Jump to content

Recommended Posts

Hi,  A couple nights ago, I was on a webpage reading something of interest.   An ad came up that said "Update Google Chrome."  I stupidly clicked on it without even thinking.   Many, many popups filled my screen and the page I was reading was gone.  Internet Explorer was also installed on my computer.  (I use Chrome.)   I used some cleaners, including Malwarebytes to clean up the mess, in between my colorful language because I was SO stupid to click!!  Control Panel came in handy to "uninstall, also."   Anyway after a lot of playing, scanning and removing, I thought I had everything resolved.  I had to reinstall Microsoft Office Starter because I kept getting "configuration errors."   It was just a MESS!   So, this evening while on another web page, I get a full size pop up that was "sponsor.adverstitial.com"  Spent some time looking for information on THAT, and then decided to run Malwarebytes again.   Now I get this lovely PUM.Bad.Proxy, Category, Registry Value, etc.   I truly need some help to get rid of this because anything I've read on that  is NOT GOOD!  (I'm pretty sure I removed or quarantined it last evening ... somewhere I read that it comes back.)  I would appreciate if someone could walk me through the process.  I'm not a computer technician, but I can usually find my way around a hard drive with no problem.   Also, would this problem only be on my main hard drive, or does it travel to my external hard drive also?   Thanks!  Pat O

Link to post
Share on other sites

Welcome to the forum.

First:

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS may not run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks, Mr. C!   Here goes:  

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.17.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Pat :: MININT-ALOG0PC [administrator]
 
3/16/2014 10:02:24 PM
MBAM-log-2014-03-16 (22-05-25).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226685
Time elapsed: 2 minute(s), 8 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
==============================================================================
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Pat at 22:08:48 on 2014-03-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6038.3971 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Users\Pat\AppData\Local\Apps\2.0\YOXQPG0L.VKR\QAJ1NXHJ.45Y\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = www.dell.com
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [DellSystemDetect] C:\Users\Pat\AppData\Local\Apps\2.0\YOXQPG0L.VKR\QAJ1NXHJ.45Y\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe -update activex
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPODDT~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: dell.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3325F528-2706-45C0-9FB1-661FDE3E52BC} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3325F528-2706-45C0-9FB1-661FDE3E52BC}\34275616475644275616D6C4966756 : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-23 55856]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-23 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-9-19 250200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesService64.exe [2013-12-18 2102072]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-23 172704]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-23 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-23 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-23 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-23 412264]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesDriver64.sys [2013-12-16 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-23 158976]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-23 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-6 1255736]
.
=============== Created Last 30 ================
.
2014-03-14 17:26:35 -------- d-----w- C:\Windows\PCHEALTH
2014-03-14 17:26:35 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-03-14 16:55:50 -------- d-----w- C:\Users\Pat\AppData\Local\Cyberlink
2014-03-14 16:25:00 40248 ----a-w- C:\Windows\System32\TURegOpt.exe
2014-03-14 16:25:00 29496 ----a-w- C:\Windows\System32\authuitu.dll
2014-03-14 16:25:00 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2014-03-14 16:23:38 -------- d-----w- C:\ProgramData\AVG
2014-03-14 16:23:13 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-14 16:09:10 -------- d-----w- C:\AdwCleaner
2014-03-14 08:18:48 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-13 21:23:43 -------- d-----w- C:\Windows\Migration
2014-03-13 21:00:32 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-13 21:00:32 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-13 21:00:31 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 21:00:31 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-13 21:00:22 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 21:00:22 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 02:27:50 -------- d-----w- C:\Users\Pat\AppData\Roaming\AVAST Software
2014-03-12 01:49:23 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-12 01:48:49 -------- d-----w- C:\Program Files\AVAST Software
2014-03-12 01:48:09 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-11 05:23:09 1122960 ----a-w- C:\Users\Pat\AppData\Local\nsk3221.tmp
2014-02-27 23:43:58 -------- d-----w- C:\Users\Pat\AppData\Roaming\Dell
2014-02-27 23:43:40 -------- d-----w- C:\ProgramData\PCDr
2014-02-27 23:43:40 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2014-02-27 23:43:40 -------- d-----w- C:\Program Files\Dell Support Center
2014-02-27 23:43:10 -------- d-----w- C:\Program Files\My Dell
2014-02-27 23:41:57 -------- d-----w- C:\Users\Pat\AppData\Roaming\PCDr
2014-02-27 23:41:54 -------- d-----w- C:\temp
2014-02-27 23:36:11 -------- d-----w- C:\Users\Pat\AppData\Local\Deployment
2014-02-27 18:25:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-27 18:25:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-27 18:25:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-27 18:25:48 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-27 18:25:46 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-27 18:25:46 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-27 18:25:46 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-27 18:25:46 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-27 18:23:45 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-02-27 02:54:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-27 02:54:52 -------- d-----w- C:\Program Files\iTunes
2014-02-27 02:54:52 -------- d-----w- C:\Program Files\iPod
2014-02-27 02:54:52 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-01-23 02:30:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-23 02:30:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 22:09:18.26 ===============
=====================================================================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2011 10:04:12 AM
System Uptime: 3/15/2014 11:00:16 PM (23 hours ago)
.
Motherboard: Dell Inc. |  | 0YH79Y
Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU | 1587/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 526.92 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 6.984 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 75 GiB total, 39.361 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 3/11/2014 9:07:14 PM - 3/10/14, 6 p.m.
RP74: 3/11/2014 9:27:46 PM - Restore Operation
RP75: 3/11/2014 9:48:30 PM - avast! antivirus system restore point
RP76: 3/11/2014 10:25:59 PM - avast! antivirus system restore point
RP77: 3/11/2014 11:02:57 PM - 2/27/14, 10:00 p.m.
RP78: 3/11/2014 11:08:05 PM - Restore Operation
RP79: 3/13/2014 5:00:36 PM - Windows Update
RP80: 3/14/2014 4:01:45 AM - Removed Microsoft Office Click-to-Run 2010
RP81: 3/14/2014 4:18:58 AM - Installed SpyHunter
RP82: 3/14/2014 4:52:47 AM - Removed SpyHunter
RP83: 3/14/2014 12:23:45 PM - Installed AVG PC TuneUp 2014
RP84: 3/14/2014 1:23:32 PM - Installed Microsoft Office Web Components
.
==== Installed Programs ======================
.
Apple Mobile Device Support
AVG 2013
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
BearShare
Bonjour
CCleaner
Dell System Detect
Dell Touchpad
Garmin Communicator Plugin x64
Google Chrome
Intel® PROSet/Wireless Software for Bluetooth® Technology
iTunes
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.2
Microsoft IntelliPoint 8.2
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
My Dell
Quickset64
RBVirtualFolder64Inst
Roxio File Backup
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
.
==== Event Viewer Messages From Past Week ========
.
3/15/2014 9:21:14 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
3/14/2014 12:51:43 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFS ntcdrdrv
3/14/2014 12:49:29 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
3/14/2014 12:13:38 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
3/14/2014 12:13:38 PM, Error: Service Control Manager [7000]  - The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/13/2014 6:04:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2925418).
3/13/2014 5:22:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2929733).
3/12/2014 5:31:48 AM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/11/2014 6:40:10 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
3/11/2014 10:15:00 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/11/2014 10:14:30 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
3/11/2014 10:13:28 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================
=============================================================================
 
RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Pat [Admin rights]
Mode : Scan -- Date : 03/16/2014 22:23:15
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Pat\AppData\Local\Apps\2.0\YOXQPG0L.VKR\QAJ1NXHJ.45Y\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-820448776-4151400007-3516740655-1002\[...]\Run : DellSystemDetect (C:\Users\Pat\AppData\Local\Apps\2.0\YOXQPG0L.VKR\QAJ1NXHJ.45Y\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [-]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400BPVT-75HXZT1 +++++
--- User ---
[MBR] a10aa0fff02538bfb9b9063dddba80f7
[bSP] b0aec298f3feff087f25c086775b7c45 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 596477 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221586944 | Size: 14001 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) ST380011 A USB Device +++++
--- User ---
[MBR] 1dd86a8b685889293dd2a26d74fc6a6f
[bSP] 463cc34932e563da15e47b66121d3572 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_03162014_222315.txt >>
 
============================================================================
 
One of the reports says that "Bear Share" is installed (which is a P2P program).   In the flurry of everything going on, Bear Share got uninstalled by one of the clean up programs I used.  However, it was still showing on the Control Panel.  When I clicked it to uninstall, it said "program not found."  Hmmmm...  are there still remnants of that program hanging around?   Thank you for all your help!!
 
Pat O
 
 
Link to post
Share on other sites

Start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.022 - Report created 17/03/2014 at 18:58:29

# Updated 13/03/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Pat - MININT-ALOG0PC

# Running from : C:\Users\Pat\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7200 octets] - [14/03/2014 12:09:43]

AdwCleaner[R2].txt - [933 octets] - [17/03/2014 18:53:38]

AdwCleaner[s0].txt - [7212 octets] - [14/03/2014 12:10:55]

AdwCleaner[s1].txt - [855 octets] - [17/03/2014 18:58:29]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [914 octets] ##########

========================================================================

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.17.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Pat :: MININT-ALOG0PC [administrator]

 

3/17/2014 7:09:06 PM

mbam-log-2014-03-17 (19-09-06).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228268

Time elapsed: 6 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

============

 

Wow!   Looks clean!  Sure hope it doesn't "rebirth".    I will check and see if I need to defragment.   Does it look clean to you?   Thanks so very much for your help!   Beautiful dogs!

 

Pat O

in rainy, icy Clemmons, NC   :)

Link to post
Share on other sites

Lets check..............

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Pat (administrator) on MININT-ALOG0PC on 17-03-2014 22:18:26

Running from C:\Users\Pat\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Dell) C:\Users\Pat\AppData\Local\Apps\2.0\YOXQPG0L.VKR\QAJ1NXHJ.45Y\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Pat\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)

HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-820448776-4151400007-3516740655-1002\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-820448776-4151400007-3516740655-1002\...\Run: [DellSystemDetect] - C:\Users\Pat\AppData\Local\Apps\2.0\YOXQPG0L.VKR\QAJ1NXHJ.45Y\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-02-27] (Dell)

HKU\S-1-5-21-820448776-4151400007-3516740655-1002\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-05] (Google Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

Chrome: 

=======


CHR Plugin: (Shockwave Flash) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Java Platform SE 7 U40) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Extension: (Bloglovin') - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcgnofbabeggkbjcogfmjfaojpdnehm [2013-05-03]

CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]

CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]

CHR Extension: (Local Events and Activities) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gifkhdglojdcphjokffbgbmapcbhedfc [2013-02-23]

CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Extension: (Google Reader) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-10-29]

CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]

 

==================== Services (Whitelisted) =================

 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)

 

==================== Drivers (Whitelisted) ====================

 

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S0 ntcdrdrv; system32\DRIVERS\ntcdrdrv.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-17 22:18 - 2014-03-17 22:18 - 00012260 _____ () C:\Users\Pat\Downloads\FRST.txt

2014-03-17 22:17 - 2014-03-17 22:18 - 00000000 ____D () C:\FRST

2014-03-17 22:16 - 2014-03-17 22:16 - 02157056 _____ (Farbar) C:\Users\Pat\Downloads\FRST64.exe

2014-03-17 20:16 - 2014-03-17 20:17 - 24322678 _____ () C:\Users\Pat\Downloads\retiring_patterns_part_2.zip

2014-03-17 19:00 - 2014-03-17 19:00 - 00000056 _____ () C:\Windows\setupact.log

2014-03-17 19:00 - 2014-03-17 19:00 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-17 18:22 - 2014-03-17 18:22 - 01950720 _____ () C:\Users\Pat\Downloads\AdwCleaner (2).exe

2014-03-17 04:30 - 2014-03-17 04:30 - 63210976 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\PowerPointViewer.exe

2014-03-17 04:30 - 2014-03-17 04:30 - 00000000 ____D () C:\Program Files (x86)\MSECache

2014-03-16 22:23 - 2014-03-16 22:23 - 00002395 _____ () C:\Users\Pat\Desktop\RKreport[0]_S_03162014_222315.txt

2014-03-16 22:20 - 2014-03-16 22:20 - 04497920 _____ () C:\Users\Pat\Desktop\RogueKillerX64 (1).exe

2014-03-16 22:19 - 2014-03-16 22:23 - 00000000 ____D () C:\Users\Pat\Desktop\RK_Quarantine

2014-03-16 22:09 - 2014-03-16 22:17 - 00004629 _____ () C:\Users\Pat\Desktop\attach.txt

2014-03-16 22:09 - 2014-03-16 22:09 - 00016169 _____ () C:\Users\Pat\Desktop\dds.txt

2014-03-16 22:08 - 2014-03-16 22:08 - 00688992 ____R (Swearware) C:\Users\Pat\Downloads\dds.scr

2014-03-16 22:08 - 2014-03-16 22:08 - 00000000 ___RD () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-03-16 02:41 - 2014-03-16 02:41 - 00000084 _____ () C:\Users\Pat\Desktop\Need Help to Remove PUM.Bad.Proxy - Malware Removal Help - Malwarebytes Forum.url

2014-03-15 15:34 - 2014-03-15 15:34 - 00000000 __RHD () C:\MSOCache

2014-03-15 10:26 - 2014-03-15 10:26 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2014-03-14 13:26 - 2014-03-14 13:26 - 00000000 ____D () C:\Windows\PCHEALTH

2014-03-14 13:26 - 2014-03-14 13:26 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-03-14 13:26 - 2014-03-14 13:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\Users\Pat\Documents\CyberLink

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\CyberLink

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\Users\Pat\AppData\Local\Cyberlink

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\ProgramData\CyberLink

2014-03-14 12:52 - 2014-03-17 15:08 - 00126344 _____ () C:\Users\Pat\AppData\Local\GDIPFONTCACHEV1.DAT

2014-03-14 12:50 - 2014-03-17 19:00 - 00455840 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-14 12:42 - 2014-03-14 12:42 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler

2014-03-14 12:25 - 2013-12-18 09:38 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe

2014-03-14 12:25 - 2013-12-18 09:38 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll

2014-03-14 12:25 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll

2014-03-14 12:24 - 2014-03-14 12:24 - 00002231 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2014-03-14 12:24 - 2014-03-14 12:24 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk

2014-03-14 12:23 - 2014-03-14 12:42 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-03-14 12:23 - 2014-03-14 12:25 - 00000000 ____D () C:\ProgramData\AVG

2014-03-14 12:22 - 2014-03-14 12:22 - 78353832 _____ (AVG) C:\Users\Pat\Downloads\avg_tuht_stf_all_2014_295.exe

2014-03-14 12:09 - 2014-03-17 18:58 - 00000000 ____D () C:\AdwCleaner

2014-03-14 12:08 - 2014-03-14 12:08 - 01950720 _____ () C:\Users\Pat\Downloads\AdwCleaner (1).exe

2014-03-14 11:32 - 2014-03-14 12:50 - 00001712 _____ () C:\Windows\PFRO.log

2014-03-14 05:09 - 2014-03-14 05:09 - 00180000 _____ (Kaspersky Lab) C:\Users\Pat\Downloads\kss12.0.1.117EN_RU_DE_FR_2926 (1).exe

2014-03-14 05:05 - 2014-03-14 05:06 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Downloads\tdsskiller (1).exe

2014-03-14 04:19 - 2014-03-14 04:19 - 00000000 _____ () C:\autoexec.bat

2014-03-14 04:16 - 2014-03-14 04:16 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pat\Downloads\SpyHunter-Installer.exe

2014-03-14 04:07 - 2014-03-14 04:07 - 00003146 _____ () C:\Windows\System32\Tasks\{91EC9130-86F4-4152-BA4F-E4544B9D52BD}

2014-03-14 04:06 - 2014-03-14 04:06 - 01632144 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\setupconsumerc2rolw.exe

2014-03-13 18:02 - 2014-03-13 18:02 - 00001419 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-03-13 18:02 - 2014-03-13 18:02 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-03-13 17:55 - 2014-03-13 17:55 - 00280204 _____ () C:\Users\Pat\Downloads\WindowsUpdateDiagnostic.diagcab

2014-03-13 17:22 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2014-03-13 17:09 - 2014-03-13 17:09 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-13 17:09 - 2014-03-13 17:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-13 17:09 - 2014-03-13 17:09 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-13 17:09 - 2014-03-13 17:09 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-13 17:09 - 2014-03-13 17:09 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-03-13 17:09 - 2014-03-13 17:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-03-13 17:09 - 2014-03-13 17:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-03-13 17:09 - 2014-03-13 17:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-03-13 17:09 - 2014-03-13 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-03-13 17:09 - 2014-03-13 17:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-03-13 17:09 - 2014-03-13 17:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-13 17:00 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-13 17:00 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-13 17:00 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-13 17:00 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-13 17:00 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-13 17:00 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-11 22:27 - 2014-03-11 22:27 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\AVAST Software

2014-03-11 21:49 - 2014-03-11 21:49 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files\AVAST Software

2014-03-11 17:48 - 2014-03-11 17:48 - 01041920 _____ () C:\Users\Pat\Downloads\MicrosoftFixit50599.msi

2014-03-11 05:25 - 2014-03-11 05:25 - 00000017 _____ () C:\Users\Pat\AppData\Local\resmon.resmoncfg

2014-03-11 03:08 - 2014-03-11 03:08 - 00821760 _____ (Browser Opt-out) C:\Users\Pat\Downloads\uninstall.exe

2014-03-11 01:27 - 2014-03-11 01:27 - 00000000 ___RD () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-11 01:23 - 2014-03-11 01:23 - 01122960 _____ (AnyProtect.com) C:\Users\Pat\AppData\Local\nsk3221.tmp

2014-03-11 01:22 - 2014-03-11 01:22 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-03-10 05:17 - 2014-03-11 03:08 - 00003006 _____ () C:\Windows\System32\Tasks\{EAA8BF05-EA41-40FD-84B1-B2F916A56D4C}

2014-03-10 05:16 - 2014-03-11 03:08 - 00003006 _____ () C:\Windows\System32\Tasks\{9DD4AC70-B708-494E-AB35-E52CAC2FC68F}

2014-02-27 19:43 - 2014-03-11 03:08 - 00003442 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dell

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\ProgramData\PCDr

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\Program Files\My Dell

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\Program Files\Dell Support Center

2014-02-27 19:41 - 2014-02-27 19:41 - 00404048 _____ () C:\Users\Pat\Downloads\DellSystemDetect (1).exe

2014-02-27 19:41 - 2014-02-27 19:41 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\PCDr

2014-02-27 19:36 - 2014-02-28 03:41 - 00000000 ____D () C:\Users\Pat\AppData\Local\Deployment

2014-02-27 19:35 - 2014-02-27 19:35 - 00404048 _____ () C:\Users\Pat\Downloads\DellSystemDetect.exe

2014-02-27 17:53 - 2014-02-27 17:53 - 00006492 _____ () C:\Users\Pat\Documents\cc_20140227_165303.reg

2014-02-27 14:26 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-27 14:26 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-27 14:26 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-27 14:26 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-27 14:26 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-27 14:26 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-27 14:26 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-27 14:26 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-27 14:26 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-27 14:26 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-27 14:26 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-27 14:26 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-27 14:26 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-27 14:26 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-27 14:26 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-27 14:26 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-27 14:26 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-27 14:26 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-27 14:26 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-02-27 14:26 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-02-27 14:26 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-02-27 14:26 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-02-27 14:26 - 2013-11-26 21:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-02-27 14:26 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-02-27 14:26 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-02-27 14:25 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-27 14:25 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-27 14:25 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-27 14:25 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-27 14:25 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-27 14:25 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-27 14:25 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-27 14:25 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-27 14:25 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-27 14:25 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-27 14:23 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-02-26 22:55 - 2014-02-26 22:55 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-02-26 22:54 - 2014-02-26 22:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-02-26 22:54 - 2014-02-26 22:55 - 00000000 ____D () C:\Program Files\iTunes

2014-02-26 22:54 - 2014-02-26 22:55 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-02-26 22:54 - 2014-02-26 22:54 - 00000000 ____D () C:\Program Files\iPod

2014-02-26 06:51 - 2014-02-26 06:52 - 04765152 _____ (Piriform Ltd) C:\Users\Pat\Downloads\ccsetup411.exe

2014-02-25 18:51 - 2014-02-25 18:51 - 01324940 _____ () C:\Users\Pat\Downloads\NetStumblerInstaller_0_4_0.exe

2014-02-24 17:58 - 2014-02-24 17:58 - 00000078 _____ () C:\Users\Pat\Desktop\https---access247.ginkgoresidential.com-default.aspx.url

2014-02-19 23:47 - 2014-02-19 23:47 - 00000066 _____ () C:\Users\Pat\Desktop\Digestive Health Specialists, P.A. - Winston-Salem Advance Kernersville Thomasville North Carolina.url

 

==================== One Month Modified Files and Folders =======

 

2014-03-17 22:18 - 2014-03-17 22:18 - 00012260 _____ () C:\Users\Pat\Downloads\FRST.txt

2014-03-17 22:18 - 2014-03-17 22:17 - 00000000 ____D () C:\FRST

2014-03-17 22:16 - 2014-03-17 22:16 - 02157056 _____ (Farbar) C:\Users\Pat\Downloads\FRST64.exe

2014-03-17 22:05 - 2011-10-05 17:49 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-17 21:22 - 2011-10-13 23:07 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-820448776-4151400007-3516740655-1002UA.job

2014-03-17 20:17 - 2014-03-17 20:16 - 24322678 _____ () C:\Users\Pat\Downloads\retiring_patterns_part_2.zip

2014-03-17 19:08 - 2009-07-14 00:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-17 19:08 - 2009-07-14 00:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-17 19:04 - 2011-09-23 20:42 - 01586053 _____ () C:\Windows\WindowsUpdate.log

2014-03-17 19:03 - 2013-02-27 05:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-17 19:03 - 2011-10-05 17:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-17 19:01 - 2011-10-05 17:49 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-17 19:00 - 2014-03-17 19:00 - 00000056 _____ () C:\Windows\setupact.log

2014-03-17 19:00 - 2014-03-17 19:00 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-17 19:00 - 2014-03-14 12:50 - 00455840 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-17 19:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-17 18:58 - 2014-03-14 12:09 - 00000000 ____D () C:\AdwCleaner

2014-03-17 18:58 - 2011-10-08 13:25 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SoftGrid Client

2014-03-17 18:22 - 2014-03-17 18:22 - 01950720 _____ () C:\Users\Pat\Downloads\AdwCleaner (2).exe

2014-03-17 17:40 - 2011-11-06 11:26 - 00000000 ____D () C:\ProgramData\MFAData

2014-03-17 15:08 - 2014-03-14 12:52 - 00126344 _____ () C:\Users\Pat\AppData\Local\GDIPFONTCACHEV1.DAT

2014-03-17 04:30 - 2014-03-17 04:30 - 63210976 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\PowerPointViewer.exe

2014-03-17 04:30 - 2014-03-17 04:30 - 00000000 ____D () C:\Program Files (x86)\MSECache

2014-03-17 04:24 - 2011-10-10 13:58 - 00000000 ____D () C:\Users\Pat\Documents\My PSP Files

2014-03-16 22:23 - 2014-03-16 22:23 - 00002395 _____ () C:\Users\Pat\Desktop\RKreport[0]_S_03162014_222315.txt

2014-03-16 22:23 - 2014-03-16 22:19 - 00000000 ____D () C:\Users\Pat\Desktop\RK_Quarantine

2014-03-16 22:20 - 2014-03-16 22:20 - 04497920 _____ () C:\Users\Pat\Desktop\RogueKillerX64 (1).exe

2014-03-16 22:17 - 2014-03-16 22:09 - 00004629 _____ () C:\Users\Pat\Desktop\attach.txt

2014-03-16 22:09 - 2014-03-16 22:09 - 00016169 _____ () C:\Users\Pat\Desktop\dds.txt

2014-03-16 22:08 - 2014-03-16 22:08 - 00688992 ____R (Swearware) C:\Users\Pat\Downloads\dds.scr

2014-03-16 22:08 - 2014-03-16 22:08 - 00000000 ___RD () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-03-16 17:31 - 2011-10-13 23:07 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-820448776-4151400007-3516740655-1002Core.job

2014-03-16 02:41 - 2014-03-16 02:41 - 00000084 _____ () C:\Users\Pat\Desktop\Need Help to Remove PUM.Bad.Proxy - Malware Removal Help - Malwarebytes Forum.url

2014-03-16 01:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-15 15:34 - 2014-03-15 15:34 - 00000000 __RHD () C:\MSOCache

2014-03-15 13:04 - 2011-10-10 14:03 - 00002265 _____ () C:\Users\Pat\Desktop\Photobucket.website

2014-03-15 10:26 - 2014-03-15 10:26 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2014-03-15 08:27 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-14 16:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-03-14 13:27 - 2011-10-08 13:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\TP

2014-03-14 13:26 - 2014-03-14 13:26 - 00000000 ____D () C:\Windows\PCHEALTH

2014-03-14 13:26 - 2014-03-14 13:26 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-03-14 13:26 - 2014-03-14 13:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client

2014-03-14 13:26 - 2011-10-08 13:24 - 00800096 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-03-14 13:26 - 2011-09-23 21:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office

2014-03-14 13:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\Users\Pat\Documents\CyberLink

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\CyberLink

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\Users\Pat\AppData\Local\Cyberlink

2014-03-14 12:55 - 2014-03-14 12:55 - 00000000 ____D () C:\ProgramData\CyberLink

2014-03-14 12:50 - 2014-03-14 11:32 - 00001712 _____ () C:\Windows\PFRO.log

2014-03-14 12:42 - 2014-03-14 12:42 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler

2014-03-14 12:42 - 2014-03-14 12:23 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-03-14 12:25 - 2014-03-14 12:23 - 00000000 ____D () C:\ProgramData\AVG

2014-03-14 12:24 - 2014-03-14 12:24 - 00002231 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2014-03-14 12:24 - 2014-03-14 12:24 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk

2014-03-14 12:24 - 2012-06-01 02:25 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\AVG

2014-03-14 12:22 - 2014-03-14 12:22 - 78353832 _____ (AVG) C:\Users\Pat\Downloads\avg_tuht_stf_all_2014_295.exe

2014-03-14 12:08 - 2014-03-14 12:08 - 01950720 _____ () C:\Users\Pat\Downloads\AdwCleaner (1).exe

2014-03-14 05:09 - 2014-03-14 05:09 - 00180000 _____ (Kaspersky Lab) C:\Users\Pat\Downloads\kss12.0.1.117EN_RU_DE_FR_2926 (1).exe

2014-03-14 05:06 - 2014-03-14 05:05 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Downloads\tdsskiller (1).exe

2014-03-14 04:19 - 2014-03-14 04:19 - 00000000 _____ () C:\autoexec.bat

2014-03-14 04:16 - 2014-03-14 04:16 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Pat\Downloads\SpyHunter-Installer.exe

2014-03-14 04:07 - 2014-03-14 04:07 - 00003146 _____ () C:\Windows\System32\Tasks\{91EC9130-86F4-4152-BA4F-E4544B9D52BD}

2014-03-14 04:06 - 2014-03-14 04:06 - 01632144 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\setupconsumerc2rolw.exe

2014-03-14 03:08 - 2011-09-23 23:33 - 00000000 ____D () C:\Windows\Panther

2014-03-13 18:04 - 2013-03-22 16:03 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Mp3tag

2014-03-13 18:02 - 2014-03-13 18:02 - 00001419 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-03-13 18:02 - 2014-03-13 18:02 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-03-13 17:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-03-13 17:55 - 2014-03-13 17:55 - 00280204 _____ () C:\Users\Pat\Downloads\WindowsUpdateDiagnostic.diagcab

2014-03-13 17:09 - 2014-03-13 17:09 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-13 17:09 - 2014-03-13 17:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-13 17:09 - 2014-03-13 17:09 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-13 17:09 - 2014-03-13 17:09 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-13 17:09 - 2014-03-13 17:09 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-03-13 17:09 - 2014-03-13 17:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-03-13 17:09 - 2014-03-13 17:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-03-13 17:09 - 2014-03-13 17:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-03-13 17:09 - 2014-03-13 17:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-03-13 17:09 - 2014-03-13 17:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-03-13 17:09 - 2014-03-13 17:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-03-13 17:09 - 2014-03-13 17:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-03-13 17:09 - 2014-03-13 17:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-13 17:05 - 2013-10-03 22:20 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-13 17:02 - 2011-10-10 09:58 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-12 04:51 - 2013-10-29 22:40 - 00000000 ____D () C:\Users\Pat\SecurityScans

2014-03-12 04:51 - 2011-10-05 10:04 - 00000000 ____D () C:\Users\Pat

2014-03-12 03:00 - 2013-11-06 23:36 - 00000000 ____D () C:\Users\Pat\AppData\Local\BearShare

2014-03-11 23:22 - 2010-11-21 03:16 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-03-11 23:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration

2014-03-11 22:27 - 2014-03-11 22:27 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\AVAST Software

2014-03-11 21:49 - 2014-03-11 21:49 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files\AVAST Software

2014-03-11 17:48 - 2014-03-11 17:48 - 01041920 _____ () C:\Users\Pat\Downloads\MicrosoftFixit50599.msi

2014-03-11 05:25 - 2014-03-11 05:25 - 00000017 _____ () C:\Users\Pat\AppData\Local\resmon.resmoncfg

2014-03-11 03:08 - 2014-03-11 03:08 - 00821760 _____ (Browser Opt-out) C:\Users\Pat\Downloads\uninstall.exe

2014-03-11 03:08 - 2014-03-10 05:17 - 00003006 _____ () C:\Windows\System32\Tasks\{EAA8BF05-EA41-40FD-84B1-B2F916A56D4C}

2014-03-11 03:08 - 2014-03-10 05:16 - 00003006 _____ () C:\Windows\System32\Tasks\{9DD4AC70-B708-494E-AB35-E52CAC2FC68F}

2014-03-11 03:08 - 2014-02-27 19:43 - 00003442 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-03-11 03:08 - 2013-08-11 13:01 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-03-11 03:08 - 2012-12-23 03:28 - 00003010 _____ () C:\Windows\System32\Tasks\{BB4AADCA-0373-4D08-9327-9B1200AD6AAB}

2014-03-11 03:08 - 2011-11-06 11:30 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute

2014-03-11 01:27 - 2014-03-11 01:27 - 00000000 ___RD () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-11 01:26 - 2011-10-05 17:49 - 00000000 ____D () C:\Program Files (x86)\Google

2014-03-11 01:23 - 2014-03-11 01:23 - 01122960 _____ (AnyProtect.com) C:\Users\Pat\AppData\Local\nsk3221.tmp

2014-03-11 01:22 - 2014-03-11 01:22 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-03-11 01:22 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-03-11 01:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-02-28 03:41 - 2014-02-27 19:36 - 00000000 ____D () C:\Users\Pat\AppData\Local\Deployment

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dell

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\ProgramData\PCDr

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\Program Files\My Dell

2014-02-27 19:43 - 2014-02-27 19:43 - 00000000 ____D () C:\Program Files\Dell Support Center

2014-02-27 19:41 - 2014-02-27 19:41 - 00404048 _____ () C:\Users\Pat\Downloads\DellSystemDetect (1).exe

2014-02-27 19:41 - 2014-02-27 19:41 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\PCDr

2014-02-27 19:36 - 2013-02-04 10:59 - 00000000 ____D () C:\Users\Pat\AppData\Local\Apps\2.0

2014-02-27 19:35 - 2014-02-27 19:35 - 00404048 _____ () C:\Users\Pat\Downloads\DellSystemDetect.exe

2014-02-27 17:53 - 2014-02-27 17:53 - 00006492 _____ () C:\Users\Pat\Documents\cc_20140227_165303.reg

2014-02-26 22:55 - 2014-02-26 22:55 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-02-26 22:55 - 2014-02-26 22:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-02-26 22:55 - 2014-02-26 22:54 - 00000000 ____D () C:\Program Files\iTunes

2014-02-26 22:55 - 2014-02-26 22:54 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-02-26 22:54 - 2014-02-26 22:54 - 00000000 ____D () C:\Program Files\iPod

2014-02-26 06:52 - 2014-02-26 06:51 - 04765152 _____ (Piriform Ltd) C:\Users\Pat\Downloads\ccsetup411.exe

2014-02-26 06:52 - 2013-08-11 13:01 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-02-26 06:52 - 2013-08-11 13:01 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-25 18:51 - 2014-02-25 18:51 - 01324940 _____ () C:\Users\Pat\Downloads\NetStumblerInstaller_0_4_0.exe

2014-02-24 17:58 - 2014-02-24 17:58 - 00000078 _____ () C:\Users\Pat\Desktop\https---access247.ginkgoresidential.com-default.aspx.url

2014-02-19 23:47 - 2014-02-19 23:47 - 00000066 _____ () C:\Users\Pat\Desktop\Digestive Health Specialists, P.A. - Winston-Salem Advance Kernersville Thomasville North Carolina.url

2014-02-16 12:00 - 2011-10-05 17:49 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-16 12:00 - 2011-10-05 17:49 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

 

Some content of TEMP:

====================

C:\Users\Pat\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Pat\AppData\Local\Temp\Quarantine.exe

C:\Users\Pat\AppData\Local\Temp\SHSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-12 16:02

 

==================== End Of Log ============================Addition.txt

 

Hope I did this right, and am glad YOU understand all this!   Thanks SO much!

 

Pat O

Link to post
Share on other sites

Use your CCleaner to clean out temp files

Next:

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then if there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

CCleaner was run.

 

==================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Pat at 2014-03-19 05:22:09 Run:1
Running from C:\Users\Pat\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
CHR Plugin: (Google Update) - C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Local Events and Activities) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gifkhdglojdcphjokffbgbmapcbhedfc [2013-02-23]
C:\Users\Pat\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\SHSetup.exe
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\Users\Pat\Desktop\Photobucket.website:DESTICON_msallalbums113164064
AlternateDataStreams: C:\Users\Pat\Desktop\Photobucket.website:DESTICON_msfollowing-435692320
AlternateDataStreams: C:\Users\Pat\Desktop\Photobucket.website:DESTICON_msorganizer-688415607
AlternateDataStreams: C:\Users\Pat\Desktop\Photobucket.website:DESTICON_msstats-1368337259
AlternateDataStreams: C:\Users\Pat\Desktop\Photobucket.website:TASKICON_0msmyhome417242662
AlternateDataStreams: C:\Users\Pat\Desktop\Photobucket.website:TASKICON_1msfindstuff1857271262
 
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
C:\Users\Pat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gifkhdglojdcphjokffbgbmapcbhedfc => Moved successfully.
"C:\Users\Pat\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found.
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Users\Pat\AppData\Local\Temp\SHSetup.exe" => File/Directory not found.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\Users\Pat\Desktop\Photobucket.website => ":DESTICON_msallalbums113164064" ADS removed successfully.
C:\Users\Pat\Desktop\Photobucket.website => ":DESTICON_msfollowing-435692320" ADS removed successfully.
C:\Users\Pat\Desktop\Photobucket.website => ":DESTICON_msorganizer-688415607" ADS removed successfully.
C:\Users\Pat\Desktop\Photobucket.website => ":DESTICON_msstats-1368337259" ADS removed successfully.
C:\Users\Pat\Desktop\Photobucket.website => ":TASKICON_0msmyhome417242662" ADS removed successfully.
C:\Users\Pat\Desktop\Photobucket.website => ":TASKICON_1msfindstuff1857271262" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AVG PC TuneUp 2014  
 AVG PC TuneUp 2014 (en-US) 
 Google Chrome 33.0.1750.149  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log`````````````````````` 
 
==================================
 
As usual, sincere thanks for all you are doing.  I need to do some cleanup and organizing (downloads to their proper folders, etc.)  I have an external hard drive where most of my "valuable" stuff is kept.  Hope the system security check was good.  Have NO idea what you did with the Fixlist, but I'm sure it was for my benefit!    :)   Yup .... its 5:44 a.m. in Clemmons, NC and I'm still up .... wish my system clock could be fixed as easily as this computer!!  My days and nights need adjusting!!
 
Pat O
Link to post
Share on other sites

The logs looks OK

For your clock problem, post at the forum below...it's a tech forum and they should be able to help you:

http://forums.whatthetech.com/index.php?showforum=119

----------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Thank you SO much.  Spent several hours cleaning up C drive, reading tutorials,  defragging, and looking for things on my computer.   Some of your links are outdated in that they don't have instructions for Windows 7, but I managed to figure it out.  So far, so good.  Firewall, AntiVirus, Malwarebytes, cCleaner, etc.    More playing tomorrow to make sure the computer is as secure as possible.  FYI, I don't have a clock problem with the computer, its my internal (body) clock that needs help.   Wish there were a program to help that!   Will leave feedback, and my sincere thanks for your time and expertise!

 

Pat O

Clemmons, NC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.