013-08-18 14:39 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG 2013-08-18 14:39 - 2013-08-18 14:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\AVG2012 2013-08-18 14:38 - 2013-08-20 08:32 - 00000000 ____D C:\Windows\system32\Drivers\AVG 2013-08-18 14:38 - 2013-08-18 14:44 - 00000000 ____D C:\ProgramData\AVG2012 2013-08-18 14:38 - 2013-08-18 14:38 - 00000000 ___HD C:\$AVG 2013-08-18 14:22 - 2013-08-20 08:29 - 00001394 _____ C:\Windows\PFRO.log 2013-08-18 13:35 - 2013-08-18 13:35 - 00003176 _____ C:\Windows\System32\Tasks\{ABCF8F13-DB7B-4926-8B62-7A646E4E7439} 2013-08-18 13:27 - 2013-08-20 14:36 - 00000896 _____ C:\Windows\setupact.log 2013-08-18 13:27 - 2013-08-18 13:27 - 00000000 _____ C:\Windows\setuperr.log 2013-08-18 12:56 - 2013-08-18 12:56 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-08-18 12:56 - 2013-08-18 12:56 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-08-18 12:56 - 2013-08-18 12:56 - 00000000 ____D C:\Program Files\CCleaner 2013-08-18 12:33 - 2013-08-18 12:34 - 00000000 ____D C:\Windows\system32\MRT 2013-08-18 12:29 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-18 12:29 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-18 12:29 - 2013-07-24 20:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-18 12:29 - 2013-07-24 20:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-18 12:29 - 2013-07-24 20:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-18 12:29 - 2013-07-24 20:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-18 12:29 - 2013-07-24 20:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-18 12:29 - 2013-07-24 20:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-18 12:29 - 2013-07-24 20:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-18 12:29 - 2013-07-24 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-18 12:29 - 2013-07-24 20:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-18 12:29 - 2013-07-24 20:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-18 12:29 - 2013-07-24 20:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-18 12:29 - 2013-07-24 20:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-18 12:29 - 2013-07-24 20:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-18 12:29 - 2013-07-24 20:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-18 12:29 - 2013-07-24 20:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-18 12:29 - 2013-07-24 20:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-18 12:29 - 2013-07-24 19:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-18 12:29 - 2013-07-24 19:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-18 12:29 - 2013-07-24 19:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-18 12:29 - 2013-07-24 19:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-18 12:29 - 2013-07-24 19:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-18 12:29 - 2013-07-24 19:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-08-18 12:29 - 2013-07-24 19:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-08-18 12:29 - 2013-07-24 19:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-18 12:29 - 2013-07-24 19:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-18 12:29 - 2013-07-24 19:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-18 12:29 - 2013-07-24 19:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-18 12:29 - 2013-07-24 19:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-08-18 12:29 - 2013-07-24 19:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-08-18 12:29 - 2013-07-24 19:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-18 12:29 - 2013-07-24 19:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-18 12:29 - 2013-07-24 19:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-08-18 12:29 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-18 12:29 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-18 12:29 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-18 12:29 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-18 12:29 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-18 12:29 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-18 12:29 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-18 12:29 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-18 12:29 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-18 12:29 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-18 12:29 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-18 12:29 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-18 12:29 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-18 12:29 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-18 12:29 - 2013-06-04 20:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-08-18 12:29 - 2013-06-03 23:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-08-18 12:29 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-08-18 12:29 - 2013-05-12 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-08-18 12:29 - 2013-05-12 20:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-08-18 12:29 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-08-18 12:29 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-08-18 12:29 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-08-18 12:29 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-08-18 12:29 - 2013-04-25 22:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-08-18 12:29 - 2013-04-25 21:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-08-18 12:29 - 2013-04-09 22:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-08-18 12:29 - 2013-04-09 22:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-31 14:17 - 2013-07-31 14:17 - 00000000 ____D D:\Users\Dave\Documents\My Graphics 2013-07-31 14:09 - 2013-07-31 14:09 - 00002020 _____ C:\Users\Public\Desktop\Arts & Letters 8.0.lnk 2013-07-31 14:09 - 2013-07-31 14:09 - 00001997 _____ C:\Users\Public\Desktop\EXPRESS 8.0 Help Request.lnk 2013-07-31 14:09 - 2013-07-31 14:09 - 00000000 ____D C:\Program Files (x86)\Arts & Letters 2013-07-31 14:09 - 2009-07-13 18:14 - 00009728 _____ (Microsoft Corporation) C:\Windows\winhlp32_backup.exe 2013-07-28 12:02 - 2013-07-28 12:02 - 00092763 _____ D:\Users\Dave\Desktop\movie43.tvmw5 2013-07-28 11:54 - 2013-07-28 11:54 - 01946207 _____ D:\Users\Dave\Desktop\Title 1.wmv 2013-07-26 15:27 - 2013-07-26 15:30 - 08626376 _____ D:\Users\Dave\Desktop\Alberto's wedding band.psd ==================== One Month Modified Files and Folders ======= 2013-08-20 15:36 - 2013-08-20 15:36 - 00000000 ____D C:\FRST 2013-08-20 15:35 - 2013-08-18 16:24 - 00000000 ____D D:\Users\Dave\Desktop\Spam Cleanup 2013-08-20 15:25 - 2013-01-03 10:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-20 14:49 - 2013-08-20 14:49 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-20 14:43 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-20 14:43 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-20 14:40 - 2009-07-13 22:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-20 14:39 - 2012-12-12 06:40 - 01332391 _____ C:\Windows\WindowsUpdate.log 2013-08-20 14:36 - 2013-08-18 13:27 - 00000896 _____ C:\Windows\setupact.log 2013-08-20 14:36 - 2012-12-11 15:52 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-20 14:36 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-20 14:35 - 2013-08-20 14:26 - 00000000 ____D C:\AdwCleaner 2013-08-20 14:15 - 2013-08-20 14:15 - 00000000 ____D C:\Windows\ERUNT 2013-08-20 14:11 - 2013-08-20 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-20 12:35 - 2013-08-20 10:16 - 00000000 ____D D:\Users\Dave\Desktop\RK_Quarantine 2013-08-20 10:17 - 2013-08-20 10:17 - 00002637 _____ D:\Users\Dave\Desktop\RKreport[0]_S_08202013_101724.txt 2013-08-20 10:14 - 2013-08-20 10:14 - 00000000 ____D C:\Windows\ERDNT 2013-08-20 10:09 - 2013-08-20 10:09 - 00000928 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2013-08-20 10:09 - 2013-08-20 10:09 - 00000909 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2013-08-20 10:09 - 2013-08-20 10:09 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-08-20 10:04 - 2013-08-20 10:04 - 00002940 _____ D:\Users\Dave\Desktop\Rkill.txt 2013-08-20 10:04 - 2013-08-20 10:04 - 00000000 ____D D:\Users\Dave\Desktop\rkill 2013-08-20 08:39 - 2012-12-19 12:42 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe 2013-08-20 08:32 - 2013-08-18 14:38 - 00000000 ____D C:\Windows\system32\Drivers\AVG 2013-08-20 08:29 - 2013-08-18 14:22 - 00001394 _____ C:\Windows\PFRO.log 2013-08-19 15:46 - 2013-08-19 15:07 - 00000000 ____D C:\ProgramData\Acronis 2013-08-19 15:18 - 2013-08-19 15:18 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Acronis 2013-08-19 15:07 - 2013-08-19 15:07 - 01294432 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00994912 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00320096 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00211552 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00146528 _____ (Acronis) C:\Windows\system32\Drivers\vsflt67.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00137312 _____ (Acronis) C:\Windows\system32\Drivers\fltsrv.sys 2013-08-19 15:07 - 2013-08-19 15:07 - 00001139 _____ C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk 2013-08-19 15:07 - 2013-08-19 15:07 - 00000000 ____D C:\Program Files (x86)\Acronis 2013-08-19 14:12 - 2013-05-29 15:10 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2013-08-19 11:50 - 2013-08-19 11:50 - 00015916 _____ D:\Users\Dave\Desktop\dds.txt 2013-08-19 11:50 - 2013-08-19 11:50 - 00013606 _____ D:\Users\Dave\Desktop\attach.txt 2013-08-19 11:47 - 2013-08-19 11:02 - 00000598 _____ D:\Users\Dave\Desktop\Virus text.txt 2013-08-19 10:51 - 2013-08-19 10:51 - 00688992 ____R (Swearware) D:\Users\Dave\Desktop\dds.scr 2013-08-19 09:09 - 2013-04-20 12:22 - 00000965 _____ C:\Users\Public\Desktop\AVG 2012.lnk 2013-08-19 09:09 - 2012-12-11 16:38 - 00000000 ____D C:\ProgramData\MFAData 2013-08-18 16:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2013-08-18 14:44 - 2013-08-18 14:38 - 00000000 ____D C:\ProgramData\AVG2012 2013-08-18 14:39 - 2013-08-18 14:39 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG 2013-08-18 14:39 - 2013-08-18 14:39 - 00000000 ____D C:\Users\Dave\AppData\Roaming\AVG2012 2013-08-18 14:38 - 2013-08-18 14:38 - 00000000 ___HD C:\$AVG 2013-08-18 13:35 - 2013-08-18 13:35 - 00003176 _____ C:\Windows\System32\Tasks\{ABCF8F13-DB7B-4926-8B62-7A646E4E7439} 2013-08-18 13:27 - 2013-08-18 13:27 - 00000000 _____ C:\Windows\setuperr.log 2013-08-18 13:21 - 2012-12-12 06:05 - 00000000 ____D C:\Windows\Panther 2013-08-18 12:56 - 2013-08-18 12:56 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-08-18 12:56 - 2013-08-18 12:56 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-08-18 12:56 - 2013-08-18 12:56 - 00000000 ____D C:\Program Files\CCleaner 2013-08-18 12:41 - 2009-07-13 21:45 - 02270528 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-18 12:40 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-18 12:40 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-18 12:40 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-18 12:34 - 2013-08-18 12:33 - 00000000 ____D C:\Windows\system32\MRT 2013-08-13 12:15 - 2013-01-03 15:15 - 00076800 _____ D:\Users\Dave\Documents\Cking_1.xls 2013-08-10 16:52 - 2013-01-04 10:14 - 00000000 ____D D:\Users\Dave\Documents\Downloads - XP 2013-08-05 16:14 - 2012-12-12 12:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-31 14:17 - 2013-07-31 14:17 - 00000000 ____D D:\Users\Dave\Documents\My Graphics 2013-07-31 14:09 - 2013-07-31 14:09 - 00002020 _____ C:\Users\Public\Desktop\Arts & Letters 8.0.lnk 2013-07-31 14:09 - 2013-07-31 14:09 - 00001997 _____ C:\Users\Public\Desktop\EXPRESS 8.0 Help Request.lnk 2013-07-31 14:09 - 2013-07-31 14:09 - 00000000 ____D C:\Program Files (x86)\Arts & Letters 2013-07-31 12:32 - 2013-03-02 17:27 - 00098816 _____ D:\Users\Dave\Documents\ADDRESSES.xls 2013-07-30 15:24 - 2013-04-08 10:09 - 00000507 _____ D:\Users\Dave\Desktop\Bathroom rug.txt 2013-07-29 15:41 - 2013-06-22 10:02 - 00000000 ____D C:\Program Files (x86)\EVGA Precision 2013-07-29 15:38 - 2013-06-24 09:44 - 00003014 _____ C:\Windows\System32\Tasks\EVGAPrecision 2013-07-29 13:22 - 2013-01-04 10:37 - 00000000 ____D D:\Users\Dave\Documents\PCC 2013-07-28 12:02 - 2013-07-28 12:02 - 00092763 _____ D:\Users\Dave\Desktop\movie43.tvmw5 2013-07-28 11:54 - 2013-07-28 11:54 - 01946207 _____ D:\Users\Dave\Desktop\Title 1.wmv 2013-07-26 15:30 - 2013-07-26 15:27 - 08626376 _____ D:\Users\Dave\Desktop\Alberto's wedding band.psd 2013-07-26 09:56 - 2013-03-27 11:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-26 09:56 - 2013-03-08 14:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-25 02:25 - 2013-08-18 12:29 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 01:57 - 2013-08-18 12:29 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-24 20:54 - 2013-08-18 12:29 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-24 20:37 - 2013-08-18 12:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-24 20:35 - 2013-08-18 12:29 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-24 20:31 - 2013-08-18 12:29 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-24 20:30 - 2013-08-18 12:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-24 20:29 - 2013-08-18 12:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-24 20:29 - 2013-08-18 12:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-24 20:29 - 2013-08-18 12:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-24 20:28 - 2013-08-18 12:29 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-24 20:28 - 2013-08-18 12:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-24 20:28 - 2013-08-18 12:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-24 20:28 - 2013-08-18 12:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-24 20:28 - 2013-08-18 12:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-24 20:27 - 2013-08-18 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-24 20:27 - 2013-08-18 12:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-24 20:26 - 2013-08-18 12:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-24 19:40 - 2013-08-18 12:29 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-24 19:32 - 2013-08-18 12:29 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-24 19:30 - 2013-08-18 12:29 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-24 19:26 - 2013-08-18 12:29 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-24 19:26 - 2013-08-18 12:29 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-24 19:25 - 2013-08-18 12:29 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-07-24 19:24 - 2013-08-18 12:29 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-07-24 19:24 - 2013-08-18 12:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-24 19:23 - 2013-08-18 12:29 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-24 19:23 - 2013-08-18 12:29 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-24 19:23 - 2013-08-18 12:29 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-24 19:23 - 2013-08-18 12:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-07-24 19:23 - 2013-08-18 12:29 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-07-24 19:22 - 2013-08-18 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-24 19:22 - 2013-08-18 12:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-24 19:22 - 2013-08-18 12:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-12 12:54 ==================== End Of Log ============================ ----------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 05 Ran by Dave at 2013-08-20 15:37:17 Running from D:\Users\Dave\Desktop\Spam Cleanup Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2012 (Version: 2012.1.2242) Acronis True Image Home 2012 (x32 Version: 15.0.7133) Adobe AIR (x32 Version: 3.6.0.5970) Adobe Community Help (x32 Version: 3.5.23) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Photoshop Elements 10 (x32 Version: 10.0) Adobe Photoshop.com Inspiration Browser (x32 Version: 3.09) Adobe Premiere Elements 10 (Version: 10.0) Adobe Premiere Elements 10 Content (x32 Version: 10.0) Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0) Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0) Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) Arts & Letters EXPRESS 8.0 (x32 Version: 7.90.0000) AVG 2012 (Version: 12.0.3211) AVG 2012 (Version: 12.1.2242) CameraHelperMsi (x32 Version: 13.51.815.0) CCleaner (Version: 4.04) DVD Shrink 3.2 (x32) DVDFab 8.2.2.8 (26/02/2013) Qt (x32) Elements 10 Organizer (x32 Version: 10.0) EPSON Scan (x32) erLT (x32 Version: 1.20.138.34) ERUNT 1.1j (x32) ESET Online Scanner v3 (x32) EVGA Precision 2.0.4 (x32 Version: 2.0.4) GoldWave v5.67 (x32) GoldWave v5.68 (x32 Version: 5.68) Hallmark Card Studio 2013 Deluxe (x32 Version: 14.0.1.1) HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0) HP Officejet Pro 8500 A910 Help (x32 Version: 140.0.2.2) Intel® Management Engine Components (x32 Version: 8.0.1.1399) Intel® Network Connections 16.8.46.0 (Version: 16.8.46.0) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.219.2) Ipswitch WS_FTP 12 (x32 Version: 12.3) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) jv16 PowerTools 2012 (x32 Version: ) Logitech Webcam Software (x32 Version: 2.51) LWS Facebook (x32 Version: 13.50.854.0) LWS Gallery (x32 Version: 13.51.827.0) LWS Help_main (x32 Version: 13.51.828.0) LWS Launcher (x32 Version: 13.51.828.0) LWS Motion Detection (x32 Version: 13.51.815.0) LWS Pictures And Video (x32 Version: 13.51.815.0) LWS Twitter (x32 Version: 13.30.1346.0) LWS Webcam Software (x32 Version: 13.51.815.0) LWS WLM Plugin (x32 Version: 1.30.1201.0) LWS YouTube Plugin (x32 Version: 13.31.1038.0) Macromedia Fireworks 4 (x32 Version: 4) Macromedia Flash 5 (x32 Version: 5) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office 2000 Disc 2 (x32 Version: 9.00.2720) Microsoft Office 2000 Premium (x32 Version: 9.00.2720) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0) Microsoft Sync Framework 2.0 Core Components (x64) ENU (Version: 2.0.1578.0) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (Version: 2.0.1578.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0) Nero 11 Mini Repack Nero Backup Drivers (Version: 1.0.10000.1.0) NVIDIA 3D Vision Controller Driver 285.66 (Version: 285.66) NVIDIA 3D Vision Driver 311.06 (Version: 311.06) NVIDIA Control Panel 311.06 (Version: 311.06) NVIDIA Graphics Driver 311.06 (Version: 311.06) NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (x32 Version: 9.11.0621) NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OmniForm 5.0 (x32 Version: 5.00.034) PRE10STI64Installer (x32 Version: 1.0) PSE10 STI Installer (x32 Version: 10.0) PSE11 STI Installer (x32 Version: 11.0) QuickTime (x32 Version: 7.74.80.86) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526) Skype™ 6.1 (x32 Version: 6.1.129) SmartSound Common Data (x32 Version: 1.1.0) SmartSound Premiere Elements 10 x64 Plugin (Version: 5.70.0001) SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1) SpeedFan (remove only) (x32) SyncToy 2.1 (x64) (Version: 2.1.0) TeamViewer 8 (x32 Version: 8.0.19617) The Print Shop 3.0 Fonts (x32 Version: 1.0) The Print Shop 3.0 Professional (x32 Version: 3.0.6) TMPGEnc Video Mastering Works 5 (x32 Version: 5.3.2.86) TurboTax 2012 (x32 Version: 2012.0) TurboTax 2012 waziper (x32 Version: 012.000.1264) TurboTax 2012 wcaiper (x32 Version: 012.000.1430) TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114) TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451) TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179) TurboTax 2012 wrapper (x32 Version: 012.000.0127) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2) ==================== Restore Points ========================= 08-07-2013 20:18:40 Scheduled Checkpoint 16-07-2013 18:19:36 Scheduled Checkpoint 23-07-2013 20:12:57 Scheduled Checkpoint 25-07-2013 18:09:59 Windows Update 31-07-2013 21:09:34 Installed Arts & Letters EXPRESS 8.0. 08-08-2013 19:38:51 Scheduled Checkpoint 15-08-2013 19:59:50 Scheduled Checkpoint 18-08-2013 19:29:42 Windows Update 18-08-2013 21:20:06 Removed AVG 2012 18-08-2013 21:21:07 Removed AVG 2012 18-08-2013 21:38:36 Installed AVG 2012 18-08-2013 21:38:43 Installed AVG 2012 ==================== Hosts content: ========================== 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0DD79971-1AF3-47C5-9C68-9B3F5B4BCA6F} - System32\Tasks\{C985FF6C-7364-4EAD-9867-F5D4EDFA0C32} => E:\Flash 5.0\Flash 5.exe No File Task: {3D9237FD-9DE9-40BC-986A-3D21F8A0C3BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {4616D015-2419-4984-B2F6-30F75D371BBF} - System32\Tasks\AdobeAAMUpdater-1.0-Dave-PC-Dave => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {473B4268-C62A-484B-9B09-FE3CC8D41210} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe [2011-08-12] () Task: {49F8EA6E-0FA8-4549-A8B5-3907E449C9FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9A6C510B-6FE3-4FC1-A2F3-A0F6E872DE48} - System32\Tasks\{BCCD9715-C010-4342-8C7B-93CD478F2861} => E:\Firework 4.0\FireWorks 4.exe No File Task: {FB3630A6-96C2-4A9D-989A-4895C7041964} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/20/2013 02:37:59 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 02:24:19 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/20/2013 02:38:22 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/20/2013 02:38:22 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/20/2013 02:36:09 PM) (Source: Service Control Manager) (User: ) Description: The SB Recon3D Service service depends on the SB Recon3D HDAudio service which failed to start because of the following error: %%1058 Error: (08/20/2013 02:36:09 PM) (Source: Service Control Manager) (User: ) Description: The SB Recon3D HDAudio service failed to start due to the following error: %%1058 Error: (08/20/2013 02:24:42 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (08/20/2013 02:24:42 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/20/2013 02:22:29 PM) (Source: Service Control Manager) (User: ) Description: The SB Recon3D Service service depends on the SB Recon3D HDAudio service which failed to start because of the following error: %%1058 Error: (08/20/2013 02:22:29 PM) (Source: Service Control Manager) (User: ) Description: The SB Recon3D HDAudio service failed to start due to the following error: %%1058 Microsoft Office Sessions: ========================= Error: (08/20/2013 02:37:59 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/20/2013 02:24:19 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 16350.03 MB Available physical RAM: 13457.23 MB Total Pagefile: 32698.24 MB Available Pagefile: 29647.61 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.84 GB) (Free:397.54 GB) NTFS Drive d: (WD HD) (Fixed) (Total:931.51 GB) (Free:619.74 GB) NTFS Drive l: (KINGSTON) (Removable) (Total:0.46 GB) (Free:0.05 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 477 GB) (Disk ID: B3A84834) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=477 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2E2DDE34) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 7 (Size: 476 MB) (Disk ID: 4037166D) Partition 1: (Active) - (Size=476 MB) - (Type=0E) ==================== End Of Log ============================

OK All Done! By the way, I installed Acronis 2012 Backup yesterday after I sent the 2 txt files generated by dds.scr. Hope that was OK. ALSO How long do I leave my Antivirus Disabled??? ------------------------------------------------------------------------------------------------------------------------- Rkill 2.6.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/20/2013 10:04:43 AM in x64 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: D:\Users\Dave\Desktop\rkill\rkill-08-20-2013-10-04-45.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 08/20/2013 10:04:53 AM Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s) ---------------------------------------------------------------------------------------------------------------------------------- RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dave [Admin rights] Mode : Scan -- Date : 08/20/2013 10:17:24 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][ROGUE ST] HKUS\.DEFAULT\[...]\Run : 20090604 (C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.rpd") -> FOUND [RUN][ROGUE ST] HKUS\S-1-5-18\[...]\Run : 20090604 (C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.rpd") -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++ --- User --- [MBR] 9360969f867ce4bf8e3c5bc9f11c0861 [bSP] 485b0334897676219a96abafed9fc946 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 488284 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG SSD 830 Series ATA Device +++++ --- User --- [MBR] 918ac733ced1514145e2c8cbfbe9e615 [bSP] fbb0e9083ddbc41cefe65a3489e6313f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG SSD 830 Series ATA Device +++++ --- User --- [MBR] ffbeff62e4efd1ad40da75045ad0dbb8 [bSP] 0f70cd85063b9b17527b37669a835c6a : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_08202013_101724.txt >> ---------------------------------------------------------------------------------------------------------------------------------------------

AdvancedSetup... Before I start I must ask this question. I am told Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. Is RougeKiller the only scanner or is Rkill and Erunt also scanners? Thanks DRC

Hello. I'm at my wits end trying to figure out the cause of my computer problem. Symptoms: High Disk Access and slowed Internet responce Tests performed: 1.) I've disconnected from the internet to see if that slows or stops the disk access. NO Difference. 2.) Booted into Safe Mode: Slowed down disk access. 3.) Temporarily disabled AVG protection (including Firewall): Slowed down disk access. I am computer literate but lack the tools and knowledge about this type of problem. I'm hoping someone will guide me thru this agravating spot I've gotten myself into. Thanks in advance. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/11/2012 1:54:02 PM System Uptime: 8/19/2013 11:33:05 AM (0 hours ago) . Motherboard: Intel Corporation | | DH77KC Processor: Intel® Core i7-3770K CPU @ 3.50GHz | CPU 1 | 3501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 477 GiB total, 400.619 GiB free. D: is FIXED (NTFS) - 932 GiB total, 619.778 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP102: 7/8/2013 1:18:40 PM - Scheduled Checkpoint RP103: 7/16/2013 11:19:36 AM - Scheduled Checkpoint RP104: 7/23/2013 1:12:57 PM - Scheduled Checkpoint RP105: 7/25/2013 11:09:59 AM - Windows Update RP106: 7/31/2013 2:09:34 PM - Installed Arts & Letters EXPRESS 8.0. RP107: 8/8/2013 12:38:51 PM - Scheduled Checkpoint RP108: 8/15/2013 12:59:50 PM - Scheduled Checkpoint RP109: 8/18/2013 12:29:42 PM - Windows Update RP110: 8/18/2013 2:20:06 PM - Removed AVG 2012 RP111: 8/18/2013 2:21:07 PM - Removed AVG 2012 RP112: 8/18/2013 2:38:36 PM - Installed AVG 2012 RP113: 8/18/2013 2:38:43 PM - Installed AVG 2012 . ==== Installed Programs ====================== . Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 10 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 10 Adobe Premiere Elements 10 Content Adobe Premiere Elements 10 Content 1 Adobe Premiere Elements 10 Content 2 Adobe Premiere Elements 10 Content 3 Adobe Premiere Elements 10 HD Content 1 Adobe Premiere Elements 10 HD Content 2 Adobe Premiere Elements 10 HD Content 3 Adobe Reader XI (11.0.03) Apple Application Support Apple Software Update Arts & Letters EXPRESS 8.0 AVG 2012 CameraHelperMsi CCleaner DVD Shrink 3.2 DVDFab 8.2.2.8 (26/02/2013) Qt Elements 10 Organizer EPSON Scan erLT EVGA Precision 2.0.4 GoldWave v5.67 GoldWave v5.68 Hallmark Card Studio 2013 Deluxe HP Officejet Pro 8500 A910 Basic Device Software HP Officejet Pro 8500 A910 Help Intel® Management Engine Components Intel® Network Connections 16.8.46.0 Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Ipswitch WS_FTP 12 Java 7 Update 25 Java Auto Updater jv16 PowerTools 2012 Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Macromedia Fireworks 4 Macromedia Flash 5 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2000 Disc 2 Microsoft Office 2000 Premium Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Nero 11 Mini Repack Nero Backup Drivers NVIDIA 3D Vision Controller Driver 285.66 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.2.24.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components OmniForm 5.0 PRE10STI64Installer PSE10 STI Installer PSE11 STI Installer QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Skype™ 6.1 SmartSound Common Data SmartSound Premiere Elements 10 x64 Plugin SmartSound Sonicfire Pro 5 SpeedFan (remove only) SyncToy 2.1 (x64) TeamViewer 8 The Print Shop 3.0 Fonts The Print Shop 3.0 Professional TMPGEnc Video Mastering Works 5 TurboTax 2012 TurboTax 2012 waziper TurboTax 2012 wcaiper TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Visual Studio 2008 x64 Redistributables . ==== Event Viewer Messages From Past Week ======== . 8/19/2013 11:35:19 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 8/19/2013 11:35:19 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 8/19/2013 11:33:14 AM, Error: Service Control Manager [7001] - The SB Recon3D Service service depends on the SB Recon3D HDAudio service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/19/2013 11:33:14 AM, Error: Service Control Manager [7000] - The SB Recon3D HDAudio service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/19/2013 11:06:53 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/19/2013 11:03:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/19/2013 11:03:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/19/2013 11:03:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/19/2013 11:03:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/19/2013 11:03:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/19/2013 11:03:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/19/2013 11:03:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/19/2013 11:03:29 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/18/2013 9:31:20 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AD860E33-3466-4027-B900-77C3C8A66094} because another computer on the network has the same name. The server could not start. 8/18/2013 9:31:20 AM, Error: NetBT [4321] - The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.1.81. The computer with the IP address 192.168.1.80 did not allow the name to be claimed by this computer. 8/18/2013 9:31:16 AM, Error: NetBT [4321] - The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.1.81. The computer with the IP address 192.168.1.80 did not allow the name to be claimed by this computer. 8/18/2013 5:10:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/18/2013 5:10:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6 8/18/2013 1:27:30 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/18/2013 1:27:30 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. . ==== End Of File =========================== ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- DDS.Txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2 Run by Dave at 11:49:59 on 2013-08-19 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16350.14355 [GMT -7:00] . AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe D:\Program Files\Hallmark Card Studio 2013\Planner\PLNRnote.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe D:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [NBAgent] "D:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [QuickTime Task] "D:\Program Files\Quicktime 7.7.3\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" dRun: [20090604] C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.rpd" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - D:\Program Files\Hallmark Card Studio 2013\Planner\PLNRnote.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - D:\Program Files\Microsoft Office\Office\OSA9.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{AD860E33-3466-4027-B900-77C3C8A66094} : DHCPNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-11 16152] R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2013-1-2 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2013-1-2 15920] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-29 55856] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-11 39768] R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-12-11 189608] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-11 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-11 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-11 701512] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R2 TeamViewer8;TeamViewer 8;D:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe [2013-7-16 4153184] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-11 363800] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-21 968880] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-11 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-11 787736] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-11 25928] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-12 14440] S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-12-5 2321560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 CtHdaSvc;SB Recon3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2011-11-3 104448] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608] S3 cthda;SB Recon3D HDAudio;C:\Windows\System32\drivers\cthda.sys [2011-11-4 1265752] S3 CTHDB;SB Recon3D PCIe Audio Bus Filter;C:\Windows\System32\drivers\CtHDb.sys [2011-11-4 24152] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520] S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-10 1255736] . =============== File Associations =============== . FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] ShellExec: FRONTPG.EXE: edit=D:\PROGRA~1\MICROS~1\Office\FRONTPG.EXE . =============== Created Last 30 ================ . 2013-08-18 21:39:13 -------- d-----w- C:\Users\Dave\AppData\Roaming\AVG2012 2013-08-18 21:39:08 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2013-08-18 21:38:58 -------- d--h--w- C:\$AVG 2013-08-18 21:38:58 -------- d-----w- C:\Windows\System32\drivers\AVG 2013-08-18 21:38:58 -------- d-----w- C:\ProgramData\AVG2012 2013-08-18 19:56:13 -------- d-----w- C:\Program Files\CCleaner 2013-08-18 19:33:29 -------- d-----w- C:\Windows\System32\MRT 2013-07-31 21:09:43 9728 ----a-w- C:\Windows\winhlp32_backup.exe 2013-07-31 21:09:39 -------- d-----w- C:\Program Files (x86)\Arts & Letters . ==================== Find3M ==================== . 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-12 17:06:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-12 17:06:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-24 16:54:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-24 16:54:12 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-24 16:54:12 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 1998-12-09 02:53:54 99840 ----a-w- C:\Program Files (x86)\Common Files\IRAABOUT.DLL 1998-12-09 02:53:54 70144 ----a-w- C:\Program Files (x86)\Common Files\IRAMDMTR.DLL 1998-12-09 02:53:54 48640 ----a-w- C:\Program Files (x86)\Common Files\IRALPTTR.DLL 1998-12-09 02:53:54 31744 ----a-w- C:\Program Files (x86)\Common Files\IRAWEBTR.DLL 1998-12-09 02:53:54 186368 ----a-w- C:\Program Files (x86)\Common Files\IRAREG.DLL 1998-12-09 02:53:54 17920 ----a-w- C:\Program Files (x86)\Common Files\IRASRIAL.DLL . ============= FINISH: 11:50:06.61 ===============

Something BAD happened. I ran ComboFix and some how was not able to boot to windows (in reg or safe mod) nor would the latest working registry restore point. I screwed with it for about an hour then decided to restore the backup. So right now I'm at SP2 and a slow IE 8. Will scan and run MBAM tomorrow. If it looks good I'll put PS3 back on. Then I'll post. Npt sure what happened.....